andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Charts CI 

```
Updated:
  argo/argo-cd:
    - 6.7.18
  jenkins/jenkins:
    - 5.1.8
  new-relic/nri-bundle:
    - 5.0.75
  speedscale/speedscale-operator:
    - 2.1.296
  traefik/traefik:
    - 28.0.0
```
pull/1013/head
github-actions[bot] 2024-05-01 00:57:20 +00:00
parent d3a78eb43e
commit 96f29dd271
58 changed files with 1418 additions and 3025 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/argo/argo-cd-6.7.17.tgz
View File

Binary file not shown.

BIN
assets/argo/argo-cd-6.7.18.tgz Normal file
View File

Binary file not shown.

BIN
assets/jenkins/jenkins-5.1.8.tgz Normal file
View File

Binary file not shown.

BIN
assets/new-relic/nri-bundle-5.0.75.tgz Normal file
View File

Binary file not shown.

BIN
assets/speedscale/speedscale-operator-2.1.296.tgz Normal file
View File

Binary file not shown.

BIN
assets/traefik/traefik-28.0.0.tgz Normal file
View File

Binary file not shown.

8
charts/argo/argo-cd/Chart.yaml
View File

@ -1,7 +1,7 @@
annotations:
artifacthub.io/changes: |
- kind: added
description: JQ Path expression timeout
- kind: changed
description: Bump argo-cd to v2.10.9
artifacthub.io/signKey: |
fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
url: https://argoproj.github.io/argo-helm/pgp_keys.asc
@ -11,7 +11,7 @@ annotations:
catalog.cattle.io/kube-version: '>=1.23.0-0'
catalog.cattle.io/release-name: argo-cd
apiVersion: v2
appVersion: v2.10.8
appVersion: v2.10.9
dependencies:
- condition: redis-ha.enabled
name: redis-ha
@ -33,4 +33,4 @@ name: argo-cd
sources:
- https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd
- https://github.com/argoproj/argo-cd
version: 6.7.17
version: 6.7.18

4
charts/jenkins/jenkins/CHANGELOG.md
View File

@ -12,6 +12,10 @@ Use the following links to reference issues, PRs, and commits prior to v2.6.0.
The changelog until v1.5.7 was auto-generated based on git commits.
Those entries include a reference to the git commit to be able to get more details.
## 5.1.8
Update `kubernetes` to version `4209.vc646b_71e5269`
## 5.1.7
Update `kubernetes` to version `4208.v4017b_a_27a_d67`

4
charts/jenkins/jenkins/Chart.yaml
View File

@ -1,7 +1,7 @@
annotations:
artifacthub.io/category: integration-delivery
artifacthub.io/changes: |
- Update `kubernetes` to version `4208.v4017b_a_27a_d67`
- Update `kubernetes` to version `4209.vc646b_71e5269`
artifacthub.io/images: |
- name: jenkins
image: docker.io/jenkins/jenkins:2.440.3-jdk17
@ -50,4 +50,4 @@ sources:
- https://github.com/maorfr/kube-tasks
- https://github.com/jenkinsci/configuration-as-code-plugin
type: application
version: 5.1.7
version: 5.1.8

2
charts/jenkins/jenkins/VALUES.md
View File

@ -155,7 +155,7 @@ The following tables list the configurable parameters of the Jenkins chart and t
| [controller.initializeOnce](./values.yaml#L414) | bool | Initialize only on first installation. Ensures plugins do not get updated inadvertently. Requires `persistence.enabled` to be set to `true` | `false` |
| [controller.installLatestPlugins](./values.yaml#L403) | bool | Download the minimum required version or latest version of all dependencies | `true` |
| [controller.installLatestSpecifiedPlugins](./values.yaml#L406) | bool | Set to true to download the latest version of any plugin that is requested to have the latest version | `false` |
| [controller.installPlugins](./values.yaml#L395) | list | List of Jenkins plugins to install. If you don't want to install plugins, set it to `false` | `["kubernetes:4208.v4017b_a_27a_d67","workflow-aggregator:596.v8c21c963d92d","git:5.2.1","configuration-as-code:1775.v810dc950b_514"]` |
| [controller.installPlugins](./values.yaml#L395) | list | List of Jenkins plugins to install. If you don't want to install plugins, set it to `false` | `["kubernetes:4209.vc646b_71e5269","workflow-aggregator:596.v8c21c963d92d","git:5.2.1","configuration-as-code:1775.v810dc950b_514"]` |
| [controller.javaOpts](./values.yaml#L156) | string | Append to `JAVA_OPTS` env var | `nil` |
| [controller.jenkinsAdminEmail](./values.yaml#L96) | string | Email address for the administrator of the Jenkins instance | `nil` |
| [controller.jenkinsHome](./values.yaml#L101) | string | Custom Jenkins home path | `"/var/jenkins_home"` |

2
charts/jenkins/jenkins/values.yaml
View File

@ -393,7 +393,7 @@ controller:
# Plugins will be installed during Jenkins controller start
# -- List of Jenkins plugins to install. If you don't want to install plugins, set it to `false`
installPlugins:
- kubernetes:4208.v4017b_a_27a_d67
- kubernetes:4209.vc646b_71e5269
- workflow-aggregator:596.v8c21c963d92d
- git:5.2.1
- configuration-as-code:1775.v810dc950b_514

14
charts/new-relic/nri-bundle/Chart.lock
View File

@ -1,16 +1,16 @@
dependencies:
- name: newrelic-infrastructure
repository: https://newrelic.github.io/nri-kubernetes
version: 3.33.3
version: 3.33.4
- name: nri-prometheus
repository: https://newrelic.github.io/nri-prometheus
version: 2.1.17
- name: newrelic-prometheus-agent
repository: https://newrelic.github.io/newrelic-prometheus-configurator
version: 1.12.0
version: 1.13.0
- name: nri-metadata-injection
repository: https://newrelic.github.io/k8s-metadata-injection
version: 4.18.4
version: 4.19.0
- name: newrelic-k8s-metrics-adapter
repository: https://newrelic.github.io/newrelic-k8s-metrics-adapter
version: 1.10.2
@ -19,10 +19,10 @@ dependencies:
version: 5.12.1
- name: nri-kube-events
repository: https://newrelic.github.io/nri-kube-events
version: 3.9.5
version: 3.9.6
- name: newrelic-logging
repository: https://newrelic.github.io/helm-charts
version: 1.21.2
version: 1.21.3
- name: newrelic-pixie
repository: https://newrelic.github.io/helm-charts
version: 2.1.4
@ -32,5 +32,5 @@ dependencies:
- name: newrelic-infra-operator
repository: https://newrelic.github.io/newrelic-infra-operator
version: 2.10.0
digest: sha256:0c565318deb31a2ec54376d6ca173c4a2bcd44c3904ad5d9fbe315eabbbceeb2
generated: "2024-04-22T14:27:28.039217268Z"
digest: sha256:6917aeb854737d43d0cd3847024cc421030faae27eebb90bd8646d0953ab412f
generated: "2024-04-29T15:29:01.302193264Z"

12
charts/new-relic/nri-bundle/Chart.yaml
View File

@ -7,7 +7,7 @@ dependencies:
- condition: infrastructure.enabled,newrelic-infrastructure.enabled
name: newrelic-infrastructure
repository: file://./charts/newrelic-infrastructure
version: 3.33.3
version: 3.33.4
- condition: prometheus.enabled,nri-prometheus.enabled
name: nri-prometheus
repository: file://./charts/nri-prometheus
@ -15,11 +15,11 @@ dependencies:
- condition: newrelic-prometheus-agent.enabled
name: newrelic-prometheus-agent
repository: file://./charts/newrelic-prometheus-agent
version: 1.12.0
version: 1.13.0
- condition: webhook.enabled,nri-metadata-injection.enabled
name: nri-metadata-injection
repository: file://./charts/nri-metadata-injection
version: 4.18.4
version: 4.19.0
- condition: metrics-adapter.enabled,newrelic-k8s-metrics-adapter.enabled
name: newrelic-k8s-metrics-adapter
repository: file://./charts/newrelic-k8s-metrics-adapter
@ -31,11 +31,11 @@ dependencies:
- condition: kubeEvents.enabled,nri-kube-events.enabled
name: nri-kube-events
repository: file://./charts/nri-kube-events
version: 3.9.5
version: 3.9.6
- condition: logging.enabled,newrelic-logging.enabled
name: newrelic-logging
repository: file://./charts/newrelic-logging
version: 1.21.2
version: 1.21.3
- condition: newrelic-pixie.enabled
name: newrelic-pixie
repository: file://./charts/newrelic-pixie
@ -77,4 +77,4 @@ sources:
- https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-logging
- https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-pixie
- https://github.com/newrelic/newrelic-infra-operator/tree/master/charts/newrelic-infra-operator
version: 5.0.74
version: 5.0.75

4
charts/new-relic/nri-bundle/charts/newrelic-infrastructure/Chart.yaml
View File

@ -1,5 +1,5 @@
apiVersion: v2
appVersion: 3.28.3
appVersion: 3.28.4
dependencies:
- name: common-library
repository: https://helm-charts.newrelic.com
@ -23,4 +23,4 @@ sources:
- https://github.com/newrelic/nri-kubernetes/
- https://github.com/newrelic/nri-kubernetes/tree/main/charts/newrelic-infrastructure
- https://github.com/newrelic/infrastructure-agent/
version: 3.33.3
version: 3.33.4

2
charts/new-relic/nri-bundle/charts/newrelic-infrastructure/values.yaml
View File

@ -30,7 +30,7 @@ images:
agent:
registry: ""
repository: newrelic/infrastructure-bundle
tag: 3.2.37
tag: 3.2.38
pullPolicy: IfNotPresent
# -- Image for the New Relic Kubernetes integration.
# @default -- See `values.yaml`

2
charts/new-relic/nri-bundle/charts/newrelic-logging/Chart.yaml
View File

@ -17,4 +17,4 @@ maintainers:
- name: danybmx
- name: sdaubin
name: newrelic-logging
version: 1.21.2
version: 1.21.3

6
charts/new-relic/nri-bundle/charts/newrelic-logging/values.yaml
View File

@ -125,7 +125,7 @@ fluentBit:
Name record_modifier
Alias node-attributes-enricher
Match *
Record cluster_name ${CLUSTER_NAME}
Record cluster_name "${CLUSTER_NAME}"
# extraFilters: |
# [FILTER]
@ -157,7 +157,7 @@ fluentBit:
Name record_modifier
Match *
Alias node-attributes-enricher-filter
Record cluster_name ${CLUSTER_NAME}
Record cluster_name "${CLUSTER_NAME}"
Allowlist_key container_name
Allowlist_key namespace_name
Allowlist_key pod_name
@ -211,7 +211,7 @@ fluentBit:
Tls.verify Off
# User-defined labels
add_label app fluent-bit
add_label cluster_name ${CLUSTER_NAME}
add_label cluster_name "${CLUSTER_NAME}"
add_label hostname ${HOSTNAME}
add_label node_name ${NODE_NAME}
add_label source kubernetes

4
charts/new-relic/nri-bundle/charts/newrelic-prometheus-agent/Chart.yaml
View File

@ -1,5 +1,5 @@
annotations:
configuratorVersion: 1.15.0
configuratorVersion: 1.16.0
apiVersion: v2
appVersion: v2.37.8
dependencies:
@ -19,4 +19,4 @@ maintainers:
url: https://github.com/dbudziwojskiNR
name: newrelic-prometheus-agent
type: application
version: 1.12.0
version: 1.13.0

4
charts/new-relic/nri-bundle/charts/nri-kube-events/Chart.yaml
View File

@ -1,5 +1,5 @@
apiVersion: v2
appVersion: 2.9.5
appVersion: 2.9.6
dependencies:
- name: common-library
repository: https://helm-charts.newrelic.com
@ -23,4 +23,4 @@ sources:
- https://github.com/newrelic/nri-kube-events/
- https://github.com/newrelic/nri-kube-events/tree/main/charts/nri-kube-events
- https://github.com/newrelic/infrastructure-agent/
version: 3.9.5
version: 3.9.6

2
charts/new-relic/nri-bundle/charts/nri-kube-events/README.md
View File

@ -1,6 +1,6 @@
# nri-kube-events
![Version: 3.9.5](https://img.shields.io/badge/Version-3.9.5-informational?style=flat-square) ![AppVersion: 2.9.5](https://img.shields.io/badge/AppVersion-2.9.5-informational?style=flat-square)
![Version: 3.9.6](https://img.shields.io/badge/Version-3.9.6-informational?style=flat-square) ![AppVersion: 2.9.6](https://img.shields.io/badge/AppVersion-2.9.6-informational?style=flat-square)
A Helm chart to deploy the New Relic Kube Events router

4
charts/new-relic/nri-bundle/charts/nri-metadata-injection/Chart.yaml
View File

@ -1,5 +1,5 @@
apiVersion: v2
appVersion: 1.26.4
appVersion: 1.27.0
dependencies:
- name: common-library
repository: https://helm-charts.newrelic.com
@ -22,4 +22,4 @@ name: nri-metadata-injection
sources:
- https://github.com/newrelic/k8s-metadata-injection
- https://github.com/newrelic/k8s-metadata-injection/tree/master/charts/nri-metadata-injection
version: 4.18.4
version: 4.19.0

4
charts/speedscale/speedscale-operator/Chart.yaml
View File

@ -4,7 +4,7 @@ annotations:
catalog.cattle.io/kube-version: '>= 1.17.0-0'
catalog.cattle.io/release-name: speedscale-operator
apiVersion: v1
appVersion: 2.1.288
appVersion: 2.1.296
description: Stress test your APIs with real world scenarios. Collect and replay
traffic without scripting.
home: https://speedscale.com
@ -24,4 +24,4 @@ maintainers:
- email: support@speedscale.com
name: Speedscale Support
name: speedscale-operator
version: 2.1.288
version: 2.1.296

6
charts/speedscale/speedscale-operator/templates/crds/trafficreplays.yaml
View File

@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
controller-gen.kubebuilder.io/version: v0.15.0
creationTimestamp: null
name: trafficreplays.speedscale.com
spec:
@ -237,6 +237,10 @@ spec:
Workload represents a Kubernetes workload to be targeted during replay and
associated settings.
properties:
customURI:
description: CustomURI will be target of the traffic instead
of directly targeting workload
type: string
inTrafficKey:
description: 'DEPRECATED: use InTrafficKeys'
type: string

2
charts/speedscale/speedscale-operator/values.yaml
View File

@ -20,7 +20,7 @@ clusterName: "my-cluster"
# Speedscale components image settings.
image:
registry: gcr.io/speedscale
tag: v2.1.288
tag: v2.1.296
pullPolicy: Always
# Log level for Speedscale components.

411
charts/traefik/traefik/Changelog.md
View File

@ -1,20 +1,415 @@
# Change Log
## 27.0.2 ![AppVersion: v2.11.1](https://img.shields.io/static/v1?label=AppVersion&message=v2.11.1&color=success&logo=) ![Kubernetes: >=1.16.0-0](https://img.shields.io/static/v1?label=Kubernetes&message=%3E%3D1.16.0-0&color=informational&logo=kubernetes) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
## 28.0.0 ![AppVersion: v3.0.0](https://img.shields.io/static/v1?label=AppVersion&message=v3.0.0&color=success&logo=) ![Kubernetes: >=1.22.0-0](https://img.shields.io/static/v1?label=Kubernetes&message=%3E%3D1.22.0-0&color=informational&logo=kubernetes) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
**Release date:** 2024-04-11
**Release date:** 2024-04-30
* feat: ✨ update Traefik Proxy to v2.11.2
* style: 🎨 consistent capitalization on `--entryPoints` CLI flag
* fix: 🐛 only expose http3 port on service when TCP variant is exposed
* fix: 🐛 logs filters on status codes
* feat: ✨ add support of `experimental-v3.0` unstable version
* feat: ability to override liveness and readiness probe paths
* feat(ports): add transport options
* chore(release): publish v28.0.0
## 27.0.1 ![AppVersion: v2.11.1](https://img.shields.io/static/v1?label=AppVersion&message=v2.11.1&color=success&logo=) ![Kubernetes: >=1.16.0-0](https://img.shields.io/static/v1?label=Kubernetes&message=%3E%3D1.16.0-0&color=informational&logo=kubernetes) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
### Default value changes
**Release date:** 2024-04-10
```diff
diff --git a/traefik/values.yaml b/traefik/values.yaml
index c0d72d8..2bff10d 100644
--- a/traefik/values.yaml
+++ b/traefik/values.yaml
@@ -38,6 +38,12 @@ deployment:
## Override the liveness/readiness scheme. Useful for getting ping to
## respond on websecure entryPoint.
# healthchecksScheme: HTTPS
+ ## Override the readiness path.
+ ## Default: /ping
+ # readinessPath: /ping
+ # Override the liveness path.
+ # Default: /ping
+ # livenessPath: /ping
# -- Additional deployment annotations (e.g. for jaeger-operator sidecar injection)
annotations: {}
# -- Additional deployment labels (e.g. for filtering deployment by custom labels)
@@ -648,15 +654,28 @@ ports:
# (Optional)
# priority: 10
#
- # Trust forwarded headers information (X-Forwarded-*).
+ # -- Trust forwarded headers information (X-Forwarded-*).
# forwardedHeaders:
# trustedIPs: []
# insecure: false
#
- # Enable the Proxy Protocol header parsing for the entry point
+ # -- Enable the Proxy Protocol header parsing for the entry point
# proxyProtocol:
# trustedIPs: []
# insecure: false
+ #
+ # -- Set transport settings for the entrypoint; see also
+ # https://doc.traefik.io/traefik/routing/entrypoints/#transport
+ transport:
+ respondingTimeouts:
+ readTimeout:
+ writeTimeout:
+ idleTimeout:
+ lifeCycle:
+ requestAcceptGraceTimeout:
+ graceTimeOut:
+ keepAliveMaxRequests:
+ keepAliveMaxTime:
websecure:
## -- Enable this entrypoint as a default entrypoint. When a service doesn't explicitly set an entrypoint it will only use this entrypoint.
# asDefault: true
@@ -684,16 +703,29 @@ ports:
enabled: false
# advertisedPort: 4443
#
- ## -- Trust forwarded headers information (X-Forwarded-*).
+ # -- Trust forwarded headers information (X-Forwarded-*).
# forwardedHeaders:
# trustedIPs: []
# insecure: false
#
- ## -- Enable the Proxy Protocol header parsing for the entry point
+ # -- Enable the Proxy Protocol header parsing for the entry point
# proxyProtocol:
# trustedIPs: []
# insecure: false
#
+ # -- Set transport settings for the entrypoint; see also
+ # https://doc.traefik.io/traefik/routing/entrypoints/#transport
+ transport:
+ respondingTimeouts:
+ readTimeout:
+ writeTimeout:
+ idleTimeout:
+ lifeCycle:
+ requestAcceptGraceTimeout:
+ graceTimeOut:
+ keepAliveMaxRequests:
+ keepAliveMaxTime:
+ #
## Set TLS at the entrypoint
## https://doc.traefik.io/traefik/routing/entrypoints/#tls
tls:
```
**Upgrade notes**
## 28.0.0-rc1 ![AppVersion: v3.0.0-rc5](https://img.shields.io/static/v1?label=AppVersion&message=v3.0.0-rc5&color=success&logo=) ![Kubernetes: >=1.16.0-0](https://img.shields.io/static/v1?label=Kubernetes&message=%3E%3D1.16.0-0&color=informational&logo=kubernetes) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
🚨 Traefik Proxy v2.11.1 introduces `lingeringTimeout`, see https://github.com/traefik/traefik/pull/10569, that can be breaking for _server-first_ protocols. This new setting can be set with `additionalArguments`.
**Release date:** 2024-04-17
* feat: ✨ update Traefik Proxy to v2.11.1
**Upgrade Notes**
This is a major breaking upgrade. [Migration guide](https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/) have been applied on the chart.
It needs a Kubernetes v1.22 or higher.
All CRDs using _API Group_ `traefik.containo.us` are not supported anymore in Traefik Proxy v3
CRDs needs to be upgraded: `kubectl apply --server-side --force-conflicts -k https://github.com/traefik/traefik-helm-chart/traefik/crds/`
After upgrade, CRDs with _API Group_ `traefik.containo.us` can be removed:
```shell
kubectl delete crds \
ingressroutes.traefik.containo.us \
ingressroutetcps.traefik.containo.us \
ingressrouteudps.traefik.containo.us \
middlewares.traefik.containo.us \
middlewaretcps.traefik.containo.us \
serverstransports.traefik.containo.us \
tlsoptions.traefik.containo.us \
tlsstores.traefik.containo.us \
traefikservices.traefik.containo.us
```
**Changes**
* feat(podtemplate): set GOMEMLIMIT, GOMAXPROCS when limits are defined
* feat: ✨ fail gracefully when required port number is not set
* feat!: :boom: initial support of Traefik Proxy v3
* docs: 📚️ improve EXAMPLES on acme resolver
* chore(release): 🚀 publish v28 rc1
### Default value changes
```diff
diff --git a/traefik/values.yaml b/traefik/values.yaml
index cd9fb6e..c0d72d8 100644
--- a/traefik/values.yaml
+++ b/traefik/values.yaml
@@ -120,12 +120,13 @@ ingressClass:
isDefaultClass: true
# name: my-custom-class
+core:
+ # -- Can be used to use globally v2 router syntax
+ # See https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#new-v3-syntax-notable-changes
+ defaultRuleSyntax:
+
# Traefik experimental features
experimental:
- # This value is no longer used, set the image.tag to a semver higher than 3.0, e.g. "v3.0.0-beta3"
- # v3:
- # -- Enable traefik version 3
-
# -- Enable traefik experimental plugins
plugins: {}
# demo:
@@ -309,7 +310,7 @@ logs:
# format: json
# By default, the level is set to ERROR.
# -- Alternative logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO.
- level: ERROR
+ level: INFO
access:
# -- To enable access logs
enabled: false
@@ -328,6 +329,8 @@ logs:
# statuscodes: "200,300-302"
# retryattempts: true
# minduration: 10ms
+ # -- Enables accessLogs for internal resources. Default: false.
+ addInternals:
fields:
general:
# -- Available modes: keep, drop, redact.
@@ -347,6 +350,9 @@ logs:
# Content-Type: keep
metrics:
+ ## -- Enable metrics for internal resources. Default: false
+ addInternals:
+
## -- Prometheus is enabled by default.
## -- It can be disabled by setting "prometheus: null"
prometheus:
@@ -376,31 +382,6 @@ metrics:
# # addRoutersLabels: true
# ## Enable metrics on services. Default=true
# # addServicesLabels: false
- # influxdb:
- # ## Address instructs exporter to send metrics to influxdb at this address.
- # address: localhost:8089
- # ## InfluxDB's address protocol (udp or http). Default="udp"
- # protocol: udp
- # ## InfluxDB database used when protocol is http. Default=""
- # # database: ""
- # ## InfluxDB retention policy used when protocol is http. Default=""
- # # retentionPolicy: ""
- # ## InfluxDB username (only with http). Default=""
- # # username: ""
- # ## InfluxDB password (only with http). Default=""
- # # password: ""
- # ## The interval used by the exporter to push metrics to influxdb. Default=10s
- # # pushInterval: 30s
- # ## Additional labels (influxdb tags) on all metrics.
- # # additionalLabels:
- # # env: production
- # # foo: bar
- # ## Enable metrics on entry points. Default=true
- # # addEntryPointsLabels: false
- # ## Enable metrics on routers. Default=false
- # # addRoutersLabels: true
- # ## Enable metrics on services. Default=true
- # # addServicesLabels: false
# influxdb2:
# ## Address instructs exporter to send metrics to influxdb v2 at this address.
# address: localhost:8086
@@ -435,43 +416,53 @@ metrics:
# # addRoutersLabels: true
# ## Enable metrics on services. Default=true
# # addServicesLabels: false
- # openTelemetry:
- # ## Address of the OpenTelemetry Collector to send metrics to.
- # address: "localhost:4318"
- # ## Enable metrics on entry points.
- # addEntryPointsLabels: true
- # ## Enable metrics on routers.
- # addRoutersLabels: true
- # ## Enable metrics on services.
- # addServicesLabels: true
- # ## Explicit boundaries for Histogram data points.
- # explicitBoundaries:
- # - "0.1"
- # - "0.3"
- # - "1.2"
- # - "5.0"
- # ## Additional headers sent with metrics by the reporter to the OpenTelemetry Collector.
- # headers:
- # foo: bar
- # test: test
- # ## Allows reporter to send metrics to the OpenTelemetry Collector without using a secured protocol.
- # insecure: true
- # ## Interval at which metrics are sent to the OpenTelemetry Collector.
- # pushInterval: 10s
- # ## Allows to override the default URL path used for sending metrics. This option has no effect when using gRPC transport.
- # path: /foo/v1/traces
- # ## Defines the TLS configuration used by the reporter to send metrics to the OpenTelemetry Collector.
- # tls:
- # ## The path to the certificate authority, it defaults to the system bundle.
- # ca: path/to/ca.crt
- # ## The path to the public certificate. When using this option, setting the key option is required.
- # cert: path/to/foo.cert
- # ## The path to the private key. When using this option, setting the cert option is required.
- # key: path/to/key.key
- # ## If set to true, the TLS connection accepts any certificate presented by the server regardless of the hostnames it covers.
- # insecureSkipVerify: true
- # ## This instructs the reporter to send metrics to the OpenTelemetry Collector using gRPC.
- # grpc: true
+ otlp:
+ # -- Set to true in order to enable the OpenTelemetry metrics
+ enabled: false
+ # -- Enable metrics on entry points. Default: true
+ addEntryPointsLabels:
+ # -- Enable metrics on routers. Default: false
+ addRoutersLabels:
+ # -- Enable metrics on services. Default: true
+ addServicesLabels:
+ # -- Explicit boundaries for Histogram data points. Default: [.005, .01, .025, .05, .1, .25, .5, 1, 2.5, 5, 10]
+ explicitBoundaries:
+ # -- Interval at which metrics are sent to the OpenTelemetry Collector. Default: 10s
+ pushInterval:
+ http:
+ # -- Set to true in order to send metrics to the OpenTelemetry Collector using HTTP.
+ enabled: false
+ # -- Format: <scheme>://<host>:<port><path>. Default: http://localhost:4318/v1/metrics
+ endpoint:
+ # -- Additional headers sent with metrics by the reporter to the OpenTelemetry Collector.
+ headers:
+ ## Defines the TLS configuration used by the reporter to send metrics to the OpenTelemetry Collector.
+ tls:
+ # -- The path to the certificate authority, it defaults to the system bundle.
+ ca:
+ # -- The path to the public certificate. When using this option, setting the key option is required.
+ cert:
+ # -- The path to the private key. When using this option, setting the cert option is required.
+ key:
+ # -- When set to true, the TLS connection accepts any certificate presented by the server regardless of the hostnames it covers.
+ insecureSkipVerify:
+ grpc:
+ # -- Set to true in order to send metrics to the OpenTelemetry Collector using gRPC
+ enabled: false
+ # -- Format: <scheme>://<host>:<port><path>. Default: http://localhost:4318/v1/metrics
+ endpoint:
+ # -- Allows reporter to send metrics to the OpenTelemetry Collector without using a secured protocol.
+ insecure:
+ ## Defines the TLS configuration used by the reporter to send metrics to the OpenTelemetry Collector.
+ tls:
+ # -- The path to the certificate authority, it defaults to the system bundle.
+ ca:
+ # -- The path to the public certificate. When using this option, setting the key option is required.
+ cert:
+ # -- The path to the private key. When using this option, setting the cert option is required.
+ key:
+ # -- When set to true, the TLS connection accepts any certificate presented by the server regardless of the hostnames it covers.
+ insecureSkipVerify:
## -- enable optional CRDs for Prometheus Operator
##
@@ -524,51 +515,46 @@ metrics:
## Tracing
# -- https://doc.traefik.io/traefik/observability/tracing/overview/
-tracing: {}
-# openTelemetry: # traefik v3+ only
-# grpc: true
-# insecure: true
-# address: localhost:4317
-# instana:
-# localAgentHost: 127.0.0.1
-# localAgentPort: 42699
-# logLevel: info
-# enableAutoProfile: true
-# datadog:
-# localAgentHostPort: 127.0.0.1:8126
-# debug: false
-# globalTag: ""
-# prioritySampling: false
-# jaeger:
-# samplingServerURL: http://localhost:5778/sampling
-# samplingType: const
-# samplingParam: 1.0
-# localAgentHostPort: 127.0.0.1:6831
-# gen128Bit: false
-# propagation: jaeger
-# traceContextHeaderName: uber-trace-id
-# disableAttemptReconnecting: true
-# collector:
-# endpoint: ""
-# user: ""
-# password: ""
-# zipkin:
-# httpEndpoint: http://localhost:9411/api/v2/spans
-# sameSpan: false
-# id128Bit: true
-# sampleRate: 1.0
-# haystack:
-# localAgentHost: 127.0.0.1
-# localAgentPort: 35000
-# globalTag: ""
-# traceIDHeaderName: ""
-# parentIDHeaderName: ""
-# spanIDHeaderName: ""
-# baggagePrefixHeaderName: ""
-# elastic:
-# serverURL: http://localhost:8200
-# secretToken: ""
-# serviceEnvironment: ""
+tracing:
+ # -- Enables tracing for internal resources. Default: false.
+ addInternals:
+ otlp:
+ # -- See https://doc.traefik.io/traefik/v3.0/observability/tracing/opentelemetry/
+ enabled: false
+ http:
+ # -- Set to true in order to send metrics to the OpenTelemetry Collector using HTTP.
+ enabled: false
+ # -- Format: <scheme>://<host>:<port><path>. Default: http://localhost:4318/v1/metrics
+ endpoint:
+ # -- Additional headers sent with metrics by the reporter to the OpenTelemetry Collector.
+ headers:
+ ## Defines the TLS configuration used by the reporter to send metrics to the OpenTelemetry Collector.
+ tls:
+ # -- The path to the certificate authority, it defaults to the system bundle.
+ ca:
+ # -- The path to the public certificate. When using this option, setting the key option is required.
+ cert:
+ # -- The path to the private key. When using this option, setting the cert option is required.
+ key:
+ # -- When set to true, the TLS connection accepts any certificate presented by the server regardless of the hostnames it covers.
+ insecureSkipVerify:
+ grpc:
+ # -- Set to true in order to send metrics to the OpenTelemetry Collector using gRPC
+ enabled: false
+ # -- Format: <scheme>://<host>:<port><path>. Default: http://localhost:4318/v1/metrics
+ endpoint:
+ # -- Allows reporter to send metrics to the OpenTelemetry Collector without using a secured protocol.
+ insecure:
+ ## Defines the TLS configuration used by the reporter to send metrics to the OpenTelemetry Collector.
+ tls:
+ # -- The path to the certificate authority, it defaults to the system bundle.
+ ca:
+ # -- The path to the public certificate. When using this option, setting the key option is required.
+ cert:
+ # -- The path to the private key. When using this option, setting the cert option is required.
+ key:
+ # -- When set to true, the TLS connection accepts any certificate presented by the server regardless of the hostnames it covers.
+ insecureSkipVerify:
# -- Global command arguments to be passed to all traefik's pods
globalArguments:
@@ -756,7 +742,6 @@ ports:
# default:
# labels: {}
# sniStrict: true
-# preferServerCipherSuites: true
# custom-options:
# labels: {}
# curvePreferences:
```
## 27.0.0 ![AppVersion: v2.11.0](https://img.shields.io/static/v1?label=AppVersion&message=v2.11.0&color=success&logo=) ![Kubernetes: >=1.16.0-0](https://img.shields.io/static/v1?label=Kubernetes&message=%3E%3D1.16.0-0&color=informational&logo=kubernetes) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)

16
charts/traefik/traefik/Chart.yaml
View File

@ -1,12 +1,16 @@
annotations:
artifacthub.io/changes: |
- "feat: ✨ update Traefik Proxy to v2.11.2"
artifacthub.io/changes: "- \"style: \U0001F3A8 consistent capitalization on `--entryPoints`
CLI flag\"\n- \"fix: \U0001F41B only expose http3 port on service when TCP variant
is exposed\"\n- \"fix: \U0001F41B logs filters on status codes\"\n- \"feat: ✨
add support of `experimental-v3.0` unstable version\"\n- \"feat: ability to override
liveness and readiness probe paths\"\n- \"feat(ports): add transport options\"\n-
\"chore(release): publish v28.0.0\"\n"
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Traefik Proxy
catalog.cattle.io/kube-version: '>=1.16.0-0'
catalog.cattle.io/kube-version: '>=1.22.0-0'
catalog.cattle.io/release-name: traefik
apiVersion: v2
appVersion: v2.11.2
appVersion: v3.0.0
description: A Traefik based Kubernetes ingress controller
home: https://traefik.io/
icon: https://raw.githubusercontent.com/traefik/traefik/v2.3/docs/content/assets/img/traefik.logo.png
@ -14,7 +18,7 @@ keywords:
- traefik
- ingress
- networking
kubeVersion: '>=1.16.0-0'
kubeVersion: '>=1.22.0-0'
maintainers:
- email: michel.loiseleur@traefik.io
name: mloiseleur
@ -28,4 +32,4 @@ sources:
- https://github.com/traefik/traefik
- https://github.com/traefik/traefik-helm-chart
type: application
version: 27.0.2
version: 28.0.0

45
charts/traefik/traefik/EXAMPLES.md
View File

@ -348,6 +348,21 @@ By default, Kubernetes recursively changes ownership and permissions for the con
=> An initContainer can be used to avoid an issue on this sensitive file.
See [#396](https://github.com/traefik/traefik-helm-chart/issues/396) for more details.
**Step 1**: Create `Secret` with CloudFlare token:
```yaml
---
apiVersion: v1
kind: Secret
metadata:
name: cloudflare
type: Opaque
stringData:
token: TTT
```
**Step 2**:
```yaml
persistence:
enabled: true
@ -361,8 +376,8 @@ env:
- name: CF_DNS_API_TOKEN
valueFrom:
secretKeyRef:
name: yyy
key: zzz
name: cloudflare
key: token
deployment:
initContainers:
- name: volume-permissions
@ -373,6 +388,20 @@ deployment:
name: data
```
and after, in an `IngressRoute`:
```yaml
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: [...]
spec:
entryPoints: [...]
routes: [...]
tls:
certResolver: letsencrypt
```
This example needs a CloudFlare token in a Kubernetes `Secret` and a working `StorageClass`.
See [the list of supported providers](https://doc.traefik.io/traefik/https/acme/#providers) for others.
@ -581,3 +610,15 @@ spec:
name: release-name-traefik
maxReplicas: 3
```
# Use latest build of Traefik v3 from master
An experimental build of Traefik Proxy is available on a specific repository.
It can be used with those _values_:
```yaml
image:
repository: traefik/traefik
tag: experimental-v3.0
```

31
charts/traefik/traefik/README.md
View File

@ -5,12 +5,12 @@ microservices with ease.
## Introduction
This chart bootstraps Traefik version 2 as a Kubernetes ingress controller,
using Custom Resources `IngressRoute`: <https://docs.traefik.io/providers/kubernetes-crd/>.
Starting with v28.x, this chart now bootstraps Traefik Proxy version 3 as a Kubernetes ingress controller,
using Custom Resources `IngressRoute`: <https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/>.
It's possible to use this chart with Traefik Proxy v2 using v27.x
This chart support policy is aligned with [upstream support policy](https://doc.traefik.io/traefik/deprecation/releases/) of Traefik Proxy.
It's possible to use this chart with Traefik v3 (current tested with v3.0.0-rc1).
This Chart is focused on stable release, so there are limitations and one will need to apply Traefik v3 CRDs first.
Helm will auto detect which version is used based on image.tag. Set image.tag to a semver higher than 3.0, e.g. "v3.0.0-rc1".
See [Migration guide from v2 to v3](https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/) and upgrading section of this chart on CRDs.
### Philosophy
@ -25,7 +25,9 @@ Accordingly, the encouraged approach to fulfill your needs:
1. Override the default Traefik configuration values ([yaml file or cli](https://helm.sh/docs/chart_template_guide/values_files/))
2. Append your own configurations (`kubectl apply -f myconf.yaml`)
If needed, one may use [extraObjects](./traefik/tests/values/extra.yaml) or extend this HelmChart [as a Subchart](https://helm.sh/docs/chart_template_guide/subcharts_and_globals/). In the [examples](EXAMPLES.md), one can see how to use this Chart as a dependency.
[Examples](https://github.com/traefik/traefik-helm-chart/blob/master/EXAMPLES.md) of common usage are provided.
If needed, one may use [extraObjects](./traefik/tests/values/extra.yaml) or extend this HelmChart [as a Subchart](https://helm.sh/docs/chart_template_guide/subcharts_and_globals/).
## Installing
@ -46,12 +48,13 @@ Due to changes in CRD version support, the following versions of the chart are u
### CRDs Support of Traefik Proxy
Due to changes in API Group of Traefik CRDs from `containo.us` to `traefik.io`, this Chart install the two CRDs API Group on the following versions:
Due to changes in API Group of Traefik CRDs from `containo.us` to `traefik.io`, this Chart install CRDs needed by default Traefik Proxy version, following this table:
| | `containo.us` | `traefik.io` |
|-------------------------|-----------------------------|------------------------|
| Chart v22.0.0 and below | [x] | |
| Chart v23.0.0 and above | [x] | [x] |
| Chart v28.0.0 and above | | [x] |
### Deploying Traefik
@ -85,14 +88,24 @@ New major version indicates that there is an incompatible breaking change.
### Upgrading CRDs
🛂 **Warning**: Traefik v3 totally removes the crd support for traefik.containo.us CRDs. By default this helm installs the CRDs compatible with v2 also, but Traefik v3 will no longer monitor them. There is no support for deprecation errors, so your existing resources may silently fail to work after upgrade to Traefik v3. See [Migration guide from v2 to v3](https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/) for more details.
With Helm v3, CRDs created by this chart can not be updated, cf the [Helm Documentation on CRDs](https://helm.sh/docs/chart_best_practices/custom_resource_definitions). Please read carefully release notes of this chart before upgrading CRDs.
#### Upgrade from 27.X to 28.X+
🛂 **Warning**: Traefik v3 totally removes the crd support for traefik.containo.us CRDs. Existing resources may silently fail to work after upgrade to Traefik v3.
See [Migration guide from v2 to v3](https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/) for more details.
```bash
kubectl apply --server-side --force-conflicts -k https://github.com/traefik/traefik-helm-chart/traefik/crds/
```
#### Upgrade up to 27.X
```bash
kubectl apply --server-side --force-conflicts -k https://github.com/traefik/traefik-helm-chart/traefik/crds/?ref=v27
```
### Upgrading after 18.X+
It's detailed in [release notes](https://github.com/traefik/traefik-helm-chart/releases).

51
charts/traefik/traefik/VALUES.md
View File

@ -1,6 +1,6 @@
# traefik
![Version: 27.0.2](https://img.shields.io/badge/Version-27.0.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v2.11.2](https://img.shields.io/badge/AppVersion-v2.11.2-informational?style=flat-square)
![Version: 28.0.0](https://img.shields.io/badge/Version-28.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v3.0.0](https://img.shields.io/badge/AppVersion-v3.0.0-informational?style=flat-square)
A Traefik based Kubernetes ingress controller
@ -22,7 +22,7 @@ A Traefik based Kubernetes ingress controller
## Requirements
Kubernetes: `>=1.16.0-0`
Kubernetes: `>=1.22.0-0`
## Values
@ -34,6 +34,7 @@ Kubernetes: `>=1.16.0-0`
| autoscaling.enabled | bool | `false` | Create HorizontalPodAutoscaler object. |
| certResolvers | object | `{}` | Certificates resolvers configuration |
| commonLabels | object | `{}` | Add additional label to all resources |
| core.defaultRuleSyntax | string | `nil` | Can be used to use globally v2 router syntax See https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#new-v3-syntax-notable-changes |
| deployment.additionalContainers | list | `[]` | Additional containers (e.g. for metric offloading sidecars) |
| deployment.additionalVolumes | list | `[]` | Additional volumes available for use with initContainers and additionalContainers |
| deployment.annotations | object | `{}` | Additional deployment annotations (e.g. for jaeger-operator sidecar injection) |
@ -82,13 +83,35 @@ Kubernetes: `>=1.16.0-0`
| livenessProbe.periodSeconds | int | `10` | The number of seconds to wait between consecutive probes. |
| livenessProbe.successThreshold | int | `1` | The minimum consecutive successes required to consider the probe successful. |
| livenessProbe.timeoutSeconds | int | `2` | The number of seconds to wait for a probe response before considering it as failed. |
| logs.access.addInternals | string | `nil` | Enables accessLogs for internal resources. Default: false. |
| logs.access.enabled | bool | `false` | To enable access logs |
| logs.access.fields.general.defaultmode | string | `"keep"` | Available modes: keep, drop, redact. |
| logs.access.fields.general.names | object | `{}` | Names of the fields to limit. |
| logs.access.fields.headers.defaultmode | string | `"drop"` | Available modes: keep, drop, redact. |
| logs.access.fields.headers.names | object | `{}` | Names of the headers to limit. |
| logs.access.filters | object | `{}` | https://docs.traefik.io/observability/access-logs/#filtering |
| logs.general.level | string | `"ERROR"` | Alternative logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO. |
| logs.general.level | string | `"INFO"` | Alternative logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO. |
| metrics.addInternals | string | `nil` | |
| metrics.otlp.addEntryPointsLabels | string | `nil` | Enable metrics on entry points. Default: true |
| metrics.otlp.addRoutersLabels | string | `nil` | Enable metrics on routers. Default: false |
| metrics.otlp.addServicesLabels | string | `nil` | Enable metrics on services. Default: true |
| metrics.otlp.enabled | bool | `false` | Set to true in order to enable the OpenTelemetry metrics |
| metrics.otlp.explicitBoundaries | string | `nil` | Explicit boundaries for Histogram data points. Default: [.005, .01, .025, .05, .1, .25, .5, 1, 2.5, 5, 10] |
| metrics.otlp.grpc.enabled | bool | `false` | Set to true in order to send metrics to the OpenTelemetry Collector using gRPC |
| metrics.otlp.grpc.endpoint | string | `nil` | Format: <scheme>://<host>:<port><path>. Default: http://localhost:4318/v1/metrics |
| metrics.otlp.grpc.insecure | string | `nil` | Allows reporter to send metrics to the OpenTelemetry Collector without using a secured protocol. |
| metrics.otlp.grpc.tls.ca | string | `nil` | The path to the certificate authority, it defaults to the system bundle. |
| metrics.otlp.grpc.tls.cert | string | `nil` | The path to the public certificate. When using this option, setting the key option is required. |
| metrics.otlp.grpc.tls.insecureSkipVerify | string | `nil` | When set to true, the TLS connection accepts any certificate presented by the server regardless of the hostnames it covers. |
| metrics.otlp.grpc.tls.key | string | `nil` | The path to the private key. When using this option, setting the cert option is required. |
| metrics.otlp.http.enabled | bool | `false` | Set to true in order to send metrics to the OpenTelemetry Collector using HTTP. |
| metrics.otlp.http.endpoint | string | `nil` | Format: <scheme>://<host>:<port><path>. Default: http://localhost:4318/v1/metrics |
| metrics.otlp.http.headers | string | `nil` | Additional headers sent with metrics by the reporter to the OpenTelemetry Collector. |
| metrics.otlp.http.tls.ca | string | `nil` | The path to the certificate authority, it defaults to the system bundle. |
| metrics.otlp.http.tls.cert | string | `nil` | The path to the public certificate. When using this option, setting the key option is required. |
| metrics.otlp.http.tls.insecureSkipVerify | string | `nil` | When set to true, the TLS connection accepts any certificate presented by the server regardless of the hostnames it covers. |
| metrics.otlp.http.tls.key | string | `nil` | The path to the private key. When using this option, setting the cert option is required. |
| metrics.otlp.pushInterval | string | `nil` | Interval at which metrics are sent to the OpenTelemetry Collector. Default: 10s |
| metrics.prometheus.entryPoint | string | `"metrics"` | Entry point used to expose metrics. |
| nodeSelector | object | `{}` | nodeSelector is the simplest recommended form of node selection constraint. |
| persistence.accessMode | string | `"ReadWriteOnce"` | |
@ -115,6 +138,7 @@ Kubernetes: `>=1.16.0-0`
| ports.web.exposedPort | int | `80` | |
| ports.web.port | int | `8000` | |
| ports.web.protocol | string | `"TCP"` | |
| ports.web.transport | object | `{"keepAliveMaxRequests":null,"keepAliveMaxTime":null,"lifeCycle":{"graceTimeOut":null,"requestAcceptGraceTimeout":null},"respondingTimeouts":{"idleTimeout":null,"readTimeout":null,"writeTimeout":null}}` | Set transport settings for the entrypoint; see also https://doc.traefik.io/traefik/routing/entrypoints/#transport |
| ports.websecure.expose.default | bool | `true` | |
| ports.websecure.exposedPort | int | `443` | |
| ports.websecure.http3.enabled | bool | `false` | |
@ -125,6 +149,7 @@ Kubernetes: `>=1.16.0-0`
| ports.websecure.tls.domains | list | `[]` | |
| ports.websecure.tls.enabled | bool | `true` | |
| ports.websecure.tls.options | string | `""` | |
| ports.websecure.transport | object | `{"keepAliveMaxRequests":null,"keepAliveMaxTime":null,"lifeCycle":{"graceTimeOut":null,"requestAcceptGraceTimeout":null},"respondingTimeouts":{"idleTimeout":null,"readTimeout":null,"writeTimeout":null}}` | Set transport settings for the entrypoint; see also https://doc.traefik.io/traefik/routing/entrypoints/#transport |
| priorityClassName | string | `""` | Priority indicates the importance of a Pod relative to other Pods. |
| providers.file.content | string | `""` | File content (YAML format, go template supported) (see https://doc.traefik.io/traefik/providers/file/) |
| providers.file.enabled | bool | `false` | Create a file provider |
@ -162,11 +187,27 @@ Kubernetes: `>=1.16.0-0`
| serviceAccount | object | `{"name":""}` | The service account the pods will use to interact with the Kubernetes API |
| serviceAccountAnnotations | object | `{}` | Additional serviceAccount annotations (e.g. for oidc authentication) |
| startupProbe | string | `nil` | Define Startup Probe for container: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes eg. `startupProbe: exec: command: - mycommand - foo initialDelaySeconds: 5 periodSeconds: 5` |
| tlsOptions | object | `{}` | TLS Options are created as TLSOption CRDs https://doc.traefik.io/traefik/https/tls/#tls-options When using `labelSelector`, you'll need to set labels on tlsOption accordingly. Example: tlsOptions: default: labels: {} sniStrict: true preferServerCipherSuites: true custom-options: labels: {} curvePreferences: - CurveP521 - CurveP384 |
| tlsOptions | object | `{}` | TLS Options are created as TLSOption CRDs https://doc.traefik.io/traefik/https/tls/#tls-options When using `labelSelector`, you'll need to set labels on tlsOption accordingly. Example: tlsOptions: default: labels: {} sniStrict: true custom-options: labels: {} curvePreferences: - CurveP521 - CurveP384 |
| tlsStore | object | `{}` | TLS Store are created as TLSStore CRDs. This is useful if you want to set a default certificate https://doc.traefik.io/traefik/https/tls/#default-certificate Example: tlsStore: default: defaultCertificate: secretName: tls-cert |
| tolerations | list | `[]` | Tolerations allow the scheduler to schedule pods with matching taints. |
| topologySpreadConstraints | list | `[]` | You can use topology spread constraints to control how Pods are spread across your cluster among failure-domains. |
| tracing | object | `{}` | https://doc.traefik.io/traefik/observability/tracing/overview/ |
| tracing | object | `{"addInternals":null,"otlp":{"enabled":false,"grpc":{"enabled":false,"endpoint":null,"insecure":null,"tls":{"ca":null,"cert":null,"insecureSkipVerify":null,"key":null}},"http":{"enabled":false,"endpoint":null,"headers":null,"tls":{"ca":null,"cert":null,"insecureSkipVerify":null,"key":null}}}}` | https://doc.traefik.io/traefik/observability/tracing/overview/ |
| tracing.addInternals | string | `nil` | Enables tracing for internal resources. Default: false. |
| tracing.otlp.enabled | bool | `false` | See https://doc.traefik.io/traefik/v3.0/observability/tracing/opentelemetry/ |
| tracing.otlp.grpc.enabled | bool | `false` | Set to true in order to send metrics to the OpenTelemetry Collector using gRPC |
| tracing.otlp.grpc.endpoint | string | `nil` | Format: <scheme>://<host>:<port><path>. Default: http://localhost:4318/v1/metrics |
| tracing.otlp.grpc.insecure | string | `nil` | Allows reporter to send metrics to the OpenTelemetry Collector without using a secured protocol. |
| tracing.otlp.grpc.tls.ca | string | `nil` | The path to the certificate authority, it defaults to the system bundle. |
| tracing.otlp.grpc.tls.cert | string | `nil` | The path to the public certificate. When using this option, setting the key option is required. |
| tracing.otlp.grpc.tls.insecureSkipVerify | string | `nil` | When set to true, the TLS connection accepts any certificate presented by the server regardless of the hostnames it covers. |
| tracing.otlp.grpc.tls.key | string | `nil` | The path to the private key. When using this option, setting the cert option is required. |
| tracing.otlp.http.enabled | bool | `false` | Set to true in order to send metrics to the OpenTelemetry Collector using HTTP. |
| tracing.otlp.http.endpoint | string | `nil` | Format: <scheme>://<host>:<port><path>. Default: http://localhost:4318/v1/metrics |
| tracing.otlp.http.headers | string | `nil` | Additional headers sent with metrics by the reporter to the OpenTelemetry Collector. |
| tracing.otlp.http.tls.ca | string | `nil` | The path to the certificate authority, it defaults to the system bundle. |
| tracing.otlp.http.tls.cert | string | `nil` | The path to the public certificate. When using this option, setting the key option is required. |
| tracing.otlp.http.tls.insecureSkipVerify | string | `nil` | When set to true, the TLS connection accepts any certificate presented by the server regardless of the hostnames it covers. |
| tracing.otlp.http.tls.key | string | `nil` | The path to the private key. When using this option, setting the cert option is required. |
| updateStrategy.rollingUpdate.maxSurge | int | `1` | |
| updateStrategy.rollingUpdate.maxUnavailable | int | `0` | |
| updateStrategy.type | string | `"RollingUpdate"` | Customize updateStrategy: RollingUpdate or OnDelete |

287
charts/traefik/traefik/crds/traefik.containo.us_ingressroutes.yaml
View File

@ -1,287 +0,0 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
name: ingressroutes.traefik.containo.us
spec:
group: traefik.containo.us
names:
kind: IngressRoute
listKind: IngressRouteList
plural: ingressroutes
singular: ingressroute
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: IngressRoute is the CRD implementation of a Traefik HTTP Router.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: IngressRouteSpec defines the desired state of IngressRoute.
properties:
entryPoints:
description: |-
EntryPoints defines the list of entry point names to bind to.
Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v2.11/routing/entrypoints/
Default: all.
items:
type: string
type: array
routes:
description: Routes defines the list of routes.
items:
description: Route holds the HTTP route configuration.
properties:
kind:
description: |-
Kind defines the kind of the route.
Rule is the only supported kind.
enum:
- Rule
type: string
match:
description: |-
Match defines the router's rule.
More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#rule
type: string
middlewares:
description: |-
Middlewares defines the list of references to Middleware resources.
More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-middleware
items:
description: MiddlewareRef is a reference to a Middleware
resource.
properties:
name:
description: Name defines the name of the referenced Middleware
resource.
type: string
namespace:
description: Namespace defines the namespace of the referenced
Middleware resource.
type: string
required:
- name
type: object
type: array
priority:
description: |-
Priority defines the router's priority.
More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#priority
type: integer
services:
description: |-
Services defines the list of Service.
It can contain any combination of TraefikService and/or reference to a Kubernetes Service.
items:
description: Service defines an upstream HTTP service to proxy
traffic to.
properties:
kind:
description: Kind defines the kind of the Service.
enum:
- Service
- TraefikService
type: string
name:
description: |-
Name defines the name of the referenced Kubernetes Service or TraefikService.
The differentiation between the two is specified in the Kind field.
type: string
namespace:
description: Namespace defines the namespace of the referenced
Kubernetes Service or TraefikService.
type: string
nativeLB:
description: |-
NativeLB controls, when creating the load-balancer,
whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
The Kubernetes Service itself does load-balance to the pods.
By default, NativeLB is false.
type: boolean
passHostHeader:
description: |-
PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service.
By default, passHostHeader is true.
type: boolean
port:
anyOf:
- type: integer
- type: string
description: |-
Port defines the port of a Kubernetes Service.
This can be a reference to a named port.
x-kubernetes-int-or-string: true
responseForwarding:
description: ResponseForwarding defines how Traefik forwards
the response from the upstream Kubernetes Service to
the client.
properties:
flushInterval:
description: |-
FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body.
A negative value means to flush immediately after each write to the client.
This configuration is ignored when ReverseProxy recognizes a response as a streaming response;
for such responses, writes are flushed to the client immediately.
Default: 100ms
type: string
type: object
scheme:
description: |-
Scheme defines the scheme to use for the request to the upstream Kubernetes Service.
It defaults to https when Kubernetes Service port is 443, http otherwise.
type: string
serversTransport:
description: |-
ServersTransport defines the name of ServersTransport resource to use.
It allows to configure the transport between Traefik and your servers.
Can only be used on a Kubernetes Service.
type: string
sticky:
description: |-
Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions
properties:
cookie:
description: Cookie defines the sticky cookie configuration.
properties:
httpOnly:
description: HTTPOnly defines whether the cookie
can be accessed by client-side APIs, such as
JavaScript.
type: boolean
name:
description: Name defines the Cookie name.
type: string
sameSite:
description: |-
SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
type: string
secure:
description: Secure defines whether the cookie
can only be transmitted over an encrypted connection
(i.e. HTTPS).
type: boolean
type: object
type: object
strategy:
description: |-
Strategy defines the load balancing strategy between the servers.
RoundRobin is the only supported value at the moment.
type: string
weight:
description: |-
Weight defines the weight and should only be specified when Name references a TraefikService object
(and to be precise, one that embeds a Weighted Round Robin).
type: integer
required:
- name
type: object
type: array
required:
- kind
- match
type: object
type: array
tls:
description: |-
TLS defines the TLS configuration.
More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#tls
properties:
certResolver:
description: |-
CertResolver defines the name of the certificate resolver to use.
Cert resolvers have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v2.11/https/acme/#certificate-resolvers
type: string
domains:
description: |-
Domains defines the list of domains that will be used to issue certificates.
More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#domains
items:
description: Domain holds a domain name with SANs.
properties:
main:
description: Main defines the main domain name.
type: string
sans:
description: SANs defines the subject alternative domain
names.
items:
type: string
type: array
type: object
type: array
options:
description: |-
Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
If not defined, the `default` TLSOption is used.
More info: https://doc.traefik.io/traefik/v2.11/https/tls/#tls-options
properties:
name:
description: |-
Name defines the name of the referenced TLSOption.
More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsoption
type: string
namespace:
description: |-
Namespace defines the namespace of the referenced TLSOption.
More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsoption
type: string
required:
- name
type: object
secretName:
description: SecretName is the name of the referenced Kubernetes
Secret to specify the certificate details.
type: string
store:
description: |-
Store defines the reference to the TLSStore, that will be used to store certificates.
Please note that only `default` TLSStore can be used.
properties:
name:
description: |-
Name defines the name of the referenced TLSStore.
More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsstore
type: string
namespace:
description: |-
Namespace defines the namespace of the referenced TLSStore.
More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsstore
type: string
required:
- name
type: object
type: object
required:
- routes
type: object
required:
- metadata
- spec
type: object
served: true
storage: true

224
charts/traefik/traefik/crds/traefik.containo.us_ingressroutetcps.yaml
View File

@ -1,224 +0,0 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
name: ingressroutetcps.traefik.containo.us
spec:
group: traefik.containo.us
names:
kind: IngressRouteTCP
listKind: IngressRouteTCPList
plural: ingressroutetcps
singular: ingressroutetcp
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: IngressRouteTCP is the CRD implementation of a Traefik TCP Router.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: IngressRouteTCPSpec defines the desired state of IngressRouteTCP.
properties:
entryPoints:
description: |-
EntryPoints defines the list of entry point names to bind to.
Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v2.11/routing/entrypoints/
Default: all.
items:
type: string
type: array
routes:
description: Routes defines the list of routes.
items:
description: RouteTCP holds the TCP route configuration.
properties:
match:
description: |-
Match defines the router's rule.
More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#rule_1
type: string
middlewares:
description: Middlewares defines the list of references to MiddlewareTCP
resources.
items:
description: ObjectReference is a generic reference to a Traefik
resource.
properties:
name:
description: Name defines the name of the referenced Traefik
resource.
type: string
namespace:
description: Namespace defines the namespace of the referenced
Traefik resource.
type: string
required:
- name
type: object
type: array
priority:
description: |-
Priority defines the router's priority.
More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#priority_1
type: integer
services:
description: Services defines the list of TCP services.
items:
description: ServiceTCP defines an upstream TCP service to
proxy traffic to.
properties:
name:
description: Name defines the name of the referenced Kubernetes
Service.
type: string
namespace:
description: Namespace defines the namespace of the referenced
Kubernetes Service.
type: string
nativeLB:
description: |-
NativeLB controls, when creating the load-balancer,
whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
The Kubernetes Service itself does load-balance to the pods.
By default, NativeLB is false.
type: boolean
port:
anyOf:
- type: integer
- type: string
description: |-
Port defines the port of a Kubernetes Service.
This can be a reference to a named port.
x-kubernetes-int-or-string: true
proxyProtocol:
description: |-
ProxyProtocol defines the PROXY protocol configuration.
More info: https://doc.traefik.io/traefik/v2.11/routing/services/#proxy-protocol
properties:
version:
description: Version defines the PROXY Protocol version
to use.
type: integer
type: object
terminationDelay:
description: |-
TerminationDelay defines the deadline that the proxy sets, after one of its connected peers indicates
it has closed the writing capability of its connection, to close the reading capability as well,
hence fully terminating the connection.
It is a duration in milliseconds, defaulting to 100.
A negative value means an infinite deadline (i.e. the reading capability is never closed).
type: integer
weight:
description: Weight defines the weight used when balancing
requests between multiple Kubernetes Service.
type: integer
required:
- name
- port
type: object
type: array
required:
- match
type: object
type: array
tls:
description: |-
TLS defines the TLS configuration on a layer 4 / TCP Route.
More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#tls_1
properties:
certResolver:
description: |-
CertResolver defines the name of the certificate resolver to use.
Cert resolvers have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v2.11/https/acme/#certificate-resolvers
type: string
domains:
description: |-
Domains defines the list of domains that will be used to issue certificates.
More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#domains
items:
description: Domain holds a domain name with SANs.
properties:
main:
description: Main defines the main domain name.
type: string
sans:
description: SANs defines the subject alternative domain
names.
items:
type: string
type: array
type: object
type: array
options:
description: |-
Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
If not defined, the `default` TLSOption is used.
More info: https://doc.traefik.io/traefik/v2.11/https/tls/#tls-options
properties:
name:
description: Name defines the name of the referenced Traefik
resource.
type: string
namespace:
description: Namespace defines the namespace of the referenced
Traefik resource.
type: string
required:
- name
type: object
passthrough:
description: Passthrough defines whether a TLS router will terminate
the TLS connection.
type: boolean
secretName:
description: SecretName is the name of the referenced Kubernetes
Secret to specify the certificate details.
type: string
store:
description: |-
Store defines the reference to the TLSStore, that will be used to store certificates.
Please note that only `default` TLSStore can be used.
properties:
name:
description: Name defines the name of the referenced Traefik
resource.
type: string
namespace:
description: Namespace defines the namespace of the referenced
Traefik resource.
type: string
required:
- name
type: object
type: object
required:
- routes
type: object
required:
- metadata
- spec
type: object
served: true
storage: true

104
charts/traefik/traefik/crds/traefik.containo.us_ingressrouteudps.yaml
View File

@ -1,104 +0,0 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
name: ingressrouteudps.traefik.containo.us
spec:
group: traefik.containo.us
names:
kind: IngressRouteUDP
listKind: IngressRouteUDPList
plural: ingressrouteudps
singular: ingressrouteudp
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: IngressRouteUDP is a CRD implementation of a Traefik UDP Router.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: IngressRouteUDPSpec defines the desired state of a IngressRouteUDP.
properties:
entryPoints:
description: |-
EntryPoints defines the list of entry point names to bind to.
Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v2.11/routing/entrypoints/
Default: all.
items:
type: string
type: array
routes:
description: Routes defines the list of routes.
items:
description: RouteUDP holds the UDP route configuration.
properties:
services:
description: Services defines the list of UDP services.
items:
description: ServiceUDP defines an upstream UDP service to
proxy traffic to.
properties:
name:
description: Name defines the name of the referenced Kubernetes
Service.
type: string
namespace:
description: Namespace defines the namespace of the referenced
Kubernetes Service.
type: string
nativeLB:
description: |-
NativeLB controls, when creating the load-balancer,
whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
The Kubernetes Service itself does load-balance to the pods.
By default, NativeLB is false.
type: boolean
port:
anyOf:
- type: integer
- type: string
description: |-
Port defines the port of a Kubernetes Service.
This can be a reference to a named port.
x-kubernetes-int-or-string: true
weight:
description: Weight defines the weight used when balancing
requests between multiple Kubernetes Service.
type: integer
required:
- name
- port
type: object
type: array
type: object
type: array
required:
- routes
type: object
required:
- metadata
- spec
type: object
served: true
storage: true

980
charts/traefik/traefik/crds/traefik.containo.us_middlewares.yaml
View File

@ -1,980 +0,0 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
name: middlewares.traefik.containo.us
spec:
group: traefik.containo.us
names:
kind: Middleware
listKind: MiddlewareList
plural: middlewares
singular: middleware
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: |-
Middleware is the CRD implementation of a Traefik Middleware.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/overview/
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: MiddlewareSpec defines the desired state of a Middleware.
properties:
addPrefix:
description: |-
AddPrefix holds the add prefix middleware configuration.
This middleware updates the path of a request before forwarding it.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/addprefix/
properties:
prefix:
description: |-
Prefix is the string to add before the current path in the requested URL.
It should include a leading slash (/).
type: string
type: object
basicAuth:
description: |-
BasicAuth holds the basic auth middleware configuration.
This middleware restricts access to your services to known users.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/basicauth/
properties:
headerField:
description: |-
HeaderField defines a header field to store the authenticated user.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/basicauth/#headerfield
type: string
realm:
description: |-
Realm allows the protected resources on a server to be partitioned into a set of protection spaces, each with its own authentication scheme.
Default: traefik.
type: string
removeHeader:
description: |-
RemoveHeader sets the removeHeader option to true to remove the authorization header before forwarding the request to your service.
Default: false.
type: boolean
secret:
description: Secret is the name of the referenced Kubernetes Secret
containing user credentials.
type: string
type: object
buffering:
description: |-
Buffering holds the buffering middleware configuration.
This middleware retries or limits the size of requests that can be forwarded to backends.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/buffering/#maxrequestbodybytes
properties:
maxRequestBodyBytes:
description: |-
MaxRequestBodyBytes defines the maximum allowed body size for the request (in bytes).
If the request exceeds the allowed size, it is not forwarded to the service, and the client gets a 413 (Request Entity Too Large) response.
Default: 0 (no maximum).
format: int64
type: integer
maxResponseBodyBytes:
description: |-
MaxResponseBodyBytes defines the maximum allowed response size from the service (in bytes).
If the response exceeds the allowed size, it is not forwarded to the client. The client gets a 500 (Internal Server Error) response instead.
Default: 0 (no maximum).
format: int64
type: integer
memRequestBodyBytes:
description: |-
MemRequestBodyBytes defines the threshold (in bytes) from which the request will be buffered on disk instead of in memory.
Default: 1048576 (1Mi).
format: int64
type: integer
memResponseBodyBytes:
description: |-
MemResponseBodyBytes defines the threshold (in bytes) from which the response will be buffered on disk instead of in memory.
Default: 1048576 (1Mi).
format: int64
type: integer
retryExpression:
description: |-
RetryExpression defines the retry conditions.
It is a logical combination of functions with operators AND (&&) and OR (||).
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/buffering/#retryexpression
type: string
type: object
chain:
description: |-
Chain holds the configuration of the chain middleware.
This middleware enables to define reusable combinations of other pieces of middleware.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/chain/
properties:
middlewares:
description: Middlewares is the list of MiddlewareRef which composes
the chain.
items:
description: MiddlewareRef is a reference to a Middleware resource.
properties:
name:
description: Name defines the name of the referenced Middleware
resource.
type: string
namespace:
description: Namespace defines the namespace of the referenced
Middleware resource.
type: string
required:
- name
type: object
type: array
type: object
circuitBreaker:
description: CircuitBreaker holds the circuit breaker configuration.
properties:
checkPeriod:
anyOf:
- type: integer
- type: string
description: CheckPeriod is the interval between successive checks
of the circuit breaker condition (when in standby state).
x-kubernetes-int-or-string: true
expression:
description: Expression is the condition that triggers the tripped
state.
type: string
fallbackDuration:
anyOf:
- type: integer
- type: string
description: FallbackDuration is the duration for which the circuit
breaker will wait before trying to recover (from a tripped state).
x-kubernetes-int-or-string: true
recoveryDuration:
anyOf:
- type: integer
- type: string
description: RecoveryDuration is the duration for which the circuit
breaker will try to recover (as soon as it is in recovering
state).
x-kubernetes-int-or-string: true
type: object
compress:
description: |-
Compress holds the compress middleware configuration.
This middleware compresses responses before sending them to the client, using gzip compression.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/compress/
properties:
excludedContentTypes:
description: ExcludedContentTypes defines the list of content
types to compare the Content-Type header of the incoming requests
and responses before compressing.
items:
type: string
type: array
minResponseBodyBytes:
description: |-
MinResponseBodyBytes defines the minimum amount of bytes a response body must have to be compressed.
Default: 1024.
type: integer
type: object
contentType:
description: |-
ContentType holds the content-type middleware configuration.
This middleware exists to enable the correct behavior until at least the default one can be changed in a future version.
properties:
autoDetect:
description: |-
AutoDetect specifies whether to let the `Content-Type` header, if it has not been set by the backend,
be automatically set to a value derived from the contents of the response.
As a proxy, the default behavior should be to leave the header alone, regardless of what the backend did with it.
However, the historic default was to always auto-detect and set the header if it was nil,
and it is going to be kept that way in order to support users currently relying on it.
type: boolean
type: object
digestAuth:
description: |-
DigestAuth holds the digest auth middleware configuration.
This middleware restricts access to your services to known users.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/digestauth/
properties:
headerField:
description: |-
HeaderField defines a header field to store the authenticated user.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/basicauth/#headerfield
type: string
realm:
description: |-
Realm allows the protected resources on a server to be partitioned into a set of protection spaces, each with its own authentication scheme.
Default: traefik.
type: string
removeHeader:
description: RemoveHeader defines whether to remove the authorization
header before forwarding the request to the backend.
type: boolean
secret:
description: Secret is the name of the referenced Kubernetes Secret
containing user credentials.
type: string
type: object
errors:
description: |-
ErrorPage holds the custom error middleware configuration.
This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/errorpages/
properties:
query:
description: |-
Query defines the URL for the error page (hosted by service).
The {status} variable can be used in order to insert the status code in the URL.
type: string
service:
description: |-
Service defines the reference to a Kubernetes Service that will serve the error page.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/errorpages/#service
properties:
kind:
description: Kind defines the kind of the Service.
enum:
- Service
- TraefikService
type: string
name:
description: |-
Name defines the name of the referenced Kubernetes Service or TraefikService.
The differentiation between the two is specified in the Kind field.
type: string
namespace:
description: Namespace defines the namespace of the referenced
Kubernetes Service or TraefikService.
type: string
nativeLB:
description: |-
NativeLB controls, when creating the load-balancer,
whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
The Kubernetes Service itself does load-balance to the pods.
By default, NativeLB is false.
type: boolean
passHostHeader:
description: |-
PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service.
By default, passHostHeader is true.
type: boolean
port:
anyOf:
- type: integer
- type: string
description: |-
Port defines the port of a Kubernetes Service.
This can be a reference to a named port.
x-kubernetes-int-or-string: true
responseForwarding:
description: ResponseForwarding defines how Traefik forwards
the response from the upstream Kubernetes Service to the
client.
properties:
flushInterval:
description: |-
FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body.
A negative value means to flush immediately after each write to the client.
This configuration is ignored when ReverseProxy recognizes a response as a streaming response;
for such responses, writes are flushed to the client immediately.
Default: 100ms
type: string
type: object
scheme:
description: |-
Scheme defines the scheme to use for the request to the upstream Kubernetes Service.
It defaults to https when Kubernetes Service port is 443, http otherwise.
type: string
serversTransport:
description: |-
ServersTransport defines the name of ServersTransport resource to use.
It allows to configure the transport between Traefik and your servers.
Can only be used on a Kubernetes Service.
type: string
sticky:
description: |-
Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions
properties:
cookie:
description: Cookie defines the sticky cookie configuration.
properties:
httpOnly:
description: HTTPOnly defines whether the cookie can
be accessed by client-side APIs, such as JavaScript.
type: boolean
name:
description: Name defines the Cookie name.
type: string
sameSite:
description: |-
SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
type: string
secure:
description: Secure defines whether the cookie can
only be transmitted over an encrypted connection
(i.e. HTTPS).
type: boolean
type: object
type: object
strategy:
description: |-
Strategy defines the load balancing strategy between the servers.
RoundRobin is the only supported value at the moment.
type: string
weight:
description: |-
Weight defines the weight and should only be specified when Name references a TraefikService object
(and to be precise, one that embeds a Weighted Round Robin).
type: integer
required:
- name
type: object
status:
description: |-
Status defines which status or range of statuses should result in an error page.
It can be either a status code as a number (500),
as multiple comma-separated numbers (500,502),
as ranges by separating two codes with a dash (500-599),
or a combination of the two (404,418,500-599).
items:
type: string
type: array
type: object
forwardAuth:
description: |-
ForwardAuth holds the forward auth middleware configuration.
This middleware delegates the request authentication to a Service.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/forwardauth/
properties:
address:
description: Address defines the authentication server address.
type: string
authRequestHeaders:
description: |-
AuthRequestHeaders defines the list of the headers to copy from the request to the authentication server.
If not set or empty then all request headers are passed.
items:
type: string
type: array
authResponseHeaders:
description: AuthResponseHeaders defines the list of headers to
copy from the authentication server response and set on forwarded
request, replacing any existing conflicting headers.
items:
type: string
type: array
authResponseHeadersRegex:
description: |-
AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/forwardauth/#authresponseheadersregex
type: string
tls:
description: TLS defines the configuration used to secure the
connection to the authentication server.
properties:
caOptional:
type: boolean
caSecret:
description: |-
CASecret is the name of the referenced Kubernetes Secret containing the CA to validate the server certificate.
The CA certificate is extracted from key `tls.ca` or `ca.crt`.
type: string
certSecret:
description: |-
CertSecret is the name of the referenced Kubernetes Secret containing the client certificate.
The client certificate is extracted from the keys `tls.crt` and `tls.key`.
type: string
insecureSkipVerify:
description: InsecureSkipVerify defines whether the server
certificates should be validated.
type: boolean
type: object
trustForwardHeader:
description: 'TrustForwardHeader defines whether to trust (ie:
forward) all X-Forwarded-* headers.'
type: boolean
type: object
headers:
description: |-
Headers holds the headers middleware configuration.
This middleware manages the requests and responses headers.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/headers/#customrequestheaders
properties:
accessControlAllowCredentials:
description: AccessControlAllowCredentials defines whether the
request can include user credentials.
type: boolean
accessControlAllowHeaders:
description: AccessControlAllowHeaders defines the Access-Control-Request-Headers
values sent in preflight response.
items:
type: string
type: array
accessControlAllowMethods:
description: AccessControlAllowMethods defines the Access-Control-Request-Method
values sent in preflight response.
items:
type: string
type: array
accessControlAllowOriginList:
description: AccessControlAllowOriginList is a list of allowable
origins. Can also be a wildcard origin "*".
items:
type: string
type: array
accessControlAllowOriginListRegex:
description: AccessControlAllowOriginListRegex is a list of allowable
origins written following the Regular Expression syntax (https://golang.org/pkg/regexp/).
items:
type: string
type: array
accessControlExposeHeaders:
description: AccessControlExposeHeaders defines the Access-Control-Expose-Headers
values sent in preflight response.
items:
type: string
type: array
accessControlMaxAge:
description: AccessControlMaxAge defines the time that a preflight
request may be cached.
format: int64
type: integer
addVaryHeader:
description: AddVaryHeader defines whether the Vary header is
automatically added/updated when the AccessControlAllowOriginList
is set.
type: boolean
allowedHosts:
description: AllowedHosts defines the fully qualified list of
allowed domain names.
items:
type: string
type: array
browserXssFilter:
description: BrowserXSSFilter defines whether to add the X-XSS-Protection
header with the value 1; mode=block.
type: boolean
contentSecurityPolicy:
description: ContentSecurityPolicy defines the Content-Security-Policy
header value.
type: string
contentTypeNosniff:
description: ContentTypeNosniff defines whether to add the X-Content-Type-Options
header with the nosniff value.
type: boolean
customBrowserXSSValue:
description: |-
CustomBrowserXSSValue defines the X-XSS-Protection header value.
This overrides the BrowserXssFilter option.
type: string
customFrameOptionsValue:
description: |-
CustomFrameOptionsValue defines the X-Frame-Options header value.
This overrides the FrameDeny option.
type: string
customRequestHeaders:
additionalProperties:
type: string
description: CustomRequestHeaders defines the header names and
values to apply to the request.
type: object
customResponseHeaders:
additionalProperties:
type: string
description: CustomResponseHeaders defines the header names and
values to apply to the response.
type: object
featurePolicy:
description: 'Deprecated: use PermissionsPolicy instead.'
type: string
forceSTSHeader:
description: ForceSTSHeader defines whether to add the STS header
even when the connection is HTTP.
type: boolean
frameDeny:
description: FrameDeny defines whether to add the X-Frame-Options
header with the DENY value.
type: boolean
hostsProxyHeaders:
description: HostsProxyHeaders defines the header keys that may
hold a proxied hostname value for the request.
items:
type: string
type: array
isDevelopment:
description: |-
IsDevelopment defines whether to mitigate the unwanted effects of the AllowedHosts, SSL, and STS options when developing.
Usually testing takes place using HTTP, not HTTPS, and on localhost, not your production domain.
If you would like your development environment to mimic production with complete Host blocking, SSL redirects,
and STS headers, leave this as false.
type: boolean
permissionsPolicy:
description: |-
PermissionsPolicy defines the Permissions-Policy header value.
This allows sites to control browser features.
type: string
publicKey:
description: PublicKey is the public key that implements HPKP
to prevent MITM attacks with forged certificates.
type: string
referrerPolicy:
description: |-
ReferrerPolicy defines the Referrer-Policy header value.
This allows sites to control whether browsers forward the Referer header to other sites.
type: string
sslForceHost:
description: 'Deprecated: use RedirectRegex instead.'
type: boolean
sslHost:
description: 'Deprecated: use RedirectRegex instead.'
type: string
sslProxyHeaders:
additionalProperties:
type: string
description: |-
SSLProxyHeaders defines the header keys with associated values that would indicate a valid HTTPS request.
It can be useful when using other proxies (example: "X-Forwarded-Proto": "https").
type: object
sslRedirect:
description: 'Deprecated: use EntryPoint redirection or RedirectScheme
instead.'
type: boolean
sslTemporaryRedirect:
description: 'Deprecated: use EntryPoint redirection or RedirectScheme
instead.'
type: boolean
stsIncludeSubdomains:
description: STSIncludeSubdomains defines whether the includeSubDomains
directive is appended to the Strict-Transport-Security header.
type: boolean
stsPreload:
description: STSPreload defines whether the preload flag is appended
to the Strict-Transport-Security header.
type: boolean
stsSeconds:
description: |-
STSSeconds defines the max-age of the Strict-Transport-Security header.
If set to 0, the header is not set.
format: int64
type: integer
type: object
inFlightReq:
description: |-
InFlightReq holds the in-flight request middleware configuration.
This middleware limits the number of requests being processed and served concurrently.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/inflightreq/
properties:
amount:
description: |-
Amount defines the maximum amount of allowed simultaneous in-flight request.
The middleware responds with HTTP 429 Too Many Requests if there are already amount requests in progress (based on the same sourceCriterion strategy).
format: int64
type: integer
sourceCriterion:
description: |-
SourceCriterion defines what criterion is used to group requests as originating from a common source.
If several strategies are defined at the same time, an error will be raised.
If none are set, the default is to use the requestHost.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/inflightreq/#sourcecriterion
properties:
ipStrategy:
description: |-
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy
properties:
depth:
description: Depth tells Traefik to use the X-Forwarded-For
header and take the IP located at the depth position
(starting from the right).
type: integer
excludedIPs:
description: ExcludedIPs configures Traefik to scan the
X-Forwarded-For header and select the first IP not in
the list.
items:
type: string
type: array
type: object
requestHeaderName:
description: RequestHeaderName defines the name of the header
used to group incoming requests.
type: string
requestHost:
description: RequestHost defines whether to consider the request
Host as the source.
type: boolean
type: object
type: object
ipAllowList:
description: |-
IPAllowList holds the IP allowlist middleware configuration.
This middleware accepts / refuses requests based on the client IP.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/
properties:
ipStrategy:
description: |-
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy
properties:
depth:
description: Depth tells Traefik to use the X-Forwarded-For
header and take the IP located at the depth position (starting
from the right).
type: integer
excludedIPs:
description: ExcludedIPs configures Traefik to scan the X-Forwarded-For
header and select the first IP not in the list.
items:
type: string
type: array
type: object
sourceRange:
description: SourceRange defines the set of allowed IPs (or ranges
of allowed IPs by using CIDR notation).
items:
type: string
type: array
type: object
ipWhiteList:
description: |-
IPWhiteList holds the IP whitelist middleware configuration.
This middleware accepts / refuses requests based on the client IP.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipwhitelist/
Deprecated: please use IPAllowList instead.
properties:
ipStrategy:
description: |-
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy
properties:
depth:
description: Depth tells Traefik to use the X-Forwarded-For
header and take the IP located at the depth position (starting
from the right).
type: integer
excludedIPs:
description: ExcludedIPs configures Traefik to scan the X-Forwarded-For
header and select the first IP not in the list.
items:
type: string
type: array
type: object
sourceRange:
description: SourceRange defines the set of allowed IPs (or ranges
of allowed IPs by using CIDR notation).
items:
type: string
type: array
type: object
passTLSClientCert:
description: |-
PassTLSClientCert holds the pass TLS client cert middleware configuration.
This middleware adds the selected data from the passed client TLS certificate to a header.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/passtlsclientcert/
properties:
info:
description: Info selects the specific client certificate details
you want to add to the X-Forwarded-Tls-Client-Cert-Info header.
properties:
issuer:
description: Issuer defines the client certificate issuer
details to add to the X-Forwarded-Tls-Client-Cert-Info header.
properties:
commonName:
description: CommonName defines whether to add the organizationalUnit
information into the issuer.
type: boolean
country:
description: Country defines whether to add the country
information into the issuer.
type: boolean
domainComponent:
description: DomainComponent defines whether to add the
domainComponent information into the issuer.
type: boolean
locality:
description: Locality defines whether to add the locality
information into the issuer.
type: boolean
organization:
description: Organization defines whether to add the organization
information into the issuer.
type: boolean
province:
description: Province defines whether to add the province
information into the issuer.
type: boolean
serialNumber:
description: SerialNumber defines whether to add the serialNumber
information into the issuer.
type: boolean
type: object
notAfter:
description: NotAfter defines whether to add the Not After
information from the Validity part.
type: boolean
notBefore:
description: NotBefore defines whether to add the Not Before
information from the Validity part.
type: boolean
sans:
description: Sans defines whether to add the Subject Alternative
Name information from the Subject Alternative Name part.
type: boolean
serialNumber:
description: SerialNumber defines whether to add the client
serialNumber information.
type: boolean
subject:
description: Subject defines the client certificate subject
details to add to the X-Forwarded-Tls-Client-Cert-Info header.
properties:
commonName:
description: CommonName defines whether to add the organizationalUnit
information into the subject.
type: boolean
country:
description: Country defines whether to add the country
information into the subject.
type: boolean
domainComponent:
description: DomainComponent defines whether to add the
domainComponent information into the subject.
type: boolean
locality:
description: Locality defines whether to add the locality
information into the subject.
type: boolean
organization:
description: Organization defines whether to add the organization
information into the subject.
type: boolean
organizationalUnit:
description: OrganizationalUnit defines whether to add
the organizationalUnit information into the subject.
type: boolean
province:
description: Province defines whether to add the province
information into the subject.
type: boolean
serialNumber:
description: SerialNumber defines whether to add the serialNumber
information into the subject.
type: boolean
type: object
type: object
pem:
description: PEM sets the X-Forwarded-Tls-Client-Cert header with
the certificate.
type: boolean
type: object
plugin:
additionalProperties:
x-kubernetes-preserve-unknown-fields: true
description: |-
Plugin defines the middleware plugin configuration.
More info: https://doc.traefik.io/traefik/plugins/
type: object
rateLimit:
description: |-
RateLimit holds the rate limit configuration.
This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ratelimit/
properties:
average:
description: |-
Average is the maximum rate, by default in requests/s, allowed for the given source.
It defaults to 0, which means no rate limiting.
The rate is actually defined by dividing Average by Period. So for a rate below 1req/s,
one needs to define a Period larger than a second.
format: int64
type: integer
burst:
description: |-
Burst is the maximum number of requests allowed to arrive in the same arbitrarily small period of time.
It defaults to 1.
format: int64
type: integer
period:
anyOf:
- type: integer
- type: string
description: |-
Period, in combination with Average, defines the actual maximum rate, such as:
r = Average / Period. It defaults to a second.
x-kubernetes-int-or-string: true
sourceCriterion:
description: |-
SourceCriterion defines what criterion is used to group requests as originating from a common source.
If several strategies are defined at the same time, an error will be raised.
If none are set, the default is to use the request's remote address field (as an ipStrategy).
properties:
ipStrategy:
description: |-
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy
properties:
depth:
description: Depth tells Traefik to use the X-Forwarded-For
header and take the IP located at the depth position
(starting from the right).
type: integer
excludedIPs:
description: ExcludedIPs configures Traefik to scan the
X-Forwarded-For header and select the first IP not in
the list.
items:
type: string
type: array
type: object
requestHeaderName:
description: RequestHeaderName defines the name of the header
used to group incoming requests.
type: string
requestHost:
description: RequestHost defines whether to consider the request
Host as the source.
type: boolean
type: object
type: object
redirectRegex:
description: |-
RedirectRegex holds the redirect regex middleware configuration.
This middleware redirects a request using regex matching and replacement.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/redirectregex/#regex
properties:
permanent:
description: Permanent defines whether the redirection is permanent
(301).
type: boolean
regex:
description: Regex defines the regex used to match and capture
elements from the request URL.
type: string
replacement:
description: Replacement defines how to modify the URL to have
the new target URL.
type: string
type: object
redirectScheme:
description: |-
RedirectScheme holds the redirect scheme middleware configuration.
This middleware redirects requests from a scheme/port to another.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/redirectscheme/
properties:
permanent:
description: Permanent defines whether the redirection is permanent
(301).
type: boolean
port:
description: Port defines the port of the new URL.
type: string
scheme:
description: Scheme defines the scheme of the new URL.
type: string
type: object
replacePath:
description: |-
ReplacePath holds the replace path middleware configuration.
This middleware replaces the path of the request URL and store the original path in an X-Replaced-Path header.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/replacepath/
properties:
path:
description: Path defines the path to use as replacement in the
request URL.
type: string
type: object
replacePathRegex:
description: |-
ReplacePathRegex holds the replace path regex middleware configuration.
This middleware replaces the path of a URL using regex matching and replacement.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/replacepathregex/
properties:
regex:
description: Regex defines the regular expression used to match
and capture the path from the request URL.
type: string
replacement:
description: Replacement defines the replacement path format,
which can include captured variables.
type: string
type: object
retry:
description: |-
Retry holds the retry middleware configuration.
This middleware reissues requests a given number of times to a backend server if that server does not reply.
As soon as the server answers, the middleware stops retrying, regardless of the response status.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/retry/
properties:
attempts:
description: Attempts defines how many times the request should
be retried.
type: integer
initialInterval:
anyOf:
- type: integer
- type: string
description: |-
InitialInterval defines the first wait time in the exponential backoff series.
The maximum interval is calculated as twice the initialInterval.
If unspecified, requests will be retried immediately.
The value of initialInterval should be provided in seconds or as a valid duration format,
see https://pkg.go.dev/time#ParseDuration.
x-kubernetes-int-or-string: true
type: object
stripPrefix:
description: |-
StripPrefix holds the strip prefix middleware configuration.
This middleware removes the specified prefixes from the URL path.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/stripprefix/
properties:
forceSlash:
description: |-
ForceSlash ensures that the resulting stripped path is not the empty string, by replacing it with / when necessary.
Default: true.
type: boolean
prefixes:
description: Prefixes defines the prefixes to strip from the request
URL.
items:
type: string
type: array
type: object
stripPrefixRegex:
description: |-
StripPrefixRegex holds the strip prefix regex middleware configuration.
This middleware removes the matching prefixes from the URL path.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/stripprefixregex/
properties:
regex:
description: Regex defines the regular expression to match the
path prefix from the request URL.
items:
type: string
type: array
type: object
type: object
required:
- metadata
- spec
type: object
served: true
storage: true

87
charts/traefik/traefik/crds/traefik.containo.us_middlewaretcps.yaml
View File

@ -1,87 +0,0 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
name: middlewaretcps.traefik.containo.us
spec:
group: traefik.containo.us
names:
kind: MiddlewareTCP
listKind: MiddlewareTCPList
plural: middlewaretcps
singular: middlewaretcp
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: |-
MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/overview/
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: MiddlewareTCPSpec defines the desired state of a MiddlewareTCP.
properties:
inFlightConn:
description: InFlightConn defines the InFlightConn middleware configuration.
properties:
amount:
description: |-
Amount defines the maximum amount of allowed simultaneous connections.
The middleware closes the connection if there are already amount connections opened.
format: int64
type: integer
type: object
ipAllowList:
description: |-
IPAllowList defines the IPAllowList middleware configuration.
This middleware accepts/refuses connections based on the client IP.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/tcp/ipallowlist/
properties:
sourceRange:
description: SourceRange defines the allowed IPs (or ranges of
allowed IPs by using CIDR notation).
items:
type: string
type: array
type: object
ipWhiteList:
description: |-
IPWhiteList defines the IPWhiteList middleware configuration.
This middleware accepts/refuses connections based on the client IP.
Deprecated: please use IPAllowList instead.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/tcp/ipwhitelist/
properties:
sourceRange:
description: SourceRange defines the allowed IPs (or ranges of
allowed IPs by using CIDR notation).
items:
type: string
type: array
type: object
type: object
required:
- metadata
- spec
type: object
served: true
storage: true

126
charts/traefik/traefik/crds/traefik.containo.us_serverstransports.yaml
View File

@ -1,126 +0,0 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
name: serverstransports.traefik.containo.us
spec:
group: traefik.containo.us
names:
kind: ServersTransport
listKind: ServersTransportList
plural: serverstransports
singular: serverstransport
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: |-
ServersTransport is the CRD implementation of a ServersTransport.
If no serversTransport is specified, the default@internal will be used.
The default@internal serversTransport is created from the static configuration.
More info: https://doc.traefik.io/traefik/v2.11/routing/services/#serverstransport_1
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: ServersTransportSpec defines the desired state of a ServersTransport.
properties:
certificatesSecrets:
description: CertificatesSecrets defines a list of secret storing
client certificates for mTLS.
items:
type: string
type: array
disableHTTP2:
description: DisableHTTP2 disables HTTP/2 for connections with backend
servers.
type: boolean
forwardingTimeouts:
description: ForwardingTimeouts defines the timeouts for requests
forwarded to the backend servers.
properties:
dialTimeout:
anyOf:
- type: integer
- type: string
description: DialTimeout is the amount of time to wait until a
connection to a backend server can be established.
x-kubernetes-int-or-string: true
idleConnTimeout:
anyOf:
- type: integer
- type: string
description: IdleConnTimeout is the maximum period for which an
idle HTTP keep-alive connection will remain open before closing
itself.
x-kubernetes-int-or-string: true
pingTimeout:
anyOf:
- type: integer
- type: string
description: PingTimeout is the timeout after which the HTTP/2
connection will be closed if a response to ping is not received.
x-kubernetes-int-or-string: true
readIdleTimeout:
anyOf:
- type: integer
- type: string
description: ReadIdleTimeout is the timeout after which a health
check using ping frame will be carried out if no frame is received
on the HTTP/2 connection.
x-kubernetes-int-or-string: true
responseHeaderTimeout:
anyOf:
- type: integer
- type: string
description: ResponseHeaderTimeout is the amount of time to wait
for a server's response headers after fully writing the request
(including its body, if any).
x-kubernetes-int-or-string: true
type: object
insecureSkipVerify:
description: InsecureSkipVerify disables SSL certificate verification.
type: boolean
maxIdleConnsPerHost:
description: MaxIdleConnsPerHost controls the maximum idle (keep-alive)
to keep per-host.
type: integer
peerCertURI:
description: PeerCertURI defines the peer cert URI used to match against
SAN URI during the peer certificate verification.
type: string
rootCAsSecrets:
description: RootCAsSecrets defines a list of CA secret used to validate
self-signed certificate.
items:
type: string
type: array
serverName:
description: ServerName defines the server name used to contact the
server.
type: string
type: object
required:
- metadata
- spec
type: object
served: true
storage: true

114
charts/traefik/traefik/crds/traefik.containo.us_tlsoptions.yaml
View File

@ -1,114 +0,0 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
name: tlsoptions.traefik.containo.us
spec:
group: traefik.containo.us
names:
kind: TLSOption
listKind: TLSOptionList
plural: tlsoptions
singular: tlsoption
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: |-
TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection.
More info: https://doc.traefik.io/traefik/v2.11/https/tls/#tls-options
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: TLSOptionSpec defines the desired state of a TLSOption.
properties:
alpnProtocols:
description: |-
ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference.
More info: https://doc.traefik.io/traefik/v2.11/https/tls/#alpn-protocols
items:
type: string
type: array
cipherSuites:
description: |-
CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2.
More info: https://doc.traefik.io/traefik/v2.11/https/tls/#cipher-suites
items:
type: string
type: array
clientAuth:
description: ClientAuth defines the server's policy for TLS Client
Authentication.
properties:
clientAuthType:
description: ClientAuthType defines the client authentication
type to apply.
enum:
- NoClientCert
- RequestClientCert
- RequireAnyClientCert
- VerifyClientCertIfGiven
- RequireAndVerifyClientCert
type: string
secretNames:
description: SecretNames defines the names of the referenced Kubernetes
Secret storing certificate details.
items:
type: string
type: array
type: object
curvePreferences:
description: |-
CurvePreferences defines the preferred elliptic curves in a specific order.
More info: https://doc.traefik.io/traefik/v2.11/https/tls/#curve-preferences
items:
type: string
type: array
maxVersion:
description: |-
MaxVersion defines the maximum TLS version that Traefik will accept.
Possible values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13.
Default: None.
type: string
minVersion:
description: |-
MinVersion defines the minimum TLS version that Traefik will accept.
Possible values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13.
Default: VersionTLS10.
type: string
preferServerCipherSuites:
description: |-
PreferServerCipherSuites defines whether the server chooses a cipher suite among his own instead of among the client's.
It is enabled automatically when minVersion or maxVersion is set.
Deprecated: https://github.com/golang/go/issues/45430
type: boolean
sniStrict:
description: SniStrict defines whether Traefik allows connections
from clients connections that do not specify a server_name extension.
type: boolean
type: object
required:
- metadata
- spec
type: object
served: true
storage: true

97
charts/traefik/traefik/crds/traefik.containo.us_tlsstores.yaml
View File

@ -1,97 +0,0 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
name: tlsstores.traefik.containo.us
spec:
group: traefik.containo.us
names:
kind: TLSStore
listKind: TLSStoreList
plural: tlsstores
singular: tlsstore
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: |-
TLSStore is the CRD implementation of a Traefik TLS Store.
For the time being, only the TLSStore named default is supported.
This means that you cannot have two stores that are named default in different Kubernetes namespaces.
More info: https://doc.traefik.io/traefik/v2.11/https/tls/#certificates-stores
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: TLSStoreSpec defines the desired state of a TLSStore.
properties:
certificates:
description: Certificates is a list of secret names, each secret holding
a key/certificate pair to add to the store.
items:
description: Certificate holds a secret name for the TLSStore resource.
properties:
secretName:
description: SecretName is the name of the referenced Kubernetes
Secret to specify the certificate details.
type: string
required:
- secretName
type: object
type: array
defaultCertificate:
description: DefaultCertificate defines the default certificate configuration.
properties:
secretName:
description: SecretName is the name of the referenced Kubernetes
Secret to specify the certificate details.
type: string
required:
- secretName
type: object
defaultGeneratedCert:
description: DefaultGeneratedCert defines the default generated certificate
configuration.
properties:
domain:
description: Domain is the domain definition for the DefaultCertificate.
properties:
main:
description: Main defines the main domain name.
type: string
sans:
description: SANs defines the subject alternative domain names.
items:
type: string
type: array
type: object
resolver:
description: Resolver is the name of the resolver that will be
used to issue the DefaultCertificate.
type: string
type: object
type: object
required:
- metadata
- spec
type: object
served: true
storage: true

411
charts/traefik/traefik/crds/traefik.containo.us_traefikservices.yaml
View File

@ -1,411 +0,0 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
name: traefikservices.traefik.containo.us
spec:
group: traefik.containo.us
names:
kind: TraefikService
listKind: TraefikServiceList
plural: traefikservices
singular: traefikservice
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: |-
TraefikService is the CRD implementation of a Traefik Service.
TraefikService object allows to:
- Apply weight to Services on load-balancing
- Mirror traffic on services
More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-traefikservice
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: TraefikServiceSpec defines the desired state of a TraefikService.
properties:
mirroring:
description: Mirroring defines the Mirroring service configuration.
properties:
kind:
description: Kind defines the kind of the Service.
enum:
- Service
- TraefikService
type: string
maxBodySize:
description: |-
MaxBodySize defines the maximum size allowed for the body of the request.
If the body is larger, the request is not mirrored.
Default value is -1, which means unlimited size.
format: int64
type: integer
mirrors:
description: Mirrors defines the list of mirrors where Traefik
will duplicate the traffic.
items:
description: MirrorService holds the mirror configuration.
properties:
kind:
description: Kind defines the kind of the Service.
enum:
- Service
- TraefikService
type: string
name:
description: |-
Name defines the name of the referenced Kubernetes Service or TraefikService.
The differentiation between the two is specified in the Kind field.
type: string
namespace:
description: Namespace defines the namespace of the referenced
Kubernetes Service or TraefikService.
type: string
nativeLB:
description: |-
NativeLB controls, when creating the load-balancer,
whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
The Kubernetes Service itself does load-balance to the pods.
By default, NativeLB is false.
type: boolean
passHostHeader:
description: |-
PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service.
By default, passHostHeader is true.
type: boolean
percent:
description: |-
Percent defines the part of the traffic to mirror.
Supported values: 0 to 100.
type: integer
port:
anyOf:
- type: integer
- type: string
description: |-
Port defines the port of a Kubernetes Service.
This can be a reference to a named port.
x-kubernetes-int-or-string: true
responseForwarding:
description: ResponseForwarding defines how Traefik forwards
the response from the upstream Kubernetes Service to the
client.
properties:
flushInterval:
description: |-
FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body.
A negative value means to flush immediately after each write to the client.
This configuration is ignored when ReverseProxy recognizes a response as a streaming response;
for such responses, writes are flushed to the client immediately.
Default: 100ms
type: string
type: object
scheme:
description: |-
Scheme defines the scheme to use for the request to the upstream Kubernetes Service.
It defaults to https when Kubernetes Service port is 443, http otherwise.
type: string
serversTransport:
description: |-
ServersTransport defines the name of ServersTransport resource to use.
It allows to configure the transport between Traefik and your servers.
Can only be used on a Kubernetes Service.
type: string
sticky:
description: |-
Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions
properties:
cookie:
description: Cookie defines the sticky cookie configuration.
properties:
httpOnly:
description: HTTPOnly defines whether the cookie
can be accessed by client-side APIs, such as JavaScript.
type: boolean
name:
description: Name defines the Cookie name.
type: string
sameSite:
description: |-
SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
type: string
secure:
description: Secure defines whether the cookie can
only be transmitted over an encrypted connection
(i.e. HTTPS).
type: boolean
type: object
type: object
strategy:
description: |-
Strategy defines the load balancing strategy between the servers.
RoundRobin is the only supported value at the moment.
type: string
weight:
description: |-
Weight defines the weight and should only be specified when Name references a TraefikService object
(and to be precise, one that embeds a Weighted Round Robin).
type: integer
required:
- name
type: object
type: array
name:
description: |-
Name defines the name of the referenced Kubernetes Service or TraefikService.
The differentiation between the two is specified in the Kind field.
type: string
namespace:
description: Namespace defines the namespace of the referenced
Kubernetes Service or TraefikService.
type: string
nativeLB:
description: |-
NativeLB controls, when creating the load-balancer,
whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
The Kubernetes Service itself does load-balance to the pods.
By default, NativeLB is false.
type: boolean
passHostHeader:
description: |-
PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service.
By default, passHostHeader is true.
type: boolean
port:
anyOf:
- type: integer
- type: string
description: |-
Port defines the port of a Kubernetes Service.
This can be a reference to a named port.
x-kubernetes-int-or-string: true
responseForwarding:
description: ResponseForwarding defines how Traefik forwards the
response from the upstream Kubernetes Service to the client.
properties:
flushInterval:
description: |-
FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body.
A negative value means to flush immediately after each write to the client.
This configuration is ignored when ReverseProxy recognizes a response as a streaming response;
for such responses, writes are flushed to the client immediately.
Default: 100ms
type: string
type: object
scheme:
description: |-
Scheme defines the scheme to use for the request to the upstream Kubernetes Service.
It defaults to https when Kubernetes Service port is 443, http otherwise.
type: string
serversTransport:
description: |-
ServersTransport defines the name of ServersTransport resource to use.
It allows to configure the transport between Traefik and your servers.
Can only be used on a Kubernetes Service.
type: string
sticky:
description: |-
Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions
properties:
cookie:
description: Cookie defines the sticky cookie configuration.
properties:
httpOnly:
description: HTTPOnly defines whether the cookie can be
accessed by client-side APIs, such as JavaScript.
type: boolean
name:
description: Name defines the Cookie name.
type: string
sameSite:
description: |-
SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
type: string
secure:
description: Secure defines whether the cookie can only
be transmitted over an encrypted connection (i.e. HTTPS).
type: boolean
type: object
type: object
strategy:
description: |-
Strategy defines the load balancing strategy between the servers.
RoundRobin is the only supported value at the moment.
type: string
weight:
description: |-
Weight defines the weight and should only be specified when Name references a TraefikService object
(and to be precise, one that embeds a Weighted Round Robin).
type: integer
required:
- name
type: object
weighted:
description: Weighted defines the Weighted Round Robin configuration.
properties:
services:
description: Services defines the list of Kubernetes Service and/or
TraefikService to load-balance, with weight.
items:
description: Service defines an upstream HTTP service to proxy
traffic to.
properties:
kind:
description: Kind defines the kind of the Service.
enum:
- Service
- TraefikService
type: string
name:
description: |-
Name defines the name of the referenced Kubernetes Service or TraefikService.
The differentiation between the two is specified in the Kind field.
type: string
namespace:
description: Namespace defines the namespace of the referenced
Kubernetes Service or TraefikService.
type: string
nativeLB:
description: |-
NativeLB controls, when creating the load-balancer,
whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
The Kubernetes Service itself does load-balance to the pods.
By default, NativeLB is false.
type: boolean
passHostHeader:
description: |-
PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service.
By default, passHostHeader is true.
type: boolean
port:
anyOf:
- type: integer
- type: string
description: |-
Port defines the port of a Kubernetes Service.
This can be a reference to a named port.
x-kubernetes-int-or-string: true
responseForwarding:
description: ResponseForwarding defines how Traefik forwards
the response from the upstream Kubernetes Service to the
client.
properties:
flushInterval:
description: |-
FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body.
A negative value means to flush immediately after each write to the client.
This configuration is ignored when ReverseProxy recognizes a response as a streaming response;
for such responses, writes are flushed to the client immediately.
Default: 100ms
type: string
type: object
scheme:
description: |-
Scheme defines the scheme to use for the request to the upstream Kubernetes Service.
It defaults to https when Kubernetes Service port is 443, http otherwise.
type: string
serversTransport:
description: |-
ServersTransport defines the name of ServersTransport resource to use.
It allows to configure the transport between Traefik and your servers.
Can only be used on a Kubernetes Service.
type: string
sticky:
description: |-
Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions
properties:
cookie:
description: Cookie defines the sticky cookie configuration.
properties:
httpOnly:
description: HTTPOnly defines whether the cookie
can be accessed by client-side APIs, such as JavaScript.
type: boolean
name:
description: Name defines the Cookie name.
type: string
sameSite:
description: |-
SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
type: string
secure:
description: Secure defines whether the cookie can
only be transmitted over an encrypted connection
(i.e. HTTPS).
type: boolean
type: object
type: object
strategy:
description: |-
Strategy defines the load balancing strategy between the servers.
RoundRobin is the only supported value at the moment.
type: string
weight:
description: |-
Weight defines the weight and should only be specified when Name references a TraefikService object
(and to be precise, one that embeds a Weighted Round Robin).
type: integer
required:
- name
type: object
type: array
sticky:
description: |-
Sticky defines whether sticky sessions are enabled.
More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#stickiness-and-load-balancing
properties:
cookie:
description: Cookie defines the sticky cookie configuration.
properties:
httpOnly:
description: HTTPOnly defines whether the cookie can be
accessed by client-side APIs, such as JavaScript.
type: boolean
name:
description: Name defines the Cookie name.
type: string
sameSite:
description: |-
SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
type: string
secure:
description: Secure defines whether the cookie can only
be transmitted over an encrypted connection (i.e. HTTPS).
type: boolean
type: object
type: object
type: object
type: object
required:
- metadata
- spec
type: object
served: true
storage: true

37
charts/traefik/traefik/crds/traefik.io_ingressroutes.yaml
View File

@ -43,7 +43,7 @@ spec:
description: |-
EntryPoints defines the list of entry point names to bind to.
Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v2.11/routing/entrypoints/
More info: https://doc.traefik.io/traefik/v3.0/routing/entrypoints/
Default: all.
items:
type: string
@ -63,12 +63,12 @@ spec:
match:
description: |-
Match defines the router's rule.
More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#rule
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rule
type: string
middlewares:
description: |-
Middlewares defines the list of references to Middleware resources.
More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-middleware
More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-middleware
items:
description: MiddlewareRef is a reference to a Middleware
resource.
@ -88,7 +88,7 @@ spec:
priority:
description: |-
Priority defines the router's priority.
More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#priority
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#priority
type: integer
services:
description: |-
@ -161,7 +161,7 @@ spec:
sticky:
description: |-
Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions
properties:
cookie:
description: Cookie defines the sticky cookie configuration.
@ -171,6 +171,12 @@ spec:
can be accessed by client-side APIs, such as
JavaScript.
type: boolean
maxAge:
description: |-
MaxAge indicates the number of seconds until the cookie expires.
When set to a negative number, the cookie expires immediately.
When set to zero, the cookie never expires.
type: integer
name:
description: Name defines the Cookie name.
type: string
@ -200,6 +206,11 @@ spec:
- name
type: object
type: array
syntax:
description: |-
Syntax defines the router's rule syntax.
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rulesyntax
type: string
required:
- kind
- match
@ -208,18 +219,18 @@ spec:
tls:
description: |-
TLS defines the TLS configuration.
More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#tls
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#tls
properties:
certResolver:
description: |-
CertResolver defines the name of the certificate resolver to use.
Cert resolvers have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v2.11/https/acme/#certificate-resolvers
More info: https://doc.traefik.io/traefik/v3.0/https/acme/#certificate-resolvers
type: string
domains:
description: |-
Domains defines the list of domains that will be used to issue certificates.
More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#domains
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#domains
items:
description: Domain holds a domain name with SANs.
properties:
@ -238,17 +249,17 @@ spec:
description: |-
Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
If not defined, the `default` TLSOption is used.
More info: https://doc.traefik.io/traefik/v2.11/https/tls/#tls-options
More info: https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options
properties:
name:
description: |-
Name defines the name of the referenced TLSOption.
More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsoption
More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsoption
type: string
namespace:
description: |-
Namespace defines the namespace of the referenced TLSOption.
More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsoption
More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsoption
type: string
required:
- name
@ -265,12 +276,12 @@ spec:
name:
description: |-
Name defines the name of the referenced TLSStore.
More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsstore
More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsstore
type: string
namespace:
description: |-
Namespace defines the namespace of the referenced TLSStore.
More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsstore
More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsstore
type: string
required:
- name

32
charts/traefik/traefik/crds/traefik.io_ingressroutetcps.yaml
View File

@ -43,7 +43,7 @@ spec:
description: |-
EntryPoints defines the list of entry point names to bind to.
Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v2.11/routing/entrypoints/
More info: https://doc.traefik.io/traefik/v3.0/routing/entrypoints/
Default: all.
items:
type: string
@ -56,7 +56,7 @@ spec:
match:
description: |-
Match defines the router's rule.
More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#rule_1
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rule_1
type: string
middlewares:
description: Middlewares defines the list of references to MiddlewareTCP
@ -80,7 +80,7 @@ spec:
priority:
description: |-
Priority defines the router's priority.
More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#priority_1
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#priority_1
type: integer
services:
description: Services defines the list of TCP services.
@ -114,13 +114,19 @@ spec:
proxyProtocol:
description: |-
ProxyProtocol defines the PROXY protocol configuration.
More info: https://doc.traefik.io/traefik/v2.11/routing/services/#proxy-protocol
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#proxy-protocol
properties:
version:
description: Version defines the PROXY Protocol version
to use.
type: integer
type: object
serversTransport:
description: |-
ServersTransport defines the name of ServersTransportTCP resource to use.
It allows to configure the transport between Traefik and your servers.
Can only be used on a Kubernetes Service.
type: string
terminationDelay:
description: |-
TerminationDelay defines the deadline that the proxy sets, after one of its connected peers indicates
@ -128,7 +134,12 @@ spec:
hence fully terminating the connection.
It is a duration in milliseconds, defaulting to 100.
A negative value means an infinite deadline (i.e. the reading capability is never closed).
Deprecated: TerminationDelay is not supported APIVersion traefik.io/v1, please use ServersTransport to configure the TerminationDelay instead.
type: integer
tls:
description: TLS determines whether to use TLS when dialing
with the backend.
type: boolean
weight:
description: Weight defines the weight used when balancing
requests between multiple Kubernetes Service.
@ -138,6 +149,11 @@ spec:
- port
type: object
type: array
syntax:
description: |-
Syntax defines the router's rule syntax.
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rulesyntax_1
type: string
required:
- match
type: object
@ -145,18 +161,18 @@ spec:
tls:
description: |-
TLS defines the TLS configuration on a layer 4 / TCP Route.
More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#tls_1
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#tls_1
properties:
certResolver:
description: |-
CertResolver defines the name of the certificate resolver to use.
Cert resolvers have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v2.11/https/acme/#certificate-resolvers
More info: https://doc.traefik.io/traefik/v3.0/https/acme/#certificate-resolvers
type: string
domains:
description: |-
Domains defines the list of domains that will be used to issue certificates.
More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#domains
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#domains
items:
description: Domain holds a domain name with SANs.
properties:
@ -175,7 +191,7 @@ spec:
description: |-
Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
If not defined, the `default` TLSOption is used.
More info: https://doc.traefik.io/traefik/v2.11/https/tls/#tls-options
More info: https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options
properties:
name:
description: Name defines the name of the referenced Traefik

2
charts/traefik/traefik/crds/traefik.io_ingressrouteudps.yaml
View File

@ -43,7 +43,7 @@ spec:
description: |-
EntryPoints defines the list of entry point names to bind to.
Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v2.11/routing/entrypoints/
More info: https://doc.traefik.io/traefik/v3.0/routing/entrypoints/
Default: all.
items:
type: string

137
charts/traefik/traefik/crds/traefik.io_middlewares.yaml
View File

@ -19,7 +19,7 @@ spec:
openAPIV3Schema:
description: |-
Middleware is the CRD implementation of a Traefik Middleware.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/overview/
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/overview/
properties:
apiVersion:
description: |-
@ -45,7 +45,7 @@ spec:
description: |-
AddPrefix holds the add prefix middleware configuration.
This middleware updates the path of a request before forwarding it.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/addprefix/
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/addprefix/
properties:
prefix:
description: |-
@ -57,12 +57,12 @@ spec:
description: |-
BasicAuth holds the basic auth middleware configuration.
This middleware restricts access to your services to known users.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/basicauth/
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/
properties:
headerField:
description: |-
HeaderField defines a header field to store the authenticated user.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/basicauth/#headerfield
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/#headerfield
type: string
realm:
description: |-
@ -83,7 +83,7 @@ spec:
description: |-
Buffering holds the buffering middleware configuration.
This middleware retries or limits the size of requests that can be forwarded to backends.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/buffering/#maxrequestbodybytes
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/buffering/#maxrequestbodybytes
properties:
maxRequestBodyBytes:
description: |-
@ -115,14 +115,14 @@ spec:
description: |-
RetryExpression defines the retry conditions.
It is a logical combination of functions with operators AND (&&) and OR (||).
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/buffering/#retryexpression
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/buffering/#retryexpression
type: string
type: object
chain:
description: |-
Chain holds the configuration of the chain middleware.
This middleware enables to define reusable combinations of other pieces of middleware.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/chain/
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/chain/
properties:
middlewares:
description: Middlewares is the list of MiddlewareRef which composes
@ -177,12 +177,19 @@ spec:
description: |-
Compress holds the compress middleware configuration.
This middleware compresses responses before sending them to the client, using gzip compression.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/compress/
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/compress/
properties:
excludedContentTypes:
description: ExcludedContentTypes defines the list of content
types to compare the Content-Type header of the incoming requests
and responses before compressing.
description: |-
ExcludedContentTypes defines the list of content types to compare the Content-Type header of the incoming requests and responses before compressing.
`application/grpc` is always excluded.
items:
type: string
type: array
includedContentTypes:
description: IncludedContentTypes defines the list of content
types to compare the Content-Type header of the responses before
compressing.
items:
type: string
type: array
@ -201,21 +208,19 @@ spec:
description: |-
AutoDetect specifies whether to let the `Content-Type` header, if it has not been set by the backend,
be automatically set to a value derived from the contents of the response.
As a proxy, the default behavior should be to leave the header alone, regardless of what the backend did with it.
However, the historic default was to always auto-detect and set the header if it was nil,
and it is going to be kept that way in order to support users currently relying on it.
Deprecated: AutoDetect option is deprecated, Content-Type middleware is only meant to be used to enable the content-type detection, please remove any usage of this option.
type: boolean
type: object
digestAuth:
description: |-
DigestAuth holds the digest auth middleware configuration.
This middleware restricts access to your services to known users.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/digestauth/
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/digestauth/
properties:
headerField:
description: |-
HeaderField defines a header field to store the authenticated user.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/basicauth/#headerfield
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/#headerfield
type: string
realm:
description: |-
@ -235,7 +240,7 @@ spec:
description: |-
ErrorPage holds the custom error middleware configuration.
This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/errorpages/
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/errorpages/
properties:
query:
description: |-
@ -245,7 +250,7 @@ spec:
service:
description: |-
Service defines the reference to a Kubernetes Service that will serve the error page.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/errorpages/#service
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/errorpages/#service
properties:
kind:
description: Kind defines the kind of the Service.
@ -310,7 +315,7 @@ spec:
sticky:
description: |-
Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions
properties:
cookie:
description: Cookie defines the sticky cookie configuration.
@ -319,6 +324,12 @@ spec:
description: HTTPOnly defines whether the cookie can
be accessed by client-side APIs, such as JavaScript.
type: boolean
maxAge:
description: |-
MaxAge indicates the number of seconds until the cookie expires.
When set to a negative number, the cookie expires immediately.
When set to zero, the cookie never expires.
type: integer
name:
description: Name defines the Cookie name.
type: string
@ -362,8 +373,14 @@ spec:
description: |-
ForwardAuth holds the forward auth middleware configuration.
This middleware delegates the request authentication to a Service.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/forwardauth/
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/forwardauth/
properties:
addAuthCookiesToResponse:
description: AddAuthCookiesToResponse defines the list of cookies
to copy from the authentication server response to the response.
items:
type: string
type: array
address:
description: Address defines the authentication server address.
type: string
@ -384,13 +401,15 @@ spec:
authResponseHeadersRegex:
description: |-
AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/forwardauth/#authresponseheadersregex
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/forwardauth/#authresponseheadersregex
type: string
tls:
description: TLS defines the configuration used to secure the
connection to the authentication server.
properties:
caOptional:
description: 'Deprecated: TLS client authentication is a server
side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634).'
type: boolean
caSecret:
description: |-
@ -412,11 +431,24 @@ spec:
forward) all X-Forwarded-* headers.'
type: boolean
type: object
grpcWeb:
description: |-
GrpcWeb holds the gRPC web middleware configuration.
This middleware converts a gRPC web request to an HTTP/2 gRPC request.
properties:
allowOrigins:
description: |-
AllowOrigins is a list of allowable origins.
Can also be a wildcard origin "*".
items:
type: string
type: array
type: object
headers:
description: |-
Headers holds the headers middleware configuration.
This middleware manages the requests and responses headers.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/headers/#customrequestheaders
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/headers/#customrequestheaders
properties:
accessControlAllowCredentials:
description: AccessControlAllowCredentials defines whether the
@ -503,7 +535,8 @@ spec:
values to apply to the response.
type: object
featurePolicy:
description: 'Deprecated: use PermissionsPolicy instead.'
description: 'Deprecated: FeaturePolicy option is deprecated,
please use PermissionsPolicy instead.'
type: string
forceSTSHeader:
description: ForceSTSHeader defines whether to add the STS header
@ -541,10 +574,12 @@ spec:
This allows sites to control whether browsers forward the Referer header to other sites.
type: string
sslForceHost:
description: 'Deprecated: use RedirectRegex instead.'
description: 'Deprecated: SSLForceHost option is deprecated, please
use RedirectRegex instead.'
type: boolean
sslHost:
description: 'Deprecated: use RedirectRegex instead.'
description: 'Deprecated: SSLHost option is deprecated, please
use RedirectRegex instead.'
type: string
sslProxyHeaders:
additionalProperties:
@ -554,12 +589,12 @@ spec:
It can be useful when using other proxies (example: "X-Forwarded-Proto": "https").
type: object
sslRedirect:
description: 'Deprecated: use EntryPoint redirection or RedirectScheme
instead.'
description: 'Deprecated: SSLRedirect option is deprecated, please
use EntryPoint redirection or RedirectScheme instead.'
type: boolean
sslTemporaryRedirect:
description: 'Deprecated: use EntryPoint redirection or RedirectScheme
instead.'
description: 'Deprecated: SSLTemporaryRedirect option is deprecated,
please use EntryPoint redirection or RedirectScheme instead.'
type: boolean
stsIncludeSubdomains:
description: STSIncludeSubdomains defines whether the includeSubDomains
@ -580,7 +615,7 @@ spec:
description: |-
InFlightReq holds the in-flight request middleware configuration.
This middleware limits the number of requests being processed and served concurrently.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/inflightreq/
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/inflightreq/
properties:
amount:
description: |-
@ -593,12 +628,12 @@ spec:
SourceCriterion defines what criterion is used to group requests as originating from a common source.
If several strategies are defined at the same time, an error will be raised.
If none are set, the default is to use the requestHost.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/inflightreq/#sourcecriterion
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/inflightreq/#sourcecriterion
properties:
ipStrategy:
description: |-
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy
properties:
depth:
description: Depth tells Traefik to use the X-Forwarded-For
@ -627,12 +662,12 @@ spec:
description: |-
IPAllowList holds the IP allowlist middleware configuration.
This middleware accepts / refuses requests based on the client IP.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/
properties:
ipStrategy:
description: |-
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy
properties:
depth:
description: Depth tells Traefik to use the X-Forwarded-For
@ -646,6 +681,11 @@ spec:
type: string
type: array
type: object
rejectStatusCode:
description: |-
RejectStatusCode defines the HTTP status code used for refused requests.
If not set, the default is 403 (Forbidden).
type: integer
sourceRange:
description: SourceRange defines the set of allowed IPs (or ranges
of allowed IPs by using CIDR notation).
@ -654,16 +694,12 @@ spec:
type: array
type: object
ipWhiteList:
description: |-
IPWhiteList holds the IP whitelist middleware configuration.
This middleware accepts / refuses requests based on the client IP.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipwhitelist/
Deprecated: please use IPAllowList instead.
description: 'Deprecated: please use IPAllowList instead.'
properties:
ipStrategy:
description: |-
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy
properties:
depth:
description: Depth tells Traefik to use the X-Forwarded-For
@ -688,7 +724,7 @@ spec:
description: |-
PassTLSClientCert holds the pass TLS client cert middleware configuration.
This middleware adds the selected data from the passed client TLS certificate to a header.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/passtlsclientcert/
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/passtlsclientcert/
properties:
info:
description: Info selects the specific client certificate details
@ -797,7 +833,7 @@ spec:
description: |-
RateLimit holds the rate limit configuration.
This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ratelimit/
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ratelimit/
properties:
average:
description: |-
@ -830,7 +866,7 @@ spec:
ipStrategy:
description: |-
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy
properties:
depth:
description: Depth tells Traefik to use the X-Forwarded-For
@ -859,7 +895,7 @@ spec:
description: |-
RedirectRegex holds the redirect regex middleware configuration.
This middleware redirects a request using regex matching and replacement.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/redirectregex/#regex
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/redirectregex/#regex
properties:
permanent:
description: Permanent defines whether the redirection is permanent
@ -878,7 +914,7 @@ spec:
description: |-
RedirectScheme holds the redirect scheme middleware configuration.
This middleware redirects requests from a scheme/port to another.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/redirectscheme/
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/redirectscheme/
properties:
permanent:
description: Permanent defines whether the redirection is permanent
@ -895,7 +931,7 @@ spec:
description: |-
ReplacePath holds the replace path middleware configuration.
This middleware replaces the path of the request URL and store the original path in an X-Replaced-Path header.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/replacepath/
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/replacepath/
properties:
path:
description: Path defines the path to use as replacement in the
@ -906,7 +942,7 @@ spec:
description: |-
ReplacePathRegex holds the replace path regex middleware configuration.
This middleware replaces the path of a URL using regex matching and replacement.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/replacepathregex/
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/replacepathregex/
properties:
regex:
description: Regex defines the regular expression used to match
@ -922,7 +958,7 @@ spec:
Retry holds the retry middleware configuration.
This middleware reissues requests a given number of times to a backend server if that server does not reply.
As soon as the server answers, the middleware stops retrying, regardless of the response status.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/retry/
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/retry/
properties:
attempts:
description: Attempts defines how many times the request should
@ -944,10 +980,11 @@ spec:
description: |-
StripPrefix holds the strip prefix middleware configuration.
This middleware removes the specified prefixes from the URL path.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/stripprefix/
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/stripprefix/
properties:
forceSlash:
description: |-
Deprecated: ForceSlash option is deprecated, please remove any usage of this option.
ForceSlash ensures that the resulting stripped path is not the empty string, by replacing it with / when necessary.
Default: true.
type: boolean
@ -962,7 +999,7 @@ spec:
description: |-
StripPrefixRegex holds the strip prefix regex middleware configuration.
This middleware removes the matching prefixes from the URL path.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/stripprefixregex/
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/stripprefixregex/
properties:
regex:
description: Regex defines the regular expression to match the

6
charts/traefik/traefik/crds/traefik.io_middlewaretcps.yaml
View File

@ -19,7 +19,7 @@ spec:
openAPIV3Schema:
description: |-
MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/overview/
More info: https://doc.traefik.io/traefik/v3.0/middlewares/overview/
properties:
apiVersion:
description: |-
@ -55,7 +55,7 @@ spec:
description: |-
IPAllowList defines the IPAllowList middleware configuration.
This middleware accepts/refuses connections based on the client IP.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/tcp/ipallowlist/
More info: https://doc.traefik.io/traefik/v3.0/middlewares/tcp/ipallowlist/
properties:
sourceRange:
description: SourceRange defines the allowed IPs (or ranges of
@ -69,7 +69,7 @@ spec:
IPWhiteList defines the IPWhiteList middleware configuration.
This middleware accepts/refuses connections based on the client IP.
Deprecated: please use IPAllowList instead.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/tcp/ipwhitelist/
More info: https://doc.traefik.io/traefik/v3.0/middlewares/tcp/ipwhitelist/
properties:
sourceRange:
description: SourceRange defines the allowed IPs (or ranges of

15
charts/traefik/traefik/crds/traefik.io_serverstransports.yaml
View File

@ -21,7 +21,7 @@ spec:
ServersTransport is the CRD implementation of a ServersTransport.
If no serversTransport is specified, the default@internal will be used.
The default@internal serversTransport is created from the static configuration.
More info: https://doc.traefik.io/traefik/v2.11/routing/services/#serverstransport_1
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#serverstransport_1
properties:
apiVersion:
description: |-
@ -117,6 +117,19 @@ spec:
description: ServerName defines the server name used to contact the
server.
type: string
spiffe:
description: Spiffe defines the SPIFFE configuration.
properties:
ids:
description: IDs defines the allowed SPIFFE IDs (takes precedence
over the SPIFFE TrustDomain).
items:
type: string
type: array
trustDomain:
description: TrustDomain defines the allowed SPIFFE trust domain.
type: string
type: object
type: object
required:
- metadata

8
charts/traefik/traefik/crds/traefik.io_tlsoptions.yaml
View File

@ -19,7 +19,7 @@ spec:
openAPIV3Schema:
description: |-
TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection.
More info: https://doc.traefik.io/traefik/v2.11/https/tls/#tls-options
More info: https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options
properties:
apiVersion:
description: |-
@ -44,14 +44,14 @@ spec:
alpnProtocols:
description: |-
ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference.
More info: https://doc.traefik.io/traefik/v2.11/https/tls/#alpn-protocols
More info: https://doc.traefik.io/traefik/v3.0/https/tls/#alpn-protocols
items:
type: string
type: array
cipherSuites:
description: |-
CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2.
More info: https://doc.traefik.io/traefik/v2.11/https/tls/#cipher-suites
More info: https://doc.traefik.io/traefik/v3.0/https/tls/#cipher-suites
items:
type: string
type: array
@ -79,7 +79,7 @@ spec:
curvePreferences:
description: |-
CurvePreferences defines the preferred elliptic curves in a specific order.
More info: https://doc.traefik.io/traefik/v2.11/https/tls/#curve-preferences
More info: https://doc.traefik.io/traefik/v3.0/https/tls/#curve-preferences
items:
type: string
type: array

2
charts/traefik/traefik/crds/traefik.io_tlsstores.yaml
View File

@ -21,7 +21,7 @@ spec:
TLSStore is the CRD implementation of a Traefik TLS Store.
For the time being, only the TLSStore named default is supported.
This means that you cannot have two stores that are named default in different Kubernetes namespaces.
More info: https://doc.traefik.io/traefik/v2.11/https/tls/#certificates-stores
More info: https://doc.traefik.io/traefik/v3.0/https/tls/#certificates-stores
properties:
apiVersion:
description: |-

34
charts/traefik/traefik/crds/traefik.io_traefikservices.yaml
View File

@ -22,7 +22,7 @@ spec:
TraefikService object allows to:
- Apply weight to Services on load-balancing
- Mirror traffic on services
More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-traefikservice
More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-traefikservice
properties:
apiVersion:
description: |-
@ -134,7 +134,7 @@ spec:
sticky:
description: |-
Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions
properties:
cookie:
description: Cookie defines the sticky cookie configuration.
@ -143,6 +143,12 @@ spec:
description: HTTPOnly defines whether the cookie
can be accessed by client-side APIs, such as JavaScript.
type: boolean
maxAge:
description: |-
MaxAge indicates the number of seconds until the cookie expires.
When set to a negative number, the cookie expires immediately.
When set to zero, the cookie never expires.
type: integer
name:
description: Name defines the Cookie name.
type: string
@ -228,7 +234,7 @@ spec:
sticky:
description: |-
Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions
properties:
cookie:
description: Cookie defines the sticky cookie configuration.
@ -237,6 +243,12 @@ spec:
description: HTTPOnly defines whether the cookie can be
accessed by client-side APIs, such as JavaScript.
type: boolean
maxAge:
description: |-
MaxAge indicates the number of seconds until the cookie expires.
When set to a negative number, the cookie expires immediately.
When set to zero, the cookie never expires.
type: integer
name:
description: Name defines the Cookie name.
type: string
@ -337,7 +349,7 @@ spec:
sticky:
description: |-
Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions
properties:
cookie:
description: Cookie defines the sticky cookie configuration.
@ -346,6 +358,12 @@ spec:
description: HTTPOnly defines whether the cookie
can be accessed by client-side APIs, such as JavaScript.
type: boolean
maxAge:
description: |-
MaxAge indicates the number of seconds until the cookie expires.
When set to a negative number, the cookie expires immediately.
When set to zero, the cookie never expires.
type: integer
name:
description: Name defines the Cookie name.
type: string
@ -378,7 +396,7 @@ spec:
sticky:
description: |-
Sticky defines whether sticky sessions are enabled.
More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#stickiness-and-load-balancing
More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#stickiness-and-load-balancing
properties:
cookie:
description: Cookie defines the sticky cookie configuration.
@ -387,6 +405,12 @@ spec:
description: HTTPOnly defines whether the cookie can be
accessed by client-side APIs, such as JavaScript.
type: boolean
maxAge:
description: |-
MaxAge indicates the number of seconds until the cookie expires.
When set to a negative number, the cookie expires immediately.
When set to zero, the cookie never expires.
type: integer
name:
description: Name defines the Cookie name.
type: string

4
charts/traefik/traefik/templates/NOTES.txt
View File

@ -7,8 +7,8 @@ Traefik Proxy {{ .Values.image.tag | default .Chart.AppVersion }} has been deplo
🚨 When enabling persistence for certificates, permissions on acme.json can be
lost when Traefik restarts. You can ensure correct permissions with an
initContainer. See https://github.com/traefik/traefik-helm-chart/issues/396 for
more info. 🚨
initContainer. See https://github.com/traefik/traefik-helm-chart/blob/master/EXAMPLES.md#use-traefik-native-lets-encrypt-integration-without-cert-manager
for more info. 🚨
{{- end }}
{{- end }}

438
charts/traefik/traefik/templates/_podtemplate.tpl
View File

@ -66,12 +66,14 @@
{{- $healthchecksPort := (default (.Values.ports.traefik).port .Values.deployment.healthchecksPort) }}
{{- $healthchecksHost := (default (.Values.ports.traefik).hostIP .Values.deployment.healthchecksHost) }}
{{- $healthchecksScheme := (default "HTTP" .Values.deployment.healthchecksScheme) }}
{{- $readinessPath := (default "/ping" .Values.deployment.readinessPath) }}
{{- $livenessPath := (default "/ping" .Values.deployment.livenessPath) }}
readinessProbe:
httpGet:
{{- with $healthchecksHost }}
host: {{ . }}
{{- end }}
path: /ping
path: {{ $readinessPath }}
port: {{ $healthchecksPort }}
scheme: {{ $healthchecksScheme }}
{{- toYaml .Values.readinessProbe | nindent 10 }}
@ -80,7 +82,7 @@
{{- with $healthchecksHost }}
host: {{ . }}
{{- end }}
path: /ping
path: {{ $livenessPath }}
port: {{ $healthchecksPort }}
scheme: {{ $healthchecksScheme }}
{{- toYaml .Values.livenessProbe | nindent 10 }}
@ -157,19 +159,25 @@
{{- end }}
{{- range $name, $config := .Values.ports }}
{{- if $config }}
- "--entrypoints.{{$name}}.address={{ $config.hostIP }}:{{ $config.port }}/{{ default "tcp" $config.protocol | lower }}"
- "--entryPoints.{{$name}}.address={{ $config.hostIP }}:{{ $config.port }}/{{ default "tcp" $config.protocol | lower }}"
{{- with $config.asDefault }}
{{- if semverCompare "<3.0.0-0" (include "imageVersion" $) }}
{{- fail "ERROR: Default entrypoints are only available on Traefik v3. Please set `image.tag` to `v3.x`." }}
{{- end }}
- "--entrypoints.{{$name}}.asDefault={{ . }}"
- "--entryPoints.{{$name}}.asDefault={{ . }}"
{{- end }}
{{- end }}
{{- end }}
- "--api.dashboard=true"
- "--ping=true"
{{- with .Values.core }}
{{- with .defaultRuleSyntax }}
- "--core.defaultRuleSyntax={{ . }}"
{{- end }}
{{- end }}
{{- if .Values.metrics }}
{{- if .Values.metrics.addInternals }}
- "--metrics.addinternals"
{{- end }}
{{- with .Values.metrics.datadog }}
- "--metrics.datadog=true"
{{- with .address }}
@ -198,45 +206,6 @@
{{- end }}
{{- end }}
{{- with .Values.metrics.influxdb }}
- "--metrics.influxdb=true"
- "--metrics.influxdb.address={{ .address }}"
- "--metrics.influxdb.protocol={{ .protocol }}"
{{- with .database }}
- "--metrics.influxdb.database={{ . }}"
{{- end }}
{{- with .retentionPolicy }}
- "--metrics.influxdb.retentionPolicy={{ . }}"
{{- end }}
{{- with .username }}
- "--metrics.influxdb.username={{ . }}"
{{- end }}
{{- with .password }}
- "--metrics.influxdb.password={{ . }}"
{{- end }}
{{- with .pushInterval }}
- "--metrics.influxdb.pushInterval={{ . }}"
{{- end }}
{{- range $name, $value := .additionalLabels }}
- "--metrics.influxdb.additionalLabels.{{ $name }}={{ $value }}"
{{- end }}
{{- if ne .addRoutersLabels nil }}
{{- with .addRoutersLabels | toString }}
- "--metrics.influxdb.addRoutersLabels={{ . }}"
{{- end }}
{{- end }}
{{- if ne .addEntryPointsLabels nil }}
{{- with .addEntryPointsLabels | toString }}
- "--metrics.influxdb.addEntryPointsLabels={{ . }}"
{{- end }}
{{- end }}
{{- if ne .addServicesLabels nil }}
{{- with .addServicesLabels | toString }}
- "--metrics.influxdb.addServicesLabels={{ . }}"
{{- end }}
{{- end }}
{{- end }}
{{- with .Values.metrics.influxdb2 }}
- "--metrics.influxdb2=true"
- "--metrics.influxdb2.address={{ .address }}"
@ -314,219 +283,149 @@
{{- end }}
{{- with .Values.metrics.openTelemetry }}
{{- if semverCompare "<3.0.0-0" (include "imageVersion" $) }}
{{- fail "ERROR: OpenTelemetry features are only available on Traefik v3. Please set `image.tag` to `v3.x`." }}
{{- end }}
- "--metrics.openTelemetry=true"
- "--metrics.openTelemetry.address={{ .address }}"
{{- with .Values.metrics.otlp }}
{{- if .enabled }}
- "--metrics.otlp=true"
{{- if ne .addEntryPointsLabels nil }}
{{- with .addEntryPointsLabels | toString }}
- "--metrics.openTelemetry.addEntryPointsLabels={{ . }}"
- "--metrics.otlp.addEntryPointsLabels={{ . }}"
{{- end }}
{{- end }}
{{- if ne .addRoutersLabels nil }}
{{- with .addRoutersLabels | toString }}
- "--metrics.openTelemetry.addRoutersLabels={{ . }}"
- "--metrics.otlp.addRoutersLabels={{ . }}"
{{- end }}
{{- end }}
{{- if ne .addServicesLabels nil }}
{{- with .addServicesLabels | toString }}
- "--metrics.openTelemetry.addServicesLabels={{ . }}"
- "--metrics.otlp.addServicesLabels={{ . }}"
{{- end }}
{{- end }}
{{- with .explicitBoundaries }}
- "--metrics.openTelemetry.explicitBoundaries={{ join "," . }}"
{{- end }}
{{- with .headers }}
{{- range $name, $value := . }}
- "--metrics.openTelemetry.headers.{{ $name }}={{ $value }}"
{{- end }}
{{- end }}
{{- with .insecure }}
- "--metrics.openTelemetry.insecure={{ . }}"
- "--metrics.otlp.explicitBoundaries={{ join "," . }}"
{{- end }}
{{- with .pushInterval }}
- "--metrics.openTelemetry.pushInterval={{ . }}"
- "--metrics.otlp.pushInterval={{ . }}"
{{- end }}
{{- with .path }}
- "--metrics.openTelemetry.path={{ . }}"
{{- with .http }}
{{- if .enabled }}
- "--metrics.otlp.http=true"
{{- with .endpoint }}
- "--metrics.otlp.http.endpoint={{ . }}"
{{- end }}
{{- range $name, $value := .headers }}
- "--metrics.otlp.http.headers.{{ $name }}={{ $value }}"
{{- end }}
{{- with .tls }}
{{- with .ca }}
- "--metrics.openTelemetry.tls.ca={{ . }}"
- "--metrics.otlp.http.tls.ca={{ . }}"
{{- end }}
{{- with .cert }}
- "--metrics.openTelemetry.tls.cert={{ . }}"
- "--metrics.otlp.http.tls.cert={{ . }}"
{{- end }}
{{- with .key }}
- "--metrics.openTelemetry.tls.key={{ . }}"
- "--metrics.otlp.http.tls.key={{ . }}"
{{- end }}
{{- with .insecureSkipVerify }}
- "--metrics.openTelemetry.tls.insecureSkipVerify={{ . }}"
- "--metrics.otlp.http.tls.insecureSkipVerify={{ . }}"
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- with .grpc }}
- "--metrics.openTelemetry.grpc={{ . }}"
{{ if .enabled }}
- "--metrics.otlp.grpc=true"
{{- with .endpoint }}
- "--metrics.otlp.grpc.endpoint={{ . }}"
{{- end }}
{{- with .insecure }}
- "--metrics.otlp.grpc.insecure={{ . }}"
{{- end }}
{{- range $name, $value := .headers }}
- "--metrics.otlp.grpc.headers.{{ $name }}={{ $value }}"
{{- end }}
{{- with .tls }}
{{- with .ca }}
- "--metrics.otlp.grpc.tls.ca={{ . }}"
{{- end }}
{{- with .cert }}
- "--metrics.otlp.grpc.tls.cert={{ . }}"
{{- end }}
{{- with .key }}
- "--metrics.otlp.grpc.tls.key={{ . }}"
{{- end }}
{{- with .insecureSkipVerify }}
- "--metrics.otlp.grpc.tls.insecureSkipVerify={{ . }}"
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.tracing }}
{{- if .Values.tracing.addInternals }}
- "--tracing.addinternals"
{{- end }}
{{- if .Values.tracing.openTelemetry }}
{{- if semverCompare "<3.0.0-0" (include "imageVersion" $) }}
{{- fail "ERROR: OpenTelemetry features are only available on Traefik v3. Please set `image.tag` to `v3.x`." }}
{{- with .Values.tracing.otlp }}
{{- if .enabled }}
- "--tracing.otlp=true"
{{- with .http }}
{{- if .enabled }}
- "--tracing.otlp.http=true"
{{- with .endpoint }}
- "--tracing.otlp.http.endpoint={{ . }}"
{{- end }}
- "--tracing.openTelemetry=true"
- "--tracing.openTelemetry.address={{ required "ERROR: When enabling openTelemetry on tracing, `tracing.openTelemetry.address` is required." .Values.tracing.openTelemetry.address }}"
{{- range $key, $value := .Values.tracing.openTelemetry.headers }}
- "--tracing.openTelemetry.headers.{{ $key }}={{ $value }}"
{{- range $name, $value := .headers }}
- "--tracing.otlp.http.headers.{{ $name }}={{ $value }}"
{{- end }}
{{- if .Values.tracing.openTelemetry.insecure }}
- "--tracing.openTelemetry.insecure={{ .Values.tracing.openTelemetry.insecure }}"
{{- with .tls }}
{{- with .ca }}
- "--tracing.otlp.http.tls.ca={{ . }}"
{{- end }}
{{- if .Values.tracing.openTelemetry.path }}
- "--tracing.openTelemetry.path={{ .Values.tracing.openTelemetry.path }}"
{{- with .cert }}
- "--tracing.otlp.http.tls.cert={{ . }}"
{{- end }}
{{- with .key }}
- "--tracing.otlp.http.tls.key={{ . }}"
{{- end }}
{{- with .insecureSkipVerify }}
- "--tracing.otlp.http.tls.insecureSkipVerify={{ . }}"
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- with .grpc }}
{{ if .enabled }}
- "--tracing.otlp.grpc=true"
{{- with .endpoint }}
- "--tracing.otlp.grpc.endpoint={{ . }}"
{{- end }}
{{- with .insecure }}
- "--tracing.otlp.grpc.insecure={{ . }}"
{{- end }}
{{- range $name, $value := .headers }}
- "--tracing.otlp.grpc.headers.{{ $name }}={{ $value }}"
{{- end }}
{{- with .tls }}
{{- with .ca }}
- "--tracing.otlp.grpc.tls.ca={{ . }}"
{{- end }}
{{- with .cert }}
- "--tracing.otlp.grpc.tls.cert={{ . }}"
{{- end }}
{{- with .key }}
- "--tracing.otlp.grpc.tls.key={{ . }}"
{{- end }}
{{- with .insecureSkipVerify }}
- "--tracing.otlp.grpc.tls.insecureSkipVerify={{ . }}"
{{- end }}
{{- if .Values.tracing.openTelemetry.tls }}
{{- if .Values.tracing.openTelemetry.tls.ca }}
- "--tracing.openTelemetry.tls.ca={{ .Values.tracing.openTelemetry.tls.ca }}"
{{- end }}
{{- if .Values.tracing.openTelemetry.tls.cert }}
- "--tracing.openTelemetry.tls.cert={{ .Values.tracing.openTelemetry.tls.cert }}"
{{- end }}
{{- if .Values.tracing.openTelemetry.tls.key }}
- "--tracing.openTelemetry.tls.key={{ .Values.tracing.openTelemetry.tls.key }}"
{{- end }}
{{- if .Values.tracing.openTelemetry.tls.insecureSkipVerify }}
- "--tracing.openTelemetry.tls.insecureSkipVerify={{ .Values.tracing.openTelemetry.tls.insecureSkipVerify }}"
{{- end }}
{{- end }}
{{- if .Values.tracing.openTelemetry.grpc }}
- "--tracing.openTelemetry.grpc=true"
{{- end }}
{{- end }}
{{- if .Values.tracing.instana }}
- "--tracing.instana=true"
{{- if .Values.tracing.instana.localAgentHost }}
- "--tracing.instana.localAgentHost={{ .Values.tracing.instana.localAgentHost }}"
{{- end }}
{{- if .Values.tracing.instana.localAgentPort }}
- "--tracing.instana.localAgentPort={{ .Values.tracing.instana.localAgentPort }}"
{{- end }}
{{- if .Values.tracing.instana.logLevel }}
- "--tracing.instana.logLevel={{ .Values.tracing.instana.logLevel }}"
{{- end }}
{{- if .Values.tracing.instana.enableAutoProfile }}
- "--tracing.instana.enableAutoProfile={{ .Values.tracing.instana.enableAutoProfile }}"
{{- end }}
{{- end }}
{{- if .Values.tracing.datadog }}
- "--tracing.datadog=true"
{{- if .Values.tracing.datadog.localAgentHostPort }}
- "--tracing.datadog.localAgentHostPort={{ .Values.tracing.datadog.localAgentHostPort }}"
{{- end }}
{{- if .Values.tracing.datadog.debug }}
- "--tracing.datadog.debug=true"
{{- end }}
{{- if .Values.tracing.datadog.globalTag }}
- "--tracing.datadog.globalTag={{ .Values.tracing.datadog.globalTag }}"
{{- end }}
{{- if .Values.tracing.datadog.prioritySampling }}
- "--tracing.datadog.prioritySampling=true"
{{- end }}
{{- end }}
{{- if .Values.tracing.jaeger }}
- "--tracing.jaeger=true"
{{- if .Values.tracing.jaeger.samplingServerURL }}
- "--tracing.jaeger.samplingServerURL={{ .Values.tracing.jaeger.samplingServerURL }}"
{{- end }}
{{- if .Values.tracing.jaeger.samplingType }}
- "--tracing.jaeger.samplingType={{ .Values.tracing.jaeger.samplingType }}"
{{- end }}
{{- if .Values.tracing.jaeger.samplingParam }}
- "--tracing.jaeger.samplingParam={{ .Values.tracing.jaeger.samplingParam }}"
{{- end }}
{{- if .Values.tracing.jaeger.localAgentHostPort }}
- "--tracing.jaeger.localAgentHostPort={{ .Values.tracing.jaeger.localAgentHostPort }}"
{{- end }}
{{- if .Values.tracing.jaeger.gen128Bit }}
- "--tracing.jaeger.gen128Bit={{ .Values.tracing.jaeger.gen128Bit }}"
{{- end }}
{{- if .Values.tracing.jaeger.propagation }}
- "--tracing.jaeger.propagation={{ .Values.tracing.jaeger.propagation }}"
{{- end }}
{{- if .Values.tracing.jaeger.traceContextHeaderName }}
- "--tracing.jaeger.traceContextHeaderName={{ .Values.tracing.jaeger.traceContextHeaderName }}"
{{- end }}
{{- if .Values.tracing.jaeger.disableAttemptReconnecting }}
- "--tracing.jaeger.disableAttemptReconnecting={{ .Values.tracing.jaeger.disableAttemptReconnecting }}"
{{- end }}
{{- if .Values.tracing.jaeger.collector }}
{{- if .Values.tracing.jaeger.collector.endpoint }}
- "--tracing.jaeger.collector.endpoint={{ .Values.tracing.jaeger.collector.endpoint }}"
{{- end }}
{{- if .Values.tracing.jaeger.collector.user }}
- "--tracing.jaeger.collector.user={{ .Values.tracing.jaeger.collector.user }}"
{{- end }}
{{- if .Values.tracing.jaeger.collector.password }}
- "--tracing.jaeger.collector.password={{ .Values.tracing.jaeger.collector.password }}"
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.tracing.zipkin }}
- "--tracing.zipkin=true"
{{- if .Values.tracing.zipkin.httpEndpoint }}
- "--tracing.zipkin.httpEndpoint={{ .Values.tracing.zipkin.httpEndpoint }}"
{{- end }}
{{- if .Values.tracing.zipkin.sameSpan }}
- "--tracing.zipkin.sameSpan={{ .Values.tracing.zipkin.sameSpan }}"
{{- end }}
{{- if .Values.tracing.zipkin.id128Bit }}
- "--tracing.zipkin.id128Bit={{ .Values.tracing.zipkin.id128Bit }}"
{{- end }}
{{- if .Values.tracing.zipkin.sampleRate }}
- "--tracing.zipkin.sampleRate={{ .Values.tracing.zipkin.sampleRate }}"
{{- end }}
{{- end }}
{{- if .Values.tracing.haystack }}
- "--tracing.haystack=true"
{{- if .Values.tracing.haystack.localAgentHost }}
- "--tracing.haystack.localAgentHost={{ .Values.tracing.haystack.localAgentHost }}"
{{- end }}
{{- if .Values.tracing.haystack.localAgentPort }}
- "--tracing.haystack.localAgentPort={{ .Values.tracing.haystack.localAgentPort }}"
{{- end }}
{{- if .Values.tracing.haystack.globalTag }}
- "--tracing.haystack.globalTag={{ .Values.tracing.haystack.globalTag }}"
{{- end }}
{{- if .Values.tracing.haystack.traceIDHeaderName }}
- "--tracing.haystack.traceIDHeaderName={{ .Values.tracing.haystack.traceIDHeaderName }}"
{{- end }}
{{- if .Values.tracing.haystack.parentIDHeaderName }}
- "--tracing.haystack.parentIDHeaderName={{ .Values.tracing.haystack.parentIDHeaderName }}"
{{- end }}
{{- if .Values.tracing.haystack.spanIDHeaderName }}
- "--tracing.haystack.spanIDHeaderName={{ .Values.tracing.haystack.spanIDHeaderName }}"
{{- end }}
{{- if .Values.tracing.haystack.baggagePrefixHeaderName }}
- "--tracing.haystack.baggagePrefixHeaderName={{ .Values.tracing.haystack.baggagePrefixHeaderName }}"
{{- end }}
{{- end }}
{{- if .Values.tracing.elastic }}
- "--tracing.elastic=true"
{{- if .Values.tracing.elastic.serverURL }}
- "--tracing.elastic.serverURL={{ .Values.tracing.elastic.serverURL }}"
{{- end }}
{{- if .Values.tracing.elastic.secretToken }}
- "--tracing.elastic.secretToken={{ .Values.tracing.elastic.secretToken }}"
{{- end }}
{{- if .Values.tracing.elastic.serviceEnvironment }}
- "--tracing.elastic.serviceEnvironment={{ .Values.tracing.elastic.serviceEnvironment }}"
{{- end }}
{{- end }}
{{- end }}
{{- range $pluginName, $plugin := .Values.experimental.plugins }}
{{- if or (ne (typeOf $plugin) "map[string]interface {}") (not (hasKey $plugin "moduleName")) (not (hasKey $plugin "version")) }}
{{- fail (printf "ERROR: plugin %s is missing moduleName/version keys !" $pluginName) }}
@ -569,7 +468,7 @@
{{- if .Values.providers.kubernetesIngress.ingressClass }}
- "--providers.kubernetesingress.ingressClass={{ .Values.providers.kubernetesIngress.ingressClass }}"
{{- end }}
{{- if and .Values.providers.kubernetesIngress.disableIngressClassLookup (semverCompare ">=3.0.0-0" (include "imageVersion" $) ) }}
{{- if .Values.providers.kubernetesIngress.disableIngressClassLookup }}
- "--providers.kubernetesingress.disableIngressClassLookup=true"
{{- end }}
{{- end }}
@ -602,46 +501,39 @@
{{- fail "ERROR: Syntax of `ports.web.redirectTo` has changed to `ports.web.redirectTo.port`. Details in PR #934." }}
{{- end }}
{{- $toPort := index $.Values.ports $config.redirectTo.port }}
- "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.to=:{{ $toPort.exposedPort }}"
- "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.scheme=https"
- "--entryPoints.{{ $entrypoint }}.http.redirections.entryPoint.to=:{{ $toPort.exposedPort }}"
- "--entryPoints.{{ $entrypoint }}.http.redirections.entryPoint.scheme=https"
{{- if $config.redirectTo.priority }}
- "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.priority={{ $config.redirectTo.priority }}"
- "--entryPoints.{{ $entrypoint }}.http.redirections.entryPoint.priority={{ $config.redirectTo.priority }}"
{{- end }}
{{- end }}
{{- if $config.middlewares }}
- "--entrypoints.{{ $entrypoint }}.http.middlewares={{ join "," $config.middlewares }}"
- "--entryPoints.{{ $entrypoint }}.http.middlewares={{ join "," $config.middlewares }}"
{{- end }}
{{- if $config.tls }}
{{- if $config.tls.enabled }}
- "--entrypoints.{{ $entrypoint }}.http.tls=true"
- "--entryPoints.{{ $entrypoint }}.http.tls=true"
{{- if $config.tls.options }}
- "--entrypoints.{{ $entrypoint }}.http.tls.options={{ $config.tls.options }}"
- "--entryPoints.{{ $entrypoint }}.http.tls.options={{ $config.tls.options }}"
{{- end }}
{{- if $config.tls.certResolver }}
- "--entrypoints.{{ $entrypoint }}.http.tls.certResolver={{ $config.tls.certResolver }}"
- "--entryPoints.{{ $entrypoint }}.http.tls.certResolver={{ $config.tls.certResolver }}"
{{- end }}
{{- if $config.tls.domains }}
{{- range $index, $domain := $config.tls.domains }}
{{- if $domain.main }}
- "--entrypoints.{{ $entrypoint }}.http.tls.domains[{{ $index }}].main={{ $domain.main }}"
- "--entryPoints.{{ $entrypoint }}.http.tls.domains[{{ $index }}].main={{ $domain.main }}"
{{- end }}
{{- if $domain.sans }}
- "--entrypoints.{{ $entrypoint }}.http.tls.domains[{{ $index }}].sans={{ join "," $domain.sans }}"
- "--entryPoints.{{ $entrypoint }}.http.tls.domains[{{ $index }}].sans={{ join "," $domain.sans }}"
{{- end }}
{{- end }}
{{- end }}
{{- if $config.http3 }}
{{- if $config.http3.enabled }}
{{- if semverCompare "<3.0.0-0" (include "imageVersion" $)}}
- "--experimental.http3=true"
{{- end }}
{{- if semverCompare ">=2.6.0-0" (include "imageVersion" $)}}
- "--entrypoints.{{ $entrypoint }}.http3"
{{- else }}
- "--entrypoints.{{ $entrypoint }}.enableHTTP3=true"
{{- end }}
- "--entryPoints.{{ $entrypoint }}.http3"
{{- if $config.http3.advertisedPort }}
- "--entrypoints.{{ $entrypoint }}.http3.advertisedPort={{ $config.http3.advertisedPort }}"
- "--entryPoints.{{ $entrypoint }}.http3.advertisedPort={{ $config.http3.advertisedPort }}"
{{- end }}
{{- end }}
{{- end }}
@ -649,18 +541,45 @@
{{- end }}
{{- if $config.forwardedHeaders }}
{{- if $config.forwardedHeaders.trustedIPs }}
- "--entrypoints.{{ $entrypoint }}.forwardedHeaders.trustedIPs={{ join "," $config.forwardedHeaders.trustedIPs }}"
- "--entryPoints.{{ $entrypoint }}.forwardedHeaders.trustedIPs={{ join "," $config.forwardedHeaders.trustedIPs }}"
{{- end }}
{{- if $config.forwardedHeaders.insecure }}
- "--entrypoints.{{ $entrypoint }}.forwardedHeaders.insecure"
- "--entryPoints.{{ $entrypoint }}.forwardedHeaders.insecure"
{{- end }}
{{- end }}
{{- if $config.proxyProtocol }}
{{- if $config.proxyProtocol.trustedIPs }}
- "--entrypoints.{{ $entrypoint }}.proxyProtocol.trustedIPs={{ join "," $config.proxyProtocol.trustedIPs }}"
- "--entryPoints.{{ $entrypoint }}.proxyProtocol.trustedIPs={{ join "," $config.proxyProtocol.trustedIPs }}"
{{- end }}
{{- if $config.proxyProtocol.insecure }}
- "--entrypoints.{{ $entrypoint }}.proxyProtocol.insecure"
- "--entryPoints.{{ $entrypoint }}.proxyProtocol.insecure"
{{- end }}
{{- end }}
{{- with $config.transport }}
{{- with .respondingTimeouts }}
{{- if and (ne .readTimeout nil) (toString .readTimeout) }}
- "--entryPoints.{{ $entrypoint }}.transport.respondingTimeouts.readTimeout={{ .readTimeout }}"
{{- end }}
{{- if and (ne .writeTimeout nil) (toString .writeTimeout) }}
- "--entryPoints.{{ $entrypoint }}.transport.respondingTimeouts.writeTimeout={{ .writeTimeout }}"
{{- end }}
{{- if and (ne .idleTimeout nil) (toString .idleTimeout) }}
- "--entryPoints.{{ $entrypoint }}.transport.respondingTimeouts.idleTimeout={{ .idleTimeout }}"
{{- end }}
{{- end }}
{{- with .lifeCycle }}
{{- if and (ne .requestAcceptGraceTimeout nil) (toString .requestAcceptGraceTimeout) }}
- "--entryPoints.{{ $entrypoint }}.transport.lifeCycle.requestAcceptGraceTimeout={{ .requestAcceptGraceTimeout }}"
{{- end }}
{{- if and (ne .graceTimeOut nil) (toString .graceTimeOut) }}
- "--entryPoints.{{ $entrypoint }}.transport.lifeCycle.graceTimeOut={{ .graceTimeOut }}"
{{- end }}
{{- end }}
{{- if and (ne .keepAliveMaxRequests nil) (toString .keepAliveMaxRequests) }}
- "--entryPoints.{{ $entrypoint }}.transport.keepAliveMaxRequests={{ .keepAliveMaxRequests }}"
{{- end }}
{{- if and (ne .keepAliveMaxTime nil) (toString .keepAliveMaxTime) }}
- "--entryPoints.{{ $entrypoint }}.transport.keepAliveMaxTime={{ .keepAliveMaxTime }}"
{{- end }}
{{- end }}
{{- end }}
@ -674,24 +593,27 @@
{{- end }}
{{- if .access.enabled }}
- "--accesslog=true"
{{- if .access.format }}
- "--accesslog.format={{ .access.format }}"
{{- with .access.format }}
- "--accesslog.format={{ . }}"
{{- end }}
{{- if .access.filePath }}
- "--accesslog.filepath={{ .access.filePath }}"
{{- with .access.filePath }}
- "--accesslog.filepath={{ . }}"
{{- end }}
{{- if .access.bufferingSize }}
- "--accesslog.bufferingsize={{ .access.bufferingSize }}"
{{- if .access.addInternals }}
- "--accesslog.addinternals"
{{- end }}
{{- if .access.filters }}
{{- if .access.filters.statuscodes }}
- "--accesslog.filters.statuscodes={{ .access.filters.statuscodes }}"
{{- with .access.bufferingSize }}
- "--accesslog.bufferingsize={{ . }}"
{{- end }}
{{- if .access.filters.retryattempts }}
{{- with .access.filters }}
{{- with .statuscodes }}
- "--accesslog.filters.statuscodes={{ . }}"
{{- end }}
{{- if .retryattempts }}
- "--accesslog.filters.retryattempts"
{{- end }}
{{- if .access.filters.minduration }}
- "--accesslog.filters.minduration={{ .access.filters.minduration }}"
{{- with .minduration }}
- "--accesslog.filters.minduration={{ . }}"
{{- end }}
{{- end }}
- "--accesslog.fields.defaultmode={{ .access.fields.general.defaultmode }}"
@ -722,6 +644,18 @@
{{- end }}
{{- with .Values.env }}
env:
{{- if ($.Values.resources.limits).cpu }}
- name: GOMAXPROCS
valueFrom:
resourceFieldRef:
resource: limits.cpu
{{- end }}
{{- if ($.Values.resources.limits).memory }}
- name: GOMEMLIMIT
valueFrom:
resourceFieldRef:
resource: limits.memory
{{- end }}
{{- toYaml . | nindent 10 }}
{{- end }}
{{- with .Values.envFrom }}

10
charts/traefik/traefik/templates/_service.tpl
View File

@ -52,7 +52,11 @@
{{- define "traefik.service-ports" }}
{{- range $name, $config := .ports }}
{{- if (index (default dict $config.expose) $.serviceName) }}
- port: {{ default $config.port $config.exposedPort }}
{{- $port := default $config.port $config.exposedPort }}
{{- if empty $port }}
{{- fail (print "ERROR: Cannot create " (trim $name) " port on Service without .port or .exposedPort") }}
{{- end }}
- port: {{ $port }}
name: {{ $name | quote }}
targetPort: {{ default $name $config.targetPort }}
protocol: {{ default "TCP" $config.protocol }}
@ -62,9 +66,7 @@
{{- if $config.appProtocol }}
appProtocol: {{ $config.appProtocol }}
{{- end }}
{{- end }}
{{- if $config.http3 }}
{{- if $config.http3.enabled }}
{{- if ($config.http3).enabled }}
{{- $http3Port := default $config.exposedPort $config.http3.advertisedPort }}
- port: {{ $http3Port }}
name: "{{ $name }}-http3"

9
charts/traefik/traefik/templates/ingressclass.yaml
View File

@ -1,14 +1,5 @@
{{- if .Values.ingressClass.enabled -}}
{{- if (semverCompare "<2.3.0" (include "imageVersion" $)) -}}
{{- fail "ERROR: IngressClass cannot be used with Traefik < 2.3.0" -}}
{{- end -}}
{{- if semverCompare ">=1.19.0-0" .Capabilities.KubeVersion.Version -}}
apiVersion: networking.k8s.io/v1
{{- else if semverCompare ">=1.16.0-0" .Capabilities.KubeVersion.Version }}
apiVersion: networking.k8s.io/v1beta1
{{- else }}
{{- fail "ERROR: You must use at least Kubernetes v1.16 with this Chart" }}
{{- end }}
kind: IngressClass
metadata:
annotations:

8
charts/traefik/traefik/templates/rbac/clusterrole.yaml
View File

@ -1,5 +1,5 @@
{{- if and .Values.rbac.enabled (or .Values.providers.kubernetesIngress.enabled (not .Values.rbac.namespaced)) -}}
{{- if not (and .Values.rbac.namespaced .Values.providers.kubernetesIngress.disableIngressClassLookup (semverCompare ">=3.0.0-0" (include "imageVersion" $))) -}}
{{- if not (and .Values.rbac.namespaced .Values.providers.kubernetesIngress.disableIngressClassLookup) -}}
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
@ -56,9 +56,6 @@ rules:
{{- if .Values.providers.kubernetesCRD.enabled }}
- apiGroups:
- traefik.io
{{- if semverCompare "<3.0.0-0" (include "imageVersion" $) }}
- traefik.containo.us
{{- end }}
resources:
- ingressroutes
- ingressroutetcps
@ -69,9 +66,7 @@ rules:
- tlsstores
- traefikservices
- serverstransports
{{- if semverCompare ">=3.0.0-0" (include "imageVersion" $) }}
- serverstransporttcps
{{- end }}
verbs:
- get
- list
@ -101,6 +96,7 @@ rules:
- gatewayclasses
- gateways
- httproutes
- referencegrants
- tcproutes
- tlsroutes
verbs:

2
charts/traefik/traefik/templates/rbac/clusterrolebinding.yaml
View File

@ -1,5 +1,5 @@
{{- if and .Values.rbac.enabled (or .Values.providers.kubernetesIngress.enabled (not .Values.rbac.namespaced)) -}}
{{- if not (and .Values.rbac.namespaced .Values.providers.kubernetesIngress.disableIngressClassLookup (semverCompare ">=3.0.0-0" (include "imageVersion" $))) -}}
{{- if or (not .Values.rbac.namespaced) (not .Values.providers.kubernetesIngress.disableIngressClassLookup) -}}
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1

37
charts/traefik/traefik/templates/rbac/role.yaml
View File

@ -61,9 +61,6 @@ rules:
{{- if (and (has . $CRDNamespaces) $.Values.providers.kubernetesCRD.enabled) }}
- apiGroups:
- traefik.io
{{- if semverCompare "<3.0.0-0" (include "imageVersion" $) }}
- traefik.containo.us
{{- end }}
resources:
- ingressroutes
- ingressroutetcps
@ -74,9 +71,7 @@ rules:
- tlsstores
- traefikservices
- serverstransports
{{- if semverCompare ">=3.0.0-0" (include "imageVersion" $) }}
- serverstransporttcps
{{- end }}
verbs:
- get
- list
@ -92,5 +87,37 @@ rules:
verbs:
- use
{{- end -}}
{{- if $.Values.experimental.kubernetesGateway.enabled }}
- apiGroups:
- ""
resources:
- namespaces
verbs:
- list
- watch
- apiGroups:
- gateway.networking.k8s.io
resources:
- gatewayclasses
- gateways
- httproutes
- referencegrants
- tcproutes
- tlsroutes
verbs:
- get
- list
- watch
- apiGroups:
- gateway.networking.k8s.io
resources:
- gatewayclasses/status
- gateways/status
- httproutes/status
- tcproutes/status
- tlsroutes/status
verbs:
- update
{{- end -}}
{{- end -}}
{{- end -}}

6
charts/traefik/traefik/templates/requirements.yaml Normal file
View File

@ -0,0 +1,6 @@
{{- $version := include "imageVersion" $ }}
{{- if (ne $version "experimental-v3.0") }}
{{- if (semverCompare "<3.0.0-0" $version) }}
{{- fail "ERROR: This version of the Chart only supports Traefik Proxy v3" -}}
{{- end }}
{{- end }}

15
charts/traefik/traefik/templates/tlsoption.yaml
View File

@ -26,17 +26,14 @@ spec:
curvePreferences:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- if $config.maxVersion }}
maxVersion: {{ $config.maxVersion }}
{{- with $config.maxVersion }}
maxVersion: {{ . }}
{{- end }}
{{- if $config.minVersion }}
minVersion: {{ $config.minVersion }}
{{- with $config.minVersion }}
minVersion: {{ . }}
{{- end }}
{{- if $config.preferServerCipherSuites }}
preferServerCipherSuites: {{ $config.preferServerCipherSuites }}
{{- end }}
{{- if $config.sniStrict }}
sniStrict: {{ $config.sniStrict }}
{{- with $config.sniStrict }}
sniStrict: {{ . }}
{{- end }}
---
{{- end -}}

251
charts/traefik/traefik/values.yaml
View File

@ -38,6 +38,12 @@ deployment:
## Override the liveness/readiness scheme. Useful for getting ping to
## respond on websecure entryPoint.
# healthchecksScheme: HTTPS
## Override the readiness path.
## Default: /ping
# readinessPath: /ping
# Override the liveness path.
# Default: /ping
# livenessPath: /ping
# -- Additional deployment annotations (e.g. for jaeger-operator sidecar injection)
annotations: {}
# -- Additional deployment labels (e.g. for filtering deployment by custom labels)
@ -120,12 +126,13 @@ ingressClass:
isDefaultClass: true
# name: my-custom-class
core:
# -- Can be used to use globally v2 router syntax
# See https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#new-v3-syntax-notable-changes
defaultRuleSyntax:
# Traefik experimental features
experimental:
# This value is no longer used, set the image.tag to a semver higher than 3.0, e.g. "v3.0.0-beta3"
# v3:
# -- Enable traefik version 3
# -- Enable traefik experimental plugins
plugins: {}
# demo:
@ -309,7 +316,7 @@ logs:
# format: json
# By default, the level is set to ERROR.
# -- Alternative logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO.
level: ERROR
level: INFO
access:
# -- To enable access logs
enabled: false
@ -328,6 +335,8 @@ logs:
# statuscodes: "200,300-302"
# retryattempts: true
# minduration: 10ms
# -- Enables accessLogs for internal resources. Default: false.
addInternals:
fields:
general:
# -- Available modes: keep, drop, redact.
@ -347,6 +356,9 @@ logs:
# Content-Type: keep
metrics:
## -- Enable metrics for internal resources. Default: false
addInternals:
## -- Prometheus is enabled by default.
## -- It can be disabled by setting "prometheus: null"
prometheus:
@ -376,31 +388,6 @@ metrics:
# # addRoutersLabels: true
# ## Enable metrics on services. Default=true
# # addServicesLabels: false
# influxdb:
# ## Address instructs exporter to send metrics to influxdb at this address.
# address: localhost:8089
# ## InfluxDB's address protocol (udp or http). Default="udp"
# protocol: udp
# ## InfluxDB database used when protocol is http. Default=""
# # database: ""
# ## InfluxDB retention policy used when protocol is http. Default=""
# # retentionPolicy: ""
# ## InfluxDB username (only with http). Default=""
# # username: ""
# ## InfluxDB password (only with http). Default=""
# # password: ""
# ## The interval used by the exporter to push metrics to influxdb. Default=10s
# # pushInterval: 30s
# ## Additional labels (influxdb tags) on all metrics.
# # additionalLabels:
# # env: production
# # foo: bar
# ## Enable metrics on entry points. Default=true
# # addEntryPointsLabels: false
# ## Enable metrics on routers. Default=false
# # addRoutersLabels: true
# ## Enable metrics on services. Default=true
# # addServicesLabels: false
# influxdb2:
# ## Address instructs exporter to send metrics to influxdb v2 at this address.
# address: localhost:8086
@ -435,43 +422,53 @@ metrics:
# # addRoutersLabels: true
# ## Enable metrics on services. Default=true
# # addServicesLabels: false
# openTelemetry:
# ## Address of the OpenTelemetry Collector to send metrics to.
# address: "localhost:4318"
# ## Enable metrics on entry points.
# addEntryPointsLabels: true
# ## Enable metrics on routers.
# addRoutersLabels: true
# ## Enable metrics on services.
# addServicesLabels: true
# ## Explicit boundaries for Histogram data points.
# explicitBoundaries:
# - "0.1"
# - "0.3"
# - "1.2"
# - "5.0"
# ## Additional headers sent with metrics by the reporter to the OpenTelemetry Collector.
# headers:
# foo: bar
# test: test
# ## Allows reporter to send metrics to the OpenTelemetry Collector without using a secured protocol.
# insecure: true
# ## Interval at which metrics are sent to the OpenTelemetry Collector.
# pushInterval: 10s
# ## Allows to override the default URL path used for sending metrics. This option has no effect when using gRPC transport.
# path: /foo/v1/traces
# ## Defines the TLS configuration used by the reporter to send metrics to the OpenTelemetry Collector.
# tls:
# ## The path to the certificate authority, it defaults to the system bundle.
# ca: path/to/ca.crt
# ## The path to the public certificate. When using this option, setting the key option is required.
# cert: path/to/foo.cert
# ## The path to the private key. When using this option, setting the cert option is required.
# key: path/to/key.key
# ## If set to true, the TLS connection accepts any certificate presented by the server regardless of the hostnames it covers.
# insecureSkipVerify: true
# ## This instructs the reporter to send metrics to the OpenTelemetry Collector using gRPC.
# grpc: true
otlp:
# -- Set to true in order to enable the OpenTelemetry metrics
enabled: false
# -- Enable metrics on entry points. Default: true
addEntryPointsLabels:
# -- Enable metrics on routers. Default: false
addRoutersLabels:
# -- Enable metrics on services. Default: true
addServicesLabels:
# -- Explicit boundaries for Histogram data points. Default: [.005, .01, .025, .05, .1, .25, .5, 1, 2.5, 5, 10]
explicitBoundaries:
# -- Interval at which metrics are sent to the OpenTelemetry Collector. Default: 10s
pushInterval:
http:
# -- Set to true in order to send metrics to the OpenTelemetry Collector using HTTP.
enabled: false
# -- Format: <scheme>://<host>:<port><path>. Default: http://localhost:4318/v1/metrics
endpoint:
# -- Additional headers sent with metrics by the reporter to the OpenTelemetry Collector.
headers:
## Defines the TLS configuration used by the reporter to send metrics to the OpenTelemetry Collector.
tls:
# -- The path to the certificate authority, it defaults to the system bundle.
ca:
# -- The path to the public certificate. When using this option, setting the key option is required.
cert:
# -- The path to the private key. When using this option, setting the cert option is required.
key:
# -- When set to true, the TLS connection accepts any certificate presented by the server regardless of the hostnames it covers.
insecureSkipVerify:
grpc:
# -- Set to true in order to send metrics to the OpenTelemetry Collector using gRPC
enabled: false
# -- Format: <scheme>://<host>:<port><path>. Default: http://localhost:4318/v1/metrics
endpoint:
# -- Allows reporter to send metrics to the OpenTelemetry Collector without using a secured protocol.
insecure:
## Defines the TLS configuration used by the reporter to send metrics to the OpenTelemetry Collector.
tls:
# -- The path to the certificate authority, it defaults to the system bundle.
ca:
# -- The path to the public certificate. When using this option, setting the key option is required.
cert:
# -- The path to the private key. When using this option, setting the cert option is required.
key:
# -- When set to true, the TLS connection accepts any certificate presented by the server regardless of the hostnames it covers.
insecureSkipVerify:
## -- enable optional CRDs for Prometheus Operator
##
@ -524,51 +521,46 @@ metrics:
## Tracing
# -- https://doc.traefik.io/traefik/observability/tracing/overview/
tracing: {}
# openTelemetry: # traefik v3+ only
# grpc: true
# insecure: true
# address: localhost:4317
# instana:
# localAgentHost: 127.0.0.1
# localAgentPort: 42699
# logLevel: info
# enableAutoProfile: true
# datadog:
# localAgentHostPort: 127.0.0.1:8126
# debug: false
# globalTag: ""
# prioritySampling: false
# jaeger:
# samplingServerURL: http://localhost:5778/sampling
# samplingType: const
# samplingParam: 1.0
# localAgentHostPort: 127.0.0.1:6831
# gen128Bit: false
# propagation: jaeger
# traceContextHeaderName: uber-trace-id
# disableAttemptReconnecting: true
# collector:
# endpoint: ""
# user: ""
# password: ""
# zipkin:
# httpEndpoint: http://localhost:9411/api/v2/spans
# sameSpan: false
# id128Bit: true
# sampleRate: 1.0
# haystack:
# localAgentHost: 127.0.0.1
# localAgentPort: 35000
# globalTag: ""
# traceIDHeaderName: ""
# parentIDHeaderName: ""
# spanIDHeaderName: ""
# baggagePrefixHeaderName: ""
# elastic:
# serverURL: http://localhost:8200
# secretToken: ""
# serviceEnvironment: ""
tracing:
# -- Enables tracing for internal resources. Default: false.
addInternals:
otlp:
# -- See https://doc.traefik.io/traefik/v3.0/observability/tracing/opentelemetry/
enabled: false
http:
# -- Set to true in order to send metrics to the OpenTelemetry Collector using HTTP.
enabled: false
# -- Format: <scheme>://<host>:<port><path>. Default: http://localhost:4318/v1/metrics
endpoint:
# -- Additional headers sent with metrics by the reporter to the OpenTelemetry Collector.
headers:
## Defines the TLS configuration used by the reporter to send metrics to the OpenTelemetry Collector.
tls:
# -- The path to the certificate authority, it defaults to the system bundle.
ca:
# -- The path to the public certificate. When using this option, setting the key option is required.
cert:
# -- The path to the private key. When using this option, setting the cert option is required.
key:
# -- When set to true, the TLS connection accepts any certificate presented by the server regardless of the hostnames it covers.
insecureSkipVerify:
grpc:
# -- Set to true in order to send metrics to the OpenTelemetry Collector using gRPC
enabled: false
# -- Format: <scheme>://<host>:<port><path>. Default: http://localhost:4318/v1/metrics
endpoint:
# -- Allows reporter to send metrics to the OpenTelemetry Collector without using a secured protocol.
insecure:
## Defines the TLS configuration used by the reporter to send metrics to the OpenTelemetry Collector.
tls:
# -- The path to the certificate authority, it defaults to the system bundle.
ca:
# -- The path to the public certificate. When using this option, setting the key option is required.
cert:
# -- The path to the private key. When using this option, setting the cert option is required.
key:
# -- When set to true, the TLS connection accepts any certificate presented by the server regardless of the hostnames it covers.
insecureSkipVerify:
# -- Global command arguments to be passed to all traefik's pods
globalArguments:
@ -662,15 +654,28 @@ ports:
# (Optional)
# priority: 10
#
# Trust forwarded headers information (X-Forwarded-*).
# -- Trust forwarded headers information (X-Forwarded-*).
# forwardedHeaders:
# trustedIPs: []
# insecure: false
#
# Enable the Proxy Protocol header parsing for the entry point
# -- Enable the Proxy Protocol header parsing for the entry point
# proxyProtocol:
# trustedIPs: []
# insecure: false
#
# -- Set transport settings for the entrypoint; see also
# https://doc.traefik.io/traefik/routing/entrypoints/#transport
transport:
respondingTimeouts:
readTimeout:
writeTimeout:
idleTimeout:
lifeCycle:
requestAcceptGraceTimeout:
graceTimeOut:
keepAliveMaxRequests:
keepAliveMaxTime:
websecure:
## -- Enable this entrypoint as a default entrypoint. When a service doesn't explicitly set an entrypoint it will only use this entrypoint.
# asDefault: true
@ -698,16 +703,29 @@ ports:
enabled: false
# advertisedPort: 4443
#
## -- Trust forwarded headers information (X-Forwarded-*).
# -- Trust forwarded headers information (X-Forwarded-*).
# forwardedHeaders:
# trustedIPs: []
# insecure: false
#
## -- Enable the Proxy Protocol header parsing for the entry point
# -- Enable the Proxy Protocol header parsing for the entry point
# proxyProtocol:
# trustedIPs: []
# insecure: false
#
# -- Set transport settings for the entrypoint; see also
# https://doc.traefik.io/traefik/routing/entrypoints/#transport
transport:
respondingTimeouts:
readTimeout:
writeTimeout:
idleTimeout:
lifeCycle:
requestAcceptGraceTimeout:
graceTimeOut:
keepAliveMaxRequests:
keepAliveMaxTime:
#
## Set TLS at the entrypoint
## https://doc.traefik.io/traefik/routing/entrypoints/#tls
tls:
@ -756,7 +774,6 @@ ports:
# default:
# labels: {}
# sniStrict: true
# preferServerCipherSuites: true
# custom-options:
# labels: {}
# curvePreferences:

260
index.yaml
View File

@ -243,8 +243,8 @@ entries:
argo-cd:
- annotations:
artifacthub.io/changes: |
- kind: added
description: JQ Path expression timeout
- kind: changed
description: Bump argo-cd to v2.10.9
artifacthub.io/signKey: |
fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
url: https://argoproj.github.io/argo-helm/pgp_keys.asc
@ -254,8 +254,8 @@ entries:
catalog.cattle.io/kube-version: '>=1.23.0-0'
catalog.cattle.io/release-name: argo-cd
apiVersion: v2
appVersion: v2.10.8
created: "2024-04-27T00:51:55.399879733Z"
appVersion: v2.10.9
created: "2024-05-01T00:56:46.695488838Z"
dependencies:
- condition: redis-ha.enabled
name: redis-ha
@ -263,7 +263,46 @@ entries:
version: 4.26.1
description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery
tool for Kubernetes.
digest: 7d1017a20eebe91bcb7daad6af4f985877abfa269decf2e505bfa1c6b8aa82fe
digest: e8f8c78a2d256bc085fd93de2ea1e247d3dd35c3ee677a0f4470a2f9de5fbf29
home: https://github.com/argoproj/argo-helm
icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png
keywords:
- argoproj
- argocd
- gitops
kubeVersion: '>=1.23.0-0'
maintainers:
- name: argoproj
url: https://argoproj.github.io/
name: argo-cd
sources:
- https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd
- https://github.com/argoproj/argo-cd
urls:
- assets/argo/argo-cd-6.7.18.tgz
version: 6.7.18
- annotations:
artifacthub.io/changes: |
- kind: added
description: JQ Path expression timeout
artifacthub.io/signKey: |
fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
url: https://argoproj.github.io/argo-helm/pgp_keys.asc
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Argo CD
catalog.cattle.io/kube-version: '>=1.23.0-0'
catalog.cattle.io/release-name: argo-cd
apiVersion: v2
appVersion: v2.10.8
created: "2024-05-01T00:56:36.530285899Z"
dependencies:
- condition: redis-ha.enabled
name: redis-ha
repository: file://./charts/redis-ha
version: 4.26.1
description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery
tool for Kubernetes.
digest: 87b85fc102b54f23f5a1daa8329a2f51f1fb6bd5c664e46f21cc5425d7eff86a
home: https://github.com/argoproj/argo-helm
icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png
keywords:
@ -25887,6 +25926,63 @@ entries:
- assets/jaeger/jaeger-operator-2.36.0.tgz
version: 2.36.0
jenkins:
- annotations:
artifacthub.io/category: integration-delivery
artifacthub.io/changes: |
- Update `kubernetes` to version `4209.vc646b_71e5269`
artifacthub.io/images: |
- name: jenkins
image: docker.io/jenkins/jenkins:2.440.3-jdk17
- name: k8s-sidecar
image: docker.io/kiwigrid/k8s-sidecar:1.26.1
- name: inbound-agent
image: jenkins/inbound-agent:3206.vb_15dcf73f6a_9-3
artifacthub.io/license: Apache-2.0
artifacthub.io/links: |
- name: Chart Source
url: https://github.com/jenkinsci/helm-charts/tree/main/charts/jenkins
- name: Jenkins
url: https://www.jenkins.io/
- name: support
url: https://github.com/jenkinsci/helm-charts/issues
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Jenkins
catalog.cattle.io/kube-version: '>=1.14-0'
catalog.cattle.io/release-name: jenkins
apiVersion: v2
appVersion: 2.440.3
created: "2024-05-01T00:56:48.594816785Z"
description: 'Jenkins - Build great things at any scale! As the leading open source
automation server, Jenkins provides over 1800 plugins to support building, deploying
and automating any project. '
digest: 5c92fe85de3b6ac823748b2b05d8aa0ebbec611c59e88f0d3f126db969fd6b5c
home: https://www.jenkins.io/
icon: https://get.jenkins.io/art/jenkins-logo/logo.svg
keywords:
- jenkins
- ci
- devops
maintainers:
- email: maor.friedman@redhat.com
name: maorfr
- email: mail@torstenwalter.de
name: torstenwalter
- email: garridomota@gmail.com
name: mogaal
- email: wmcdona89@gmail.com
name: wmcdona89
- email: timjacomb1@gmail.com
name: timja
name: jenkins
sources:
- https://github.com/jenkinsci/jenkins
- https://github.com/jenkinsci/docker-inbound-agent
- https://github.com/maorfr/kube-tasks
- https://github.com/jenkinsci/configuration-as-code-plugin
type: application
urls:
- assets/jenkins/jenkins-5.1.8.tgz
version: 5.1.8
- annotations:
artifacthub.io/category: integration-delivery
artifacthub.io/changes: |
@ -38138,6 +38234,90 @@ entries:
- assets/f5/nginx-service-mesh-0.2.100.tgz
version: 0.2.100
nri-bundle:
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: New Relic
catalog.cattle.io/release-name: nri-bundle
apiVersion: v2
created: "2024-05-01T00:56:51.336134546Z"
dependencies:
- condition: infrastructure.enabled,newrelic-infrastructure.enabled
name: newrelic-infrastructure
repository: file://./charts/newrelic-infrastructure
version: 3.33.4
- condition: prometheus.enabled,nri-prometheus.enabled
name: nri-prometheus
repository: file://./charts/nri-prometheus
version: 2.1.17
- condition: newrelic-prometheus-agent.enabled
name: newrelic-prometheus-agent
repository: file://./charts/newrelic-prometheus-agent
version: 1.13.0
- condition: webhook.enabled,nri-metadata-injection.enabled
name: nri-metadata-injection
repository: file://./charts/nri-metadata-injection
version: 4.19.0
- condition: metrics-adapter.enabled,newrelic-k8s-metrics-adapter.enabled
name: newrelic-k8s-metrics-adapter
repository: file://./charts/newrelic-k8s-metrics-adapter
version: 1.10.2
- condition: ksm.enabled,kube-state-metrics.enabled
name: kube-state-metrics
repository: file://./charts/kube-state-metrics
version: 5.12.1
- condition: kubeEvents.enabled,nri-kube-events.enabled
name: nri-kube-events
repository: file://./charts/nri-kube-events
version: 3.9.6
- condition: logging.enabled,newrelic-logging.enabled
name: newrelic-logging
repository: file://./charts/newrelic-logging
version: 1.21.3
- condition: newrelic-pixie.enabled
name: newrelic-pixie
repository: file://./charts/newrelic-pixie
version: 2.1.4
- alias: pixie-chart
condition: pixie-chart.enabled
name: pixie-operator-chart
repository: file://./charts/pixie-operator-chart
version: 0.1.4
- condition: newrelic-infra-operator.enabled
name: newrelic-infra-operator
repository: file://./charts/newrelic-infra-operator
version: 2.10.0
description: Groups together the individual charts for the New Relic Kubernetes
solution for a more comfortable deployment.
digest: 333f26187567ea88dd36262063ddf9517c72bb4374853d79286be62c5a353d57
home: https://github.com/newrelic/helm-charts
icon: https://newrelic.com/themes/custom/erno/assets/mediakit/new_relic_logo_vertical.svg
keywords:
- infrastructure
- newrelic
- monitoring
maintainers:
- name: juanjjaramillo
url: https://github.com/juanjjaramillo
- name: csongnr
url: https://github.com/csongnr
- name: dbudziwojskiNR
url: https://github.com/dbudziwojskiNR
name: nri-bundle
sources:
- https://github.com/newrelic/nri-bundle/
- https://github.com/newrelic/nri-bundle/tree/master/charts/nri-bundle
- https://github.com/newrelic/nri-kubernetes/tree/master/charts/newrelic-infrastructure
- https://github.com/newrelic/nri-prometheus/tree/master/charts/nri-prometheus
- https://github.com/newrelic/newrelic-prometheus-configurator/tree/master/charts/newrelic-prometheus-agent
- https://github.com/newrelic/k8s-metadata-injection/tree/master/charts/nri-metadata-injection
- https://github.com/newrelic/newrelic-k8s-metrics-adapter/tree/master/charts/newrelic-k8s-metrics-adapter
- https://github.com/newrelic/nri-kube-events/tree/master/charts/nri-kube-events
- https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-logging
- https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-pixie
- https://github.com/newrelic/newrelic-infra-operator/tree/master/charts/newrelic-infra-operator
urls:
- assets/new-relic/nri-bundle-5.0.75.tgz
version: 5.0.75
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: New Relic
@ -49458,6 +49638,37 @@ entries:
- assets/shipa/shipa-1.4.0.tgz
version: 1.4.0
speedscale-operator:
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Speedscale Operator
catalog.cattle.io/kube-version: '>= 1.17.0-0'
catalog.cattle.io/release-name: speedscale-operator
apiVersion: v1
appVersion: 2.1.296
created: "2024-05-01T00:56:52.212327891Z"
description: Stress test your APIs with real world scenarios. Collect and replay
traffic without scripting.
digest: 2e42c103d44aa206e65f4202503630cd8306e295e5c31f31b80574b9cec3823d
home: https://speedscale.com
icon: https://raw.githubusercontent.com/speedscale/assets/main/logo/gold_logo_only.png
keywords:
- speedscale
- test
- testing
- regression
- reliability
- load
- replay
- network
- traffic
kubeVersion: '>= 1.17.0-0'
maintainers:
- email: support@speedscale.com
name: Speedscale Support
name: speedscale-operator
urls:
- assets/speedscale/speedscale-operator-2.1.296.tgz
version: 2.1.296
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Speedscale Operator
@ -54321,6 +54532,45 @@ entries:
- assets/intel/tcs-issuer-0.1.0.tgz
version: 0.1.0
traefik:
- annotations:
artifacthub.io/changes: "- \"style: \U0001F3A8 consistent capitalization on
`--entryPoints` CLI flag\"\n- \"fix: \U0001F41B only expose http3 port on
service when TCP variant is exposed\"\n- \"fix: \U0001F41B logs filters on
status codes\"\n- \"feat: ✨ add support of `experimental-v3.0` unstable version\"\n-
\"feat: ability to override liveness and readiness probe paths\"\n- \"feat(ports):
add transport options\"\n- \"chore(release): publish v28.0.0\"\n"
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Traefik Proxy
catalog.cattle.io/kube-version: '>=1.22.0-0'
catalog.cattle.io/release-name: traefik
apiVersion: v2
appVersion: v3.0.0
created: "2024-05-01T00:56:52.555997949Z"
description: A Traefik based Kubernetes ingress controller
digest: b7a0cab75677a97c243d20873edd59d4bd7cd1518fb01a0fb83d610d224763fd
home: https://traefik.io/
icon: https://raw.githubusercontent.com/traefik/traefik/v2.3/docs/content/assets/img/traefik.logo.png
keywords:
- traefik
- ingress
- networking
kubeVersion: '>=1.22.0-0'
maintainers:
- email: michel.loiseleur@traefik.io
name: mloiseleur
- email: charlie.haley@traefik.io
name: charlie-haley
- email: remi.buisson@traefik.io
name: darkweaver87
- name: jnoordsij
name: traefik
sources:
- https://github.com/traefik/traefik
- https://github.com/traefik/traefik-helm-chart
type: application
urls:
- assets/traefik/traefik-28.0.0.tgz
version: 28.0.0
- annotations:
artifacthub.io/changes: |
- "feat: ✨ update Traefik Proxy to v2.11.2"