forked from Ivasoft/traefik
Compare commits
19 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
871e04cb12 | ||
|
|
287cebb498 | ||
|
|
6c8d200373 | ||
|
|
0ac6f80b50 | ||
|
|
2b73860ea5 | ||
|
|
ddcb003b3b | ||
|
|
be52c5abb1 | ||
|
|
eb6c5fc34d | ||
|
|
4fc16f26a3 | ||
|
|
234d35f592 | ||
|
|
352a72a5d7 | ||
|
|
4d1ce986a6 | ||
|
|
531a8ff248 | ||
|
|
2644c1f598 | ||
|
|
fa53f7ec85 | ||
|
|
e05574af58 | ||
|
|
fcfc976b13 | ||
|
|
78180a5fa7 | ||
|
|
3445abe7ac |
37
.github/workflows/experimental.yaml
vendored
Normal file
37
.github/workflows/experimental.yaml
vendored
Normal file
@@ -0,0 +1,37 @@
|
||||
name: Build experimental image on branch
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- master
|
||||
- v*
|
||||
|
||||
jobs:
|
||||
|
||||
experimental:
|
||||
if: github.repository == 'traefik/traefik'
|
||||
name: Build experimental image on branch
|
||||
runs-on: ubuntu-20.04
|
||||
|
||||
steps:
|
||||
|
||||
# https://github.com/marketplace/actions/checkout
|
||||
- name: Check out code
|
||||
uses: actions/checkout@v2
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Branch name
|
||||
run: echo ${GITHUB_REF##*/}
|
||||
|
||||
- name: Build docker experimental image
|
||||
run: docker build -t traefik/traefik:experimental-${GITHUB_REF##*/} -f exp.Dockerfile .
|
||||
|
||||
- name: Login to Docker Hub
|
||||
uses: docker/login-action@v1
|
||||
with:
|
||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||
|
||||
- name: Push to Docker Hub
|
||||
run: docker push traefik/traefik:experimental-${GITHUB_REF##*/}
|
||||
25
CHANGELOG.md
25
CHANGELOG.md
@@ -1,3 +1,28 @@
|
||||
## [v2.5.2](https://github.com/traefik/traefik/tree/v2.5.2) (2021-09-02)
|
||||
[All Commits](https://github.com/traefik/traefik/compare/v2.5.1...v2.5.2)
|
||||
|
||||
**Bug fixes:**
|
||||
- **[http3]** Upgrade github.com/lucas-clemente/quic-go to v0.23.0 ([#8413](https://github.com/traefik/traefik/pull/8413) by [sylr](https://github.com/sylr))
|
||||
- **[middleware]** Fix empty body error for mirroring middleware ([#8381](https://github.com/traefik/traefik/pull/8381) by [antgubarev](https://github.com/antgubarev))
|
||||
- **[tracing]** Bump go.elastic.co/apm version to v1.13.1 ([#8399](https://github.com/traefik/traefik/pull/8399) by [rtribotte](https://github.com/rtribotte))
|
||||
- Update x/sys to support go 1.17 ([#8368](https://github.com/traefik/traefik/pull/8368) by [roopakv](https://github.com/roopakv))
|
||||
- Bump Alpine docker image version from 3.11 to 3.14 for official Traefik images
|
||||
|
||||
**Documentation:**
|
||||
- **[k8s/ingress,k8s]** Adds pathType for v1 ingresses examples ([#8392](https://github.com/traefik/traefik/pull/8392) by [rtribotte](https://github.com/rtribotte))
|
||||
- Fix http scheme urls in documentation ([#8395](https://github.com/traefik/traefik/pull/8395) by [rtribotte](https://github.com/rtribotte))
|
||||
|
||||
## [v2.5.1](https://github.com/traefik/traefik/tree/v2.5.1) (2021-08-20)
|
||||
[All Commits](https://github.com/traefik/traefik/compare/v2.5.0...v2.5.1)
|
||||
|
||||
**Bug fixes:**
|
||||
- **[middleware,http3]** Conditional CloseNotify in header middleware ([#8374](https://github.com/traefik/traefik/pull/8374) by [juliens](https://github.com/juliens))
|
||||
- **[tls,tcp,k8s/crd,k8s]** Makes ALPN protocols configurable ([#8383](https://github.com/traefik/traefik/pull/8383) by [rtribotte](https://github.com/rtribotte))
|
||||
|
||||
**Documentation:**
|
||||
- **[k8s]** Adds MiddlewareTCP CRD documentation ([#8369](https://github.com/traefik/traefik/pull/8369) by [perosb](https://github.com/perosb))
|
||||
- **[middleware]** Adds ContentType to middleware's overview table ([#8350](https://github.com/traefik/traefik/pull/8350) by [euidong](https://github.com/euidong))
|
||||
|
||||
## [v2.5.0](https://github.com/traefik/traefik/tree/v2.5.0) (2021-08-17)
|
||||
[All Commits](https://github.com/traefik/traefik/compare/v2.4.0-rc1...v2.5.0)
|
||||
|
||||
|
||||
2
Makefile
2
Makefile
@@ -140,7 +140,7 @@ docs-serve:
|
||||
docs-pull-images:
|
||||
make -C ./docs docs-pull-images
|
||||
|
||||
## Generate CRD clientset
|
||||
## Generate CRD clientset and CRD manifests
|
||||
generate-crd:
|
||||
@$(CURDIR)/script/code-gen.sh
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# Security Policy
|
||||
|
||||
We strongly advise you to register your Traefik instances to [Pilot](http://pilot.traefik.io) to be notified of security advisories that apply to your Traefik version.
|
||||
We strongly advise you to register your Traefik instances to [Pilot](https://pilot.traefik.io) to be notified of security advisories that apply to your Traefik version.
|
||||
You can also join our security mailing list to be aware of the latest announcements from our security team.
|
||||
You can subscribe sending a mail to security+subscribe@traefik.io or on [the online viewer](https://groups.google.com/a/traefik.io/forum/#!forum/security).
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
|
||||
FROM alpine:3.13 as alpine
|
||||
FROM alpine:3.14 as alpine
|
||||
|
||||
RUN apk --no-cache --no-progress add \
|
||||
libcurl \
|
||||
|
||||
@@ -29,7 +29,7 @@ docker run --rm -v /home/user/go/github/traefik/traefik:/mkdocs -p 8000:8000 tr
|
||||
|
||||
!!! tip "Default URL"
|
||||
|
||||
Your local documentation server will run by default on [http://127.0.0.1:8000](http://127.0.0.1:8000).
|
||||
Your local documentation server will run by default on <http://127.0.0.1:8000>.
|
||||
|
||||
If you only want to build the documentation without serving it locally, you can use the following command:
|
||||
|
||||
|
||||
@@ -36,7 +36,7 @@ Start your `reverse-proxy` with the following command:
|
||||
docker-compose up -d reverse-proxy
|
||||
```
|
||||
|
||||
You can open a browser and go to [http://localhost:8080/api/rawdata](http://localhost:8080/api/rawdata) to see Traefik's API rawdata (we'll go back there once we have launched a service in step 2).
|
||||
You can open a browser and go to <http://localhost:8080/api/rawdata> to see Traefik's API rawdata (we'll go back there once we have launched a service in step 2).
|
||||
|
||||
## Traefik Detects New Services and Creates the Route for You
|
||||
|
||||
@@ -61,7 +61,7 @@ Start the `whoami` service with the following command:
|
||||
docker-compose up -d whoami
|
||||
```
|
||||
|
||||
Go back to your browser ([http://localhost:8080/api/rawdata](http://localhost:8080/api/rawdata)) and see that Traefik has automatically detected the new container and updated its own configuration.
|
||||
Go back to your browser (<http://localhost:8080/api/rawdata>) and see that Traefik has automatically detected the new container and updated its own configuration.
|
||||
|
||||
When Traefik detects new services, it creates the corresponding routes so you can call them ... _let's see!_ (Here, we're using curl)
|
||||
|
||||
@@ -85,7 +85,7 @@ Run more instances of your `whoami` service with the following command:
|
||||
docker-compose up -d --scale whoami=2
|
||||
```
|
||||
|
||||
Go back to your browser ([http://localhost:8080/api/rawdata](http://localhost:8080/api/rawdata)) and see that Traefik has automatically detected the new instance of the container.
|
||||
Go back to your browser (<http://localhost:8080/api/rawdata>) and see that Traefik has automatically detected the new instance of the container.
|
||||
|
||||
Finally, see that Traefik load-balances between the two instances of your service by running the following command twice:
|
||||
|
||||
|
||||
@@ -314,7 +314,7 @@ For complete details, refer to your provider's _Additional configuration_ link.
|
||||
| [Exoscale](https://www.exoscale.com) | `exoscale` | `EXOSCALE_API_KEY`, `EXOSCALE_API_SECRET`, `EXOSCALE_ENDPOINT` | [Additional configuration](https://go-acme.github.io/lego/dns/exoscale) |
|
||||
| [Fast DNS](https://www.akamai.com/) | `fastdns` | `AKAMAI_CLIENT_TOKEN`, `AKAMAI_CLIENT_SECRET`, `AKAMAI_ACCESS_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/edgedns) |
|
||||
| [Gandi](https://www.gandi.net) | `gandi` | `GANDI_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/gandi) |
|
||||
| [Gandi v5](http://doc.livedns.gandi.net) | `gandiv5` | `GANDIV5_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/gandiv5) |
|
||||
| [Gandi v5](https://doc.livedns.gandi.net) | `gandiv5` | `GANDIV5_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/gandiv5) |
|
||||
| [Glesys](https://glesys.com/) | `glesys` | `GLESYS_API_USER`, `GLESYS_API_KEY`, `GLESYS_DOMAIN` | [Additional configuration](https://go-acme.github.io/lego/dns/glesys) |
|
||||
| [GoDaddy](https://godaddy.com/) | `godaddy` | `GODADDY_API_KEY`, `GODADDY_API_SECRET` | [Additional configuration](https://go-acme.github.io/lego/dns/godaddy) |
|
||||
| [Google Cloud DNS](https://cloud.google.com/dns/docs/) | `gcloud` | `GCE_PROJECT`, Application Default Credentials [^2] [^3], [`GCE_SERVICE_ACCOUNT_FILE`] | [Additional configuration](https://go-acme.github.io/lego/dns/gcloud) |
|
||||
|
||||
@@ -399,6 +399,47 @@ spec:
|
||||
preferServerCipherSuites: true
|
||||
```
|
||||
|
||||
### ALPN Protocols
|
||||
|
||||
_Optional, Default="h2, http/1.1, acme-tls/1"_
|
||||
|
||||
This option allows to specify the list of supported application level protocols for the TLS handshake,
|
||||
in order of preference.
|
||||
If the client supports ALPN, the selected protocol will be one from this list,
|
||||
and the connection will fail if there is no mutually supported protocol.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
# Dynamic configuration
|
||||
|
||||
tls:
|
||||
options:
|
||||
default:
|
||||
alpnProtocols:
|
||||
- http/1.1
|
||||
- h2
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
# Dynamic configuration
|
||||
|
||||
[tls.options]
|
||||
[tls.options.default]
|
||||
alpnProtocols = ["http/1.1", "h2"]
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes"
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: TLSOption
|
||||
metadata:
|
||||
name: default
|
||||
namespace: default
|
||||
|
||||
spec:
|
||||
alpnProtocols:
|
||||
- http/1.1
|
||||
- h2
|
||||
```
|
||||
|
||||
### Client Authentication (mTLS)
|
||||
|
||||
Traefik supports mutual authentication, through the `clientAuth` section.
|
||||
|
||||
@@ -126,24 +126,25 @@ http:
|
||||
|
||||
| Middleware | Purpose | Area |
|
||||
|-------------------------------------------|---------------------------------------------------|-----------------------------|
|
||||
| [AddPrefix](addprefix.md) | Add a Path Prefix | Path Modifier |
|
||||
| [BasicAuth](basicauth.md) | Basic auth mechanism | Security, Authentication |
|
||||
| [AddPrefix](addprefix.md) | Adds a Path Prefix | Path Modifier |
|
||||
| [BasicAuth](basicauth.md) | Adds Basic Authentication | Security, Authentication |
|
||||
| [Buffering](buffering.md) | Buffers the request/response | Request Lifecycle |
|
||||
| [Chain](chain.md) | Combine multiple pieces of middleware | Middleware tool |
|
||||
| [CircuitBreaker](circuitbreaker.md) | Stop calling unhealthy services | Request Lifecycle |
|
||||
| [Compress](compress.md) | Compress the response | Content Modifier |
|
||||
| [Chain](chain.md) | Combines multiple pieces of middleware | Misc |
|
||||
| [CircuitBreaker](circuitbreaker.md) | Prevents calling unhealthy services | Request Lifecycle |
|
||||
| [Compress](compress.md) | Compresses the response | Content Modifier |
|
||||
| [ContentType](contenttype.md) | Handles Content-Type auto-detection | Misc |
|
||||
| [DigestAuth](digestauth.md) | Adds Digest Authentication | Security, Authentication |
|
||||
| [Errors](errorpages.md) | Define custom error pages | Request Lifecycle |
|
||||
| [ForwardAuth](forwardauth.md) | Authentication delegation | Security, Authentication |
|
||||
| [Headers](headers.md) | Add / Update headers | Security |
|
||||
| [IPWhiteList](ipwhitelist.md) | Limit the allowed client IPs | Security, Request lifecycle |
|
||||
| [InFlightReq](inflightreq.md) | Limit the number of simultaneous connections | Security, Request lifecycle |
|
||||
| [PassTLSClientCert](passtlsclientcert.md) | Adding Client Certificates in a Header | Security |
|
||||
| [RateLimit](ratelimit.md) | Limit the call frequency | Security, Request lifecycle |
|
||||
| [RedirectScheme](redirectscheme.md) | Redirect easily the client elsewhere | Request lifecycle |
|
||||
| [RedirectRegex](redirectregex.md) | Redirect the client elsewhere | Request lifecycle |
|
||||
| [ReplacePath](replacepath.md) | Change the path of the request | Path Modifier |
|
||||
| [ReplacePathRegex](replacepathregex.md) | Change the path of the request | Path Modifier |
|
||||
| [Retry](retry.md) | Automatically retry the request in case of errors | Request lifecycle |
|
||||
| [StripPrefix](stripprefix.md) | Change the path of the request | Path Modifier |
|
||||
| [StripPrefixRegex](stripprefixregex.md) | Change the path of the request | Path Modifier |
|
||||
| [Errors](errorpages.md) | Defines custom error pages | Request Lifecycle |
|
||||
| [ForwardAuth](forwardauth.md) | Delegates Authentication | Security, Authentication |
|
||||
| [Headers](headers.md) | Adds / Updates headers | Security |
|
||||
| [IPWhiteList](ipwhitelist.md) | Limits the allowed client IPs | Security, Request lifecycle |
|
||||
| [InFlightReq](inflightreq.md) | Limits the number of simultaneous connections | Security, Request lifecycle |
|
||||
| [PassTLSClientCert](passtlsclientcert.md) | Adds Client Certificates in a Header | Security |
|
||||
| [RateLimit](ratelimit.md) | Limits the call frequency | Security, Request lifecycle |
|
||||
| [RedirectScheme](redirectscheme.md) | Redirects based on scheme | Request lifecycle |
|
||||
| [RedirectRegex](redirectregex.md) | Redirects based on regex | Request lifecycle |
|
||||
| [ReplacePath](replacepath.md) | Changes the path of the request | Path Modifier |
|
||||
| [ReplacePathRegex](replacepathregex.md) | Changes the path of the request | Path Modifier |
|
||||
| [Retry](retry.md) | Automatically retries in case of error | Request lifecycle |
|
||||
| [StripPrefix](stripprefix.md) | Changes the path of the request | Path Modifier |
|
||||
| [StripPrefixRegex](stripprefixregex.md) | Changes the path of the request | Path Modifier |
|
||||
|
||||
@@ -532,7 +532,7 @@ The default host rule for all services.
|
||||
|
||||
For a given service, if no routing rule was defined by a tag, it is defined by this `defaultRule` instead.
|
||||
The `defaultRule` must be set to a valid [Go template](https://golang.org/pkg/text/template/),
|
||||
and can include [sprig template functions](http://masterminds.github.io/sprig/).
|
||||
and can include [sprig template functions](https://masterminds.github.io/sprig/).
|
||||
The service name can be accessed with the `Name` identifier,
|
||||
and the template has access to all the labels (i.e. tags beginning with the `prefix`) defined on this service.
|
||||
|
||||
|
||||
@@ -428,7 +428,7 @@ _Optional, Default=```Host(`{{ normalize .Name }}`)```_
|
||||
The `defaultRule` option defines what routing rule to apply to a container if no rule is defined by a label.
|
||||
|
||||
It must be a valid [Go template](https://golang.org/pkg/text/template/), and can use
|
||||
[sprig template functions](http://masterminds.github.io/sprig/).
|
||||
[sprig template functions](https://masterminds.github.io/sprig/).
|
||||
The container service name can be accessed with the `Name` identifier,
|
||||
and the template has access to all the labels defined on this container.
|
||||
|
||||
|
||||
@@ -139,7 +139,7 @@ _Optional, Default=```Host(`{{ normalize .Name }}`)```_
|
||||
The `defaultRule` option defines what routing rule to apply to a container if no rule is defined by a label.
|
||||
|
||||
It must be a valid [Go template](https://golang.org/pkg/text/template/), and can use
|
||||
[sprig template functions](http://masterminds.github.io/sprig/).
|
||||
[sprig template functions](https://masterminds.github.io/sprig/).
|
||||
The container service name can be accessed with the `Name` identifier,
|
||||
and the template has access to all the labels defined on this container.
|
||||
|
||||
|
||||
@@ -199,7 +199,7 @@ providers:
|
||||
|
||||
Traefik supports using Go templating to automatically generate repetitive sections of configuration files.
|
||||
These sections must be a valid [Go template](https://golang.org/pkg/text/template/), and can use
|
||||
[sprig template functions](http://masterminds.github.io/sprig/).
|
||||
[sprig template functions](https://masterminds.github.io/sprig/).
|
||||
|
||||
To illustrate, it is possible to easily define multiple routers, services, and TLS certificates as described in the following examples:
|
||||
|
||||
|
||||
@@ -73,17 +73,17 @@ This provider is proposed as an experimental feature and partially supports the
|
||||
|
||||
The Kubernetes Gateway API project provides several guides on how to use the APIs.
|
||||
These guides can help you to go further than the example above.
|
||||
The [getting started guide](https://gateway-api.sigs.k8s.io/guides/getting-started/) details how to install the CRDs from their repository.
|
||||
The [getting started guide](https://gateway-api.sigs.k8s.io/v1alpha1/guides/getting-started/) details how to install the CRDs from their repository.
|
||||
|
||||
!!! note ""
|
||||
|
||||
Keep in mind that the Traefik Gateway provider only supports the `v0.3.0`.
|
||||
Keep in mind that the Traefik Gateway provider only supports the `v0.3.0` (v1alpha1).
|
||||
|
||||
For now, the Traefik Gateway Provider can be used while following the below guides:
|
||||
|
||||
* [Simple Gateway](https://gateway-api.sigs.k8s.io/guides/simple-gateway/)
|
||||
* [HTTP routing](https://gateway-api.sigs.k8s.io/guides/http-routing/)
|
||||
* [TLS](https://gateway-api.sigs.k8s.io/guides/tls/)
|
||||
* [Simple Gateway](https://gateway-api.sigs.k8s.io/v1alpha1/guides/simple-gateway/)
|
||||
* [HTTP routing](https://gateway-api.sigs.k8s.io/v1alpha1/guides/http-routing/)
|
||||
* [TLS](https://gateway-api.sigs.k8s.io/v1alpha1/guides/tls/)
|
||||
|
||||
## Resource Configuration
|
||||
|
||||
|
||||
@@ -70,12 +70,14 @@ spec:
|
||||
http:
|
||||
paths:
|
||||
- path: /bar
|
||||
pathType: Exact
|
||||
backend:
|
||||
service:
|
||||
name: service1
|
||||
port:
|
||||
number: 80
|
||||
- path: /foo
|
||||
pathType: Exact
|
||||
backend:
|
||||
service:
|
||||
name: service1
|
||||
@@ -312,6 +314,7 @@ Otherwise, Ingresses missing the annotation, having an empty value, or the value
|
||||
http:
|
||||
paths:
|
||||
- path: "/example"
|
||||
pathType: Exact
|
||||
backend:
|
||||
service:
|
||||
name: "example-service"
|
||||
|
||||
@@ -114,7 +114,7 @@ The default host rule for all services.
|
||||
For a given application, if no routing rule was defined by a label, it is defined by this `defaultRule` instead.
|
||||
|
||||
It must be a valid [Go template](https://golang.org/pkg/text/template/),
|
||||
and can include [sprig template functions](http://masterminds.github.io/sprig/).
|
||||
and can include [sprig template functions](https://masterminds.github.io/sprig/).
|
||||
|
||||
The app ID can be accessed with the `Name` identifier,
|
||||
and the template has access to all the labels defined on this Marathon application.
|
||||
|
||||
@@ -96,7 +96,7 @@ The default host rule for all services.
|
||||
The `defaultRule` option defines what routing rule to apply to a container if no rule is defined by a label.
|
||||
|
||||
It must be a valid [Go template](https://golang.org/pkg/text/template/), and can use
|
||||
[sprig template functions](http://masterminds.github.io/sprig/).
|
||||
[sprig template functions](https://masterminds.github.io/sprig/).
|
||||
The service name can be accessed with the `Name` identifier,
|
||||
and the template has access to all the labels defined on this container.
|
||||
|
||||
|
||||
@@ -421,6 +421,7 @@
|
||||
curvePreferences = ["foobar", "foobar"]
|
||||
sniStrict = true
|
||||
preferServerCipherSuites = true
|
||||
alpnProtocols = ["foobar", "foobar"]
|
||||
[tls.options.Options0.clientAuth]
|
||||
caFiles = ["foobar", "foobar"]
|
||||
clientAuthType = "foobar"
|
||||
@@ -431,6 +432,7 @@
|
||||
curvePreferences = ["foobar", "foobar"]
|
||||
sniStrict = true
|
||||
preferServerCipherSuites = true
|
||||
alpnProtocols = ["foobar", "foobar"]
|
||||
[tls.options.Options1.clientAuth]
|
||||
caFiles = ["foobar", "foobar"]
|
||||
clientAuthType = "foobar"
|
||||
|
||||
@@ -470,6 +470,9 @@ tls:
|
||||
clientAuthType: foobar
|
||||
sniStrict: true
|
||||
preferServerCipherSuites: true
|
||||
alpnProtocols:
|
||||
- foobar
|
||||
- foobar
|
||||
Options1:
|
||||
minVersion: foobar
|
||||
maxVersion: foobar
|
||||
@@ -486,6 +489,9 @@ tls:
|
||||
clientAuthType: foobar
|
||||
sniStrict: true
|
||||
preferServerCipherSuites: true
|
||||
alpnProtocols:
|
||||
- foobar
|
||||
- foobar
|
||||
stores:
|
||||
Store0:
|
||||
defaultCertificate:
|
||||
|
||||
@@ -2,6 +2,7 @@
|
||||
--8<-- "content/reference/dynamic-configuration/traefik.containo.us_ingressroutetcps.yaml"
|
||||
--8<-- "content/reference/dynamic-configuration/traefik.containo.us_ingressrouteudps.yaml"
|
||||
--8<-- "content/reference/dynamic-configuration/traefik.containo.us_middlewares.yaml"
|
||||
--8<-- "content/reference/dynamic-configuration/traefik.containo.us_middlewaretcps.yaml"
|
||||
--8<-- "content/reference/dynamic-configuration/traefik.containo.us_serverstransports.yaml"
|
||||
--8<-- "content/reference/dynamic-configuration/traefik.containo.us_tlsoptions.yaml"
|
||||
--8<-- "content/reference/dynamic-configuration/traefik.containo.us_tlsstores.yaml"
|
||||
|
||||
@@ -194,6 +194,9 @@ spec:
|
||||
clientAuthType: RequireAndVerifyClientCert
|
||||
sniStrict: true
|
||||
preferServerCipherSuites: true
|
||||
alpnProtocols:
|
||||
- foobar
|
||||
- foobar
|
||||
|
||||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
|
||||
@@ -274,6 +274,8 @@
|
||||
| `traefik/tls/certificates/1/keyFile` | `foobar` |
|
||||
| `traefik/tls/certificates/1/stores/0` | `foobar` |
|
||||
| `traefik/tls/certificates/1/stores/1` | `foobar` |
|
||||
| `traefik/tls/options/Options0/alpnProtocols/0` | `foobar` |
|
||||
| `traefik/tls/options/Options0/alpnProtocols/1` | `foobar` |
|
||||
| `traefik/tls/options/Options0/cipherSuites/0` | `foobar` |
|
||||
| `traefik/tls/options/Options0/cipherSuites/1` | `foobar` |
|
||||
| `traefik/tls/options/Options0/clientAuth/caFiles/0` | `foobar` |
|
||||
@@ -285,6 +287,8 @@
|
||||
| `traefik/tls/options/Options0/minVersion` | `foobar` |
|
||||
| `traefik/tls/options/Options0/preferServerCipherSuites` | `true` |
|
||||
| `traefik/tls/options/Options0/sniStrict` | `true` |
|
||||
| `traefik/tls/options/Options1/alpnProtocols/0` | `foobar` |
|
||||
| `traefik/tls/options/Options1/alpnProtocols/1` | `foobar` |
|
||||
| `traefik/tls/options/Options1/cipherSuites/0` | `foobar` |
|
||||
| `traefik/tls/options/Options1/cipherSuites/1` | `foobar` |
|
||||
| `traefik/tls/options/Options1/clientAuth/caFiles/0` | `foobar` |
|
||||
|
||||
@@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.4.1
|
||||
controller-gen.kubebuilder.io/version: v0.6.2
|
||||
creationTimestamp: null
|
||||
name: ingressroutes.traefik.containo.us
|
||||
spec:
|
||||
|
||||
@@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.4.1
|
||||
controller-gen.kubebuilder.io/version: v0.6.2
|
||||
creationTimestamp: null
|
||||
name: ingressroutetcps.traefik.containo.us
|
||||
spec:
|
||||
|
||||
@@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.4.1
|
||||
controller-gen.kubebuilder.io/version: v0.6.2
|
||||
creationTimestamp: null
|
||||
name: ingressrouteudps.traefik.containo.us
|
||||
spec:
|
||||
|
||||
@@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.4.1
|
||||
controller-gen.kubebuilder.io/version: v0.6.2
|
||||
creationTimestamp: null
|
||||
name: middlewares.traefik.containo.us
|
||||
spec:
|
||||
|
||||
@@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.4.1
|
||||
controller-gen.kubebuilder.io/version: v0.6.2
|
||||
creationTimestamp: null
|
||||
name: middlewaretcps.traefik.containo.us
|
||||
spec:
|
||||
|
||||
@@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.4.1
|
||||
controller-gen.kubebuilder.io/version: v0.6.2
|
||||
creationTimestamp: null
|
||||
name: serverstransports.traefik.containo.us
|
||||
spec:
|
||||
|
||||
@@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.4.1
|
||||
controller-gen.kubebuilder.io/version: v0.6.2
|
||||
creationTimestamp: null
|
||||
name: tlsoptions.traefik.containo.us
|
||||
spec:
|
||||
@@ -36,6 +36,10 @@ spec:
|
||||
spec:
|
||||
description: TLSOptionSpec configures TLS for an entry point.
|
||||
properties:
|
||||
alpnProtocols:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
cipherSuites:
|
||||
items:
|
||||
type: string
|
||||
|
||||
@@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.4.1
|
||||
controller-gen.kubebuilder.io/version: v0.6.2
|
||||
creationTimestamp: null
|
||||
name: tlsstores.traefik.containo.us
|
||||
spec:
|
||||
|
||||
@@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.4.1
|
||||
controller-gen.kubebuilder.io/version: v0.6.2
|
||||
creationTimestamp: null
|
||||
name: traefikservices.traefik.containo.us
|
||||
spec:
|
||||
|
||||
@@ -295,9 +295,10 @@ You can find an excerpt of the available custom resources in the table below:
|
||||
| Kind | Purpose | Concept Behind |
|
||||
|--------------------------------------------|--------------------------------------------------------------------|----------------------------------------------------------------|
|
||||
| [IngressRoute](#kind-ingressroute) | HTTP Routing | [HTTP router](../routers/index.md#configuring-http-routers) |
|
||||
| [Middleware](#kind-middleware) | Tweaks the HTTP requests before they are sent to your service | [HTTP Middlewares](../../middlewares/overview.md) |
|
||||
| [Middleware](#kind-middleware) | Tweaks the HTTP requests before they are sent to your service | [HTTP Middlewares](../../middlewares/http/overview.md) |
|
||||
| [TraefikService](#kind-traefikservice) | Abstraction for HTTP loadbalancing/mirroring | [HTTP service](../services/index.md#configuring-http-services) |
|
||||
| [IngressRouteTCP](#kind-ingressroutetcp) | TCP Routing | [TCP router](../routers/index.md#configuring-tcp-routers) |
|
||||
| [MiddlewareTCP](#kind-middlewaretcp) | Tweaks the TCP requests before they are sent to your service | [TCP Middlewares](../../middlewares/tcp/overview.md) |
|
||||
| [IngressRouteUDP](#kind-ingressrouteudp) | UDP Routing | [UDP router](../routers/index.md#configuring-udp-routers) |
|
||||
| [TLSOptions](#kind-tlsoption) | Allows to configure some parameters of the TLS connection | [TLSOptions](../../https/tls.md#tls-options) |
|
||||
| [TLSStores](#kind-tlsstore) | Allows to configure the default TLS store | [TLSStores](../../https/tls.md#certificates-stores) |
|
||||
@@ -580,7 +581,7 @@ Register the `IngressRoute` [kind](../../reference/dynamic-configuration/kuberne
|
||||
|
||||
### Kind: `Middleware`
|
||||
|
||||
`Middleware` is the CRD implementation of a [Traefik middleware](../../middlewares/overview.md).
|
||||
`Middleware` is the CRD implementation of a [Traefik middleware](../../middlewares/http/overview.md).
|
||||
|
||||
Register the `Middleware` [kind](../../reference/dynamic-configuration/kubernetes-crd.md#definitions) in the Kubernetes cluster before creating `Middleware` objects or referencing middlewares in the [`IngressRoute`](#kind-ingressroute) objects.
|
||||
|
||||
@@ -628,7 +629,7 @@ Register the `Middleware` [kind](../../reference/dynamic-configuration/kubernete
|
||||
Additionally, when you want to reference a Middleware from the CRD Provider,
|
||||
you have to append the namespace of the resource in the resource-name as Traefik appends the namespace internally automatically.
|
||||
|
||||
More information about available middlewares in the dedicated [middlewares section](../../middlewares/overview.md).
|
||||
More information about available middlewares in the dedicated [middlewares section](../../middlewares/http/overview.md).
|
||||
|
||||
### Kind: `TraefikService`
|
||||
|
||||
@@ -1088,25 +1089,28 @@ Register the `IngressRouteTCP` [kind](../../reference/dynamic-configuration/kube
|
||||
- footcp
|
||||
routes: # [2]
|
||||
- match: HostSNI(`*`) # [3]
|
||||
services: # [4]
|
||||
- name: foo # [5]
|
||||
port: 8080 # [6]
|
||||
weight: 10 # [7]
|
||||
terminationDelay: 400 # [8]
|
||||
proxyProtocol: # [9]
|
||||
version: 1 # [10]
|
||||
tls: # [11]
|
||||
secretName: supersecret # [12]
|
||||
options: # [13]
|
||||
name: opt # [14]
|
||||
namespace: default # [15]
|
||||
certResolver: foo # [16]
|
||||
domains: # [17]
|
||||
- main: example.net # [18]
|
||||
sans: # [19]
|
||||
middlewares:
|
||||
- name: middleware1 # [4]
|
||||
namespace: default # [5]
|
||||
services: # [6]
|
||||
- name: foo # [7]
|
||||
port: 8080 # [8]
|
||||
weight: 10 # [9]
|
||||
terminationDelay: 400 # [10]
|
||||
proxyProtocol: # [11]
|
||||
version: 1 # [12]
|
||||
tls: # [13]
|
||||
secretName: supersecret # [14]
|
||||
options: # [15]
|
||||
name: opt # [16]
|
||||
namespace: default # [17]
|
||||
certResolver: foo # [18]
|
||||
domains: # [19]
|
||||
- main: example.net # [20]
|
||||
sans: # [21]
|
||||
- a.example.net
|
||||
- b.example.net
|
||||
passthrough: false # [20]
|
||||
passthrough: false # [22]
|
||||
```
|
||||
|
||||
| Ref | Attribute | Purpose |
|
||||
@@ -1114,23 +1118,25 @@ Register the `IngressRouteTCP` [kind](../../reference/dynamic-configuration/kube
|
||||
| [1] | `entryPoints` | List of [entrypoints](../routers/index.md#entrypoints_1) names |
|
||||
| [2] | `routes` | List of routes |
|
||||
| [3] | `routes[n].match` | Defines the [rule](../routers/index.md#rule_1) corresponding to an underlying router |
|
||||
| [4] | `routes[n].services` | List of [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) definitions (See below for `ExternalName Service` setup) |
|
||||
| [5] | `services[n].name` | Defines the name of a [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) |
|
||||
| [6] | `services[n].port` | Defines the port of a [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/). This can be a reference to a named port. |
|
||||
| [7] | `services[n].weight` | Defines the weight to apply to the server load balancing |
|
||||
| [8] | `services[n].terminationDelay` | corresponds to the deadline that the proxy sets, after one of its connected peers indicates it has closed the writing capability of its connection, to close the reading capability as well, hence fully terminating the connection. It is a duration in milliseconds, defaulting to 100. A negative value means an infinite deadline (i.e. the reading capability is never closed). |
|
||||
| [9] | `proxyProtocol` | Defines the [PROXY protocol](../services/index.md#proxy-protocol) configuration |
|
||||
| [10] | `version` | Defines the [PROXY protocol](../services/index.md#proxy-protocol) version |
|
||||
| [11] | `tls` | Defines [TLS](../routers/index.md#tls_1) certificate configuration |
|
||||
| [12] | `tls.secretName` | Defines the [secret](https://kubernetes.io/docs/concepts/configuration/secret/) name used to store the certificate (in the `IngressRoute` namespace) |
|
||||
| [13] | `tls.options` | Defines the reference to a [TLSOption](#kind-tlsoption) |
|
||||
| [14] | `options.name` | Defines the [TLSOption](#kind-tlsoption) name |
|
||||
| [15] | `options.namespace` | Defines the [TLSOption](#kind-tlsoption) namespace |
|
||||
| [16] | `tls.certResolver` | Defines the reference to a [CertResolver](../routers/index.md#certresolver_1) |
|
||||
| [17] | `tls.domains` | List of [domains](../routers/index.md#domains_1) |
|
||||
| [18] | `domains[n].main` | Defines the main domain name |
|
||||
| [19] | `domains[n].sans` | List of SANs (alternative domains) |
|
||||
| [20] | `tls.passthrough` | If `true`, delegates the TLS termination to the backend |
|
||||
| [4] | `middlewares[n].name` | Defines the [MiddlewareTCP](#kind-middlewaretcp) name |
|
||||
| [5] | `middlewares[n].namespace` | Defines the [MiddlewareTCP](#kind-middlewaretcp) namespace |
|
||||
| [6] | `routes[n].services` | List of [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) definitions (See below for `ExternalName Service` setup) |
|
||||
| [7] | `services[n].name` | Defines the name of a [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) |
|
||||
| [8] | `services[n].port` | Defines the port of a [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/). This can be a reference to a named port. |
|
||||
| [9] | `services[n].weight` | Defines the weight to apply to the server load balancing |
|
||||
| [10] | `services[n].terminationDelay` | corresponds to the deadline that the proxy sets, after one of its connected peers indicates it has closed the writing capability of its connection, to close the reading capability as well, hence fully terminating the connection. It is a duration in milliseconds, defaulting to 100. A negative value means an infinite deadline (i.e. the reading capability is never closed). |
|
||||
| [11] | `proxyProtocol` | Defines the [PROXY protocol](../services/index.md#proxy-protocol) configuration |
|
||||
| [12] | `version` | Defines the [PROXY protocol](../services/index.md#proxy-protocol) version |
|
||||
| [13] | `tls` | Defines [TLS](../routers/index.md#tls_1) certificate configuration |
|
||||
| [14] | `tls.secretName` | Defines the [secret](https://kubernetes.io/docs/concepts/configuration/secret/) name used to store the certificate (in the `IngressRoute` namespace) |
|
||||
| [15] | `tls.options` | Defines the reference to a [TLSOption](#kind-tlsoption) |
|
||||
| [16] | `options.name` | Defines the [TLSOption](#kind-tlsoption) name |
|
||||
| [17] | `options.namespace` | Defines the [TLSOption](#kind-tlsoption) namespace |
|
||||
| [18] | `tls.certResolver` | Defines the reference to a [CertResolver](../routers/index.md#certresolver_1) |
|
||||
| [19] | `tls.domains` | List of [domains](../routers/index.md#domains_1) |
|
||||
| [20] | `domains[n].main` | Defines the main domain name |
|
||||
| [21] | `domains[n].sans` | List of SANs (alternative domains) |
|
||||
| [22] | `tls.passthrough` | If `true`, delegates the TLS termination to the backend |
|
||||
|
||||
??? example "Declaring an IngressRouteTCP"
|
||||
|
||||
@@ -1265,6 +1271,57 @@ Register the `IngressRouteTCP` [kind](../../reference/dynamic-configuration/kube
|
||||
- port: 80
|
||||
```
|
||||
|
||||
### Kind: `MiddlewareTCP`
|
||||
|
||||
`MiddlewareTCP` is the CRD implementation of a [Traefik TCP middleware](../../middlewares/tcp/overview.md).
|
||||
|
||||
Register the `MiddlewareTCP` [kind](../../reference/dynamic-configuration/kubernetes-crd.md#definitions) in the Kubernetes cluster before creating `MiddlewareTCP` objects or referencing TCP middlewares in the [`IngressRouteTCP`](#kind-ingressroutetcp) objects.
|
||||
|
||||
??? "Declaring and Referencing a MiddlewareTCP "
|
||||
|
||||
```yaml tab="Middleware"
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: MiddlewareTCP
|
||||
metadata:
|
||||
name: ipwhitelist
|
||||
spec:
|
||||
ipWhiteList:
|
||||
sourceRange:
|
||||
- 127.0.0.1/32
|
||||
- 192.168.1.7
|
||||
```
|
||||
|
||||
```yaml tab="IngressRoute"
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: IngressRoute
|
||||
metadata:
|
||||
name: ingressroutebar
|
||||
|
||||
spec:
|
||||
entryPoints:
|
||||
- web
|
||||
routes:
|
||||
- match: Host(`example.com`) && PathPrefix(`/whitelist`)
|
||||
kind: Rule
|
||||
services:
|
||||
- name: whoami
|
||||
port: 80
|
||||
middlewares:
|
||||
- name: ipwhitelist
|
||||
namespace: foo
|
||||
```
|
||||
|
||||
!!! important "Cross-provider namespace"
|
||||
|
||||
As Kubernetes also has its own notion of namespace, one should not confuse the kubernetes namespace of a resource
|
||||
(in the reference to the middleware) with the [provider namespace](../../providers/overview.md#provider-namespace),
|
||||
when the definition of the TCP middleware comes from another provider.
|
||||
In this context, specifying a namespace when referring to the resource does not make any sense, and will be ignored.
|
||||
Additionally, when you want to reference a MiddlewareTCP from the CRD Provider,
|
||||
you have to append the namespace of the resource in the resource-name as Traefik appends the namespace internally automatically.
|
||||
|
||||
More information about available TCP middlewares in the dedicated [middlewares section](../../middlewares/tcp/overview.md).
|
||||
|
||||
### Kind `IngressRouteUDP`
|
||||
|
||||
`IngressRouteUDP` is the CRD implementation of a [Traefik UDP router](../routers/index.md#configuring-udp-routers).
|
||||
@@ -1449,6 +1506,8 @@ or referencing TLS options in the [`IngressRoute`](#kind-ingressroute) / [`Ingre
|
||||
- secret-ca2
|
||||
clientAuthType: VerifyClientCertIfGiven # [7]
|
||||
sniStrict: true # [8]
|
||||
alpnProtocols: # [9]
|
||||
- foobar
|
||||
```
|
||||
|
||||
| Ref | Attribute | Purpose |
|
||||
@@ -1461,6 +1520,7 @@ or referencing TLS options in the [`IngressRoute`](#kind-ingressroute) / [`Ingre
|
||||
| [6] | `clientAuth.secretNames` | list of names of the referenced Kubernetes [Secrets](https://kubernetes.io/docs/concepts/configuration/secret/) (in TLSOption namespace). The secret must contain a certificate under either a `tls.ca` or a `ca.crt` key. |
|
||||
| [7] | `clientAuth.clientAuthType` | defines the client authentication type to apply. The available values are: `NoClientCert`, `RequestClientCert`, `VerifyClientCertIfGiven` and `RequireAndVerifyClientCert` |
|
||||
| [8] | `sniStrict` | if `true`, Traefik won't allow connections from clients connections that do not specify a server_name extension |
|
||||
| [9] | `alpnProtocols` | List of supported [application level protocols](../../https/tls.md#alpn-protocols) for the TLS handshake, in order of preference. |
|
||||
|
||||
!!! info "CA Secret"
|
||||
|
||||
|
||||
@@ -35,16 +35,16 @@ You can find an excerpt of the supported Kubernetes Gateway API resources in the
|
||||
|
||||
| Kind | Purpose | Concept Behind |
|
||||
|------------------------------------|---------------------------------------------------------------------------|--------------------------------------------------------------------------------------|
|
||||
| [GatewayClass](#kind-gatewayclass) | Defines a set of Gateways that share a common configuration and behaviour | [GatewayClass](https://gateway-api.sigs.k8s.io/api-types/gatewayclass) |
|
||||
| [Gateway](#kind-gateway) | Describes how traffic can be translated to Services within the cluster | [Gateway](https://gateway-api.sigs.k8s.io/api-types/gateway) |
|
||||
| [HTTPRoute](#kind-httproute) | HTTP rules for mapping requests from a Gateway to Kubernetes Services | [Route](https://gateway-api.sigs.k8s.io/api-types/httproute) |
|
||||
| [TCPRoute](#kind-tcproute) | Allows mapping TCP requests from a Gateway to Kubernetes Services | [Route](https://gateway-api.sigs.k8s.io/concepts/api-overview/#httptcpfooroute) |
|
||||
| [TLSRoute](#kind-tlsroute) | Allows mapping TLS requests from a Gateway to Kubernetes Services | [Route](https://gateway-api.sigs.k8s.io/concepts/api-overview/#httptcpfooroute) |
|
||||
| [GatewayClass](#kind-gatewayclass) | Defines a set of Gateways that share a common configuration and behaviour | [GatewayClass](https://gateway-api.sigs.k8s.io/v1alpha1/api-types/gatewayclass) |
|
||||
| [Gateway](#kind-gateway) | Describes how traffic can be translated to Services within the cluster | [Gateway](https://gateway-api.sigs.k8s.io/v1alpha1/api-types/gateway) |
|
||||
| [HTTPRoute](#kind-httproute) | HTTP rules for mapping requests from a Gateway to Kubernetes Services | [Route](https://gateway-api.sigs.k8s.io/v1alpha1/api-types/httproute) |
|
||||
| [TCPRoute](#kind-tcproute) | Allows mapping TCP requests from a Gateway to Kubernetes Services | [Route](https://gateway-api.sigs.k8s.io/concepts/api-overview/#tcproute-and-udproute)|
|
||||
| [TLSRoute](#kind-tlsroute) | Allows mapping TLS requests from a Gateway to Kubernetes Services | [Route](https://gateway-api.sigs.k8s.io/concepts/api-overview/#tcproute-and-udproute)|
|
||||
|
||||
### Kind: `GatewayClass`
|
||||
|
||||
`GatewayClass` is cluster-scoped resource defined by the infrastructure provider. This resource represents a class of Gateways that can be instantiated.
|
||||
More details on the GatewayClass [official documentation](https://gateway-api.sigs.k8s.io/api-types/gatewayclass/).
|
||||
More details on the GatewayClass [official documentation](https://gateway-api.sigs.k8s.io/v1alpha1/api-types/gatewayclass/).
|
||||
|
||||
The `GatewayClass` should be declared by the infrastructure provider, otherwise please register the `GatewayClass`
|
||||
[definition](../../reference/dynamic-configuration/kubernetes-gateway.md#definitions) in the Kubernetes cluster before
|
||||
@@ -67,7 +67,7 @@ creating `GatewayClass` objects.
|
||||
|
||||
A `Gateway` is 1:1 with the life cycle of the configuration of infrastructure. When a user creates a Gateway,
|
||||
some load balancing infrastructure is provisioned or configured by the GatewayClass controller.
|
||||
More details on the Gateway [official documentation](https://gateway-api.sigs.k8s.io/api-types/gateway/).
|
||||
More details on the Gateway [official documentation](https://gateway-api.sigs.k8s.io/v1alpha1/api-types/gateway/).
|
||||
|
||||
Register the `Gateway` [definition](../../reference/dynamic-configuration/kubernetes-gateway.md#definitions) in the
|
||||
Kubernetes cluster before creating `Gateway` objects.
|
||||
|
||||
@@ -99,12 +99,14 @@ which in turn will create the resulting routers, services, handlers, etc.
|
||||
http:
|
||||
paths:
|
||||
- path: /bar
|
||||
pathType: Exact
|
||||
backend:
|
||||
service:
|
||||
name: whoami
|
||||
port:
|
||||
number: 80
|
||||
- path: /foo
|
||||
pathType: Exact
|
||||
backend:
|
||||
service:
|
||||
name: whoami
|
||||
@@ -483,12 +485,14 @@ This way, any Ingress attached to this Entrypoint will have TLS termination by d
|
||||
http:
|
||||
paths:
|
||||
- path: /bar
|
||||
pathType: Exact
|
||||
backend:
|
||||
service:
|
||||
name: whoami
|
||||
port:
|
||||
number: 80
|
||||
- path: /foo
|
||||
pathType: Exact
|
||||
backend:
|
||||
service:
|
||||
name: whoami
|
||||
@@ -690,12 +694,14 @@ For more options, please refer to the available [annotations](#on-ingress).
|
||||
http:
|
||||
paths:
|
||||
- path: /bar
|
||||
pathType: Exact
|
||||
backend:
|
||||
service:
|
||||
name: whoami
|
||||
port:
|
||||
number: 80
|
||||
- path: /foo
|
||||
pathType: Exact
|
||||
backend:
|
||||
service:
|
||||
name: whoami
|
||||
@@ -836,6 +842,7 @@ For more options, please refer to the available [annotations](#on-ingress).
|
||||
http:
|
||||
paths:
|
||||
- path: /bar
|
||||
pathType: Exact
|
||||
backend:
|
||||
service:
|
||||
name: service1
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
FROM alpine:3.13
|
||||
FROM alpine:3.14
|
||||
|
||||
ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/root/.local/bin
|
||||
|
||||
|
||||
@@ -38,7 +38,7 @@ COPY --from=webui /src/static/ /go/src/github.com/traefik/traefik/static/
|
||||
RUN ./script/make.sh generate binary
|
||||
|
||||
## IMAGE
|
||||
FROM alpine:3.10
|
||||
FROM alpine:3.14
|
||||
|
||||
RUN apk --no-cache --no-progress add bash curl ca-certificates tzdata \
|
||||
&& update-ca-certificates \
|
||||
|
||||
9
go.mod
9
go.mod
@@ -48,7 +48,7 @@ require (
|
||||
github.com/libkermit/compose v0.0.0-20171122111507-c04e39c026ad
|
||||
github.com/libkermit/docker v0.0.0-20171122101128-e6674d32b807
|
||||
github.com/libkermit/docker-check v0.0.0-20171122104347-1113af38e591
|
||||
github.com/lucas-clemente/quic-go v0.22.0
|
||||
github.com/lucas-clemente/quic-go v0.23.0
|
||||
github.com/mailgun/ttlmap v0.0.0-20170619185759-c1c17f74874f
|
||||
github.com/miekg/dns v1.1.43
|
||||
github.com/mitchellh/copystructure v1.0.0
|
||||
@@ -81,10 +81,11 @@ require (
|
||||
github.com/vdemeester/shakers v0.1.0
|
||||
github.com/vulcand/oxy v1.3.0
|
||||
github.com/vulcand/predicate v1.1.0
|
||||
go.elastic.co/apm v1.11.0
|
||||
go.elastic.co/apm/module/apmot v1.11.0
|
||||
go.elastic.co/apm v1.13.1
|
||||
go.elastic.co/apm/module/apmot v1.13.1
|
||||
golang.org/x/mod v0.4.2
|
||||
golang.org/x/net v0.0.0-20210428140749-89ef3d95e781
|
||||
golang.org/x/sys v0.0.0-20210817190340-bfb29a6856f2 // indirect
|
||||
golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba
|
||||
golang.org/x/tools v0.1.1
|
||||
google.golang.org/grpc v1.27.1
|
||||
@@ -95,10 +96,8 @@ require (
|
||||
k8s.io/apiextensions-apiserver v0.20.2
|
||||
k8s.io/apimachinery v0.21.0
|
||||
k8s.io/client-go v0.21.0
|
||||
k8s.io/code-generator v0.21.0
|
||||
k8s.io/utils v0.0.0-20210709001253-0e1f9d693477
|
||||
mvdan.cc/xurls/v2 v2.1.0
|
||||
sigs.k8s.io/controller-tools v0.5.0
|
||||
sigs.k8s.io/gateway-api v0.3.0
|
||||
)
|
||||
|
||||
|
||||
48
go.sum
48
go.sum
@@ -110,10 +110,8 @@ github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAE
|
||||
github.com/OpenDNS/vegadns2client v0.0.0-20180418235048-a3fa4a771d87 h1:xPMsUicZ3iosVPSIP7bW5EcGUzjiiMl1OYTe14y/R24=
|
||||
github.com/OpenDNS/vegadns2client v0.0.0-20180418235048-a3fa4a771d87/go.mod h1:iGLljf5n9GjT6kc0HBvyI1nOKnGQbNB66VzSNbK5iks=
|
||||
github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
|
||||
github.com/PuerkitoBio/purell v1.1.1 h1:WEQqlqaGbrPkxLJWfBwQmfEAE1Z7ONdDLqrN38tNFfI=
|
||||
github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
|
||||
github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
|
||||
github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 h1:d+Bc7a5rLufV/sSk/8dngufqelfh6jnri85riMAaF/M=
|
||||
github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
|
||||
github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo=
|
||||
github.com/Shopify/sarama v1.23.1 h1:XxJBCZEoWJtoWjf/xRbmGUpAmTZGnuuF0ON0EvxxBrs=
|
||||
@@ -252,8 +250,6 @@ github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:ma
|
||||
github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
|
||||
github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
|
||||
github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
|
||||
github.com/cucumber/godog v0.8.1 h1:lVb+X41I4YDreE+ibZ50bdXmySxgRviYFgKY6Aw4XE8=
|
||||
github.com/cucumber/godog v0.8.1/go.mod h1:vSh3r/lM+psC1BPXvdkSEuNjmXfpVqrMGYAElF6hxnA=
|
||||
github.com/cyberdelia/templates v0.0.0-20141128023046-ca7fffd4298c/go.mod h1:GyV+0YP4qX0UQ7r2MoYZ+AvYDp12OF5yg4q8rGnyNh4=
|
||||
github.com/davecgh/go-spew v0.0.0-20151105211317-5215b55f46b2/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||
@@ -308,6 +304,8 @@ github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFP
|
||||
github.com/edsrzf/mmap-go v1.0.0/go.mod h1:YO35OhQPt3KJa3ryjFM5Bs14WD66h8eGKpfaBNrHW5M=
|
||||
github.com/eknkc/amber v0.0.0-20171010120322-cdade1c07385 h1:clC1lXBpe2kTj2VHdaIu9ajZQe4kcEY9j0NsnDDBZ3o=
|
||||
github.com/eknkc/amber v0.0.0-20171010120322-cdade1c07385/go.mod h1:0vRUJqYpeSZifjYj7uP3BG/gKcuzL9xWVV/Y+cK33KM=
|
||||
github.com/elastic/go-licenser v0.3.1 h1:RmRukU/JUmts+rpexAw0Fvt2ly7VVu6mw8z4HrEzObU=
|
||||
github.com/elastic/go-licenser v0.3.1/go.mod h1:D8eNQk70FOCVBl3smCGQt/lv7meBeQno2eI1S5apiHQ=
|
||||
github.com/elastic/go-sysinfo v1.1.1 h1:ZVlaLDyhVkDfjwPGU55CQRCRolNpc7P0BbyhhQZQmMI=
|
||||
github.com/elastic/go-sysinfo v1.1.1/go.mod h1:i1ZYdU10oLNfRzq4vq62BEwD2fH8KaWh6eh0ikPT9F0=
|
||||
github.com/elastic/go-windows v1.0.0 h1:qLURgZFkkrYyTTkvYpsZIgf83AUsdIHfvlJaqaZ7aSY=
|
||||
@@ -318,7 +316,6 @@ github.com/elazarl/go-bindata-assetfs v1.0.0/go.mod h1:v+YaWX3bdea5J/mo8dSETolEo
|
||||
github.com/elazarl/goproxy v0.0.0-20170405201442-c4fc26588b6e/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
|
||||
github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
|
||||
github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
|
||||
github.com/emicklei/go-restful v2.9.5+incompatible h1:spTtZBk5DYEvbxMVutUuTyh1Ao2r4iyvLdACqsl/Ljk=
|
||||
github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
|
||||
github.com/envoyproxy/go-control-plane v0.6.9/go.mod h1:SBwIajubJHhxtWwsL9s8ss4safvEdbitLhGGK48rN6g=
|
||||
github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
|
||||
@@ -384,19 +381,15 @@ github.com/go-logr/zapr v0.2.0/go.mod h1:qhKdvif7YF5GI9NWEpyxTSSBdGmzkNguibrdCNV
|
||||
github.com/go-ole/go-ole v1.2.4/go.mod h1:XCwSNxSkXRo4vlyPy93sltvi/qJq0jqQhjqQNIwKuxM=
|
||||
github.com/go-openapi/jsonpointer v0.0.0-20160704185906-46af16f9f7b1/go.mod h1:+35s3my2LFTysnkMfxsJBAMHj/DoqoB9knIWoYG/Vk0=
|
||||
github.com/go-openapi/jsonpointer v0.19.2/go.mod h1:3akKfEdA7DF1sugOqz1dVQHBcuDBPKZGEoHC/NkiQRg=
|
||||
github.com/go-openapi/jsonpointer v0.19.3 h1:gihV7YNZK1iK6Tgwwsxo2rJbD1GTbdm72325Bq8FI3w=
|
||||
github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
|
||||
github.com/go-openapi/jsonreference v0.0.0-20160704190145-13c6e3589ad9/go.mod h1:W3Z9FmVs9qj+KR4zFKmDPGiLdk1D9Rlm7cyMvf57TTg=
|
||||
github.com/go-openapi/jsonreference v0.19.2/go.mod h1:jMjeRr2HHw6nAVajTXJ4eiUwohSTlpa0o73RUL1owJc=
|
||||
github.com/go-openapi/jsonreference v0.19.3 h1:5cxNfTy0UVC3X8JL5ymxzyoUZmo8iZb+jeTWn7tUa8o=
|
||||
github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8=
|
||||
github.com/go-openapi/spec v0.0.0-20160808142527-6aced65f8501/go.mod h1:J8+jY1nAiCcj+friV/PDoE1/3eeccG9LYBs0tYvLOWc=
|
||||
github.com/go-openapi/spec v0.19.3/go.mod h1:FpwSN1ksY1eteniUU7X0N/BgJ7a4WvBFVA8Lj9mJglo=
|
||||
github.com/go-openapi/spec v0.19.5 h1:Xm0Ao53uqnk9QE/LlYV5DEU09UAgpliA85QoT9LzqPw=
|
||||
github.com/go-openapi/spec v0.19.5/go.mod h1:Hm2Jr4jv8G1ciIAo+frC/Ft+rR2kQDh8JHKHb3gWUSk=
|
||||
github.com/go-openapi/swag v0.0.0-20160704191624-1d0bd113de87/go.mod h1:DXUve3Dpr1UfpPtxFw+EFuQ41HhCWZfha5jSVRG7C7I=
|
||||
github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
|
||||
github.com/go-openapi/swag v0.19.5 h1:lTz6Ys4CmqqCQmZPBlbQENR1/GucA2bzYTE12Pw4tFY=
|
||||
github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
|
||||
github.com/go-resty/resty/v2 v2.1.1-0.20191201195748-d7b97669fe48 h1:JVrqSeQfdhYRFk24TvhTZWU0q8lfCojxZQFi3Ou7+uY=
|
||||
github.com/go-resty/resty/v2 v2.1.1-0.20191201195748-d7b97669fe48/go.mod h1:dZGr0i9PLlaaTD4H/hoZIDjQ+r6xq8mgbRzHZf7f2J8=
|
||||
@@ -409,7 +402,6 @@ github.com/go-test/deep v1.0.2-0.20181118220953-042da051cf31/go.mod h1:wGDj63lr6
|
||||
github.com/go-test/deep v1.0.2/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA=
|
||||
github.com/gobs/pretty v0.0.0-20180724170744-09732c25a95b h1:/vQ+oYKu+JoyaMPDsv5FzwuL2wwWBgBbtj/YLCi4LuA=
|
||||
github.com/gobs/pretty v0.0.0-20180724170744-09732c25a95b/go.mod h1:Xo4aNUOrJnVruqWQJBtW6+bTBDTniY8yZum5rF3b5jw=
|
||||
github.com/gobuffalo/flect v0.2.2 h1:PAVD7sp0KOdfswjAw9BpLCU9hXo7wFSzgpQ+zNeks/A=
|
||||
github.com/gobuffalo/flect v0.2.2/go.mod h1:vmkQwuZYhN5Pc4ljYQZzP+1sq+NEkK+lh20jmEmX3jc=
|
||||
github.com/godbus/dbus v0.0.0-20190422162347-ade71ed3457e/go.mod h1:bBOAhwG1umN6/6ZUMtDFBMQR8jRg9O75tm9K00oMsK4=
|
||||
github.com/gofrs/uuid v3.2.0+incompatible h1:y12jRkkFxsd7GpqdSZ+/KCs/fJbqpEXSGd4+jfEaewE=
|
||||
@@ -650,7 +642,6 @@ github.com/imdario/mergo v0.3.6/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJ
|
||||
github.com/imdario/mergo v0.3.10/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
|
||||
github.com/imdario/mergo v0.3.11 h1:3tnifQM4i+fbajXKBHXWEH+KvNHqojZ778UH75j3bGA=
|
||||
github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
|
||||
github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM=
|
||||
github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
|
||||
github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d h1:/WZQPMZNsjZ7IlCpsLGdQBINg5bxKQ1K1sh6awxLtkA=
|
||||
github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d/go.mod h1:qj24IKcXYK6Iy9ceXlo3Tc+vtHo9lIhSX5JddghvEPo=
|
||||
@@ -663,6 +654,8 @@ github.com/jackc/pgx v3.3.0+incompatible/go.mod h1:0ZGrqGqkRlliWnWB4zKnWtjbSWbGk
|
||||
github.com/jarcoal/httpmock v0.0.0-20180424175123-9c70cfe4a1da/go.mod h1:ks+b9deReOc7jgqp+e7LuFiCBH6Rm5hL32cLcEAArb4=
|
||||
github.com/jarcoal/httpmock v1.0.6 h1:e81vOSexXU3mJuJ4l//geOmKIt+Vkxerk1feQBC8D0g=
|
||||
github.com/jarcoal/httpmock v1.0.6/go.mod h1:ATjnClrvW/3tijVmpL/va5Z3aAyGvqU3gCT8nX0Txik=
|
||||
github.com/jcchavezs/porto v0.1.0 h1:Xmxxn25zQMmgE7/yHYmh19KcItG81hIwfbEEFnd6w/Q=
|
||||
github.com/jcchavezs/porto v0.1.0/go.mod h1:fESH0gzDHiutHRdX2hv27ojnOVFco37hg1W6E9EZF4A=
|
||||
github.com/jcmturner/gofork v0.0.0-20190328161633-dc7c13fece03 h1:FUwcHNlEqkqLjLBdCp5PRlCFijNjvcYANOZXzCfXwCM=
|
||||
github.com/jcmturner/gofork v0.0.0-20190328161633-dc7c13fece03/go.mod h1:MK8+TM0La+2rjBD4jE12Kj1pCCxK7d2LK/UM3ncEo0o=
|
||||
github.com/jellevandenhooff/dkim v0.0.0-20150330215556-f50fe3d243e1/go.mod h1:E0B/fFc00Y+Rasa88328GlI/XbtyysCtTHZS8h7IrBU=
|
||||
@@ -743,8 +736,8 @@ github.com/liquidweb/liquidweb-go v1.6.3/go.mod h1:SuXXp+thr28LnjEw18AYtWwIbWMHS
|
||||
github.com/lithammer/dedent v1.1.0/go.mod h1:jrXYCQtgg0nJiN+StA2KgR7w6CiQNv9Fd/Z9BP0jIOc=
|
||||
github.com/looplab/fsm v0.1.0 h1:Qte7Zdn/5hBNbXzP7yxVU4OIFHWXBovyTT2LaBTyC20=
|
||||
github.com/looplab/fsm v0.1.0/go.mod h1:m2VaOfDHxqXBBMgc26m6yUOwkFn8H2AlJDE+jd/uafI=
|
||||
github.com/lucas-clemente/quic-go v0.22.0 h1:o8NIiHaavjoHe6z8Bqm6fw7g0YIP6AFKMYer+oNxInA=
|
||||
github.com/lucas-clemente/quic-go v0.22.0/go.mod h1:vF5M1XqhBAHgbjKcJOXY3JZz3GP0T3FQhz/uyOUS38Q=
|
||||
github.com/lucas-clemente/quic-go v0.23.0 h1:5vFnKtZ6nHDFsc/F3uuiF4T3y/AXaQdxjUqiVw26GZE=
|
||||
github.com/lucas-clemente/quic-go v0.23.0/go.mod h1:paZuzjXCE5mj6sikVLMvqXk8lJV2AsqtJ6bDhjEfxx0=
|
||||
github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI=
|
||||
github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0QoUACkjt2znoq26NVQ=
|
||||
github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
|
||||
@@ -759,17 +752,14 @@ github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN
|
||||
github.com/mailru/easyjson v0.0.0-20190312143242-1de009706dbe/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
|
||||
github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
|
||||
github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
|
||||
github.com/mailru/easyjson v0.7.0 h1:aizVhC/NAAcKWb+5QsU1iNOZb4Yws5UO2I+aIprQITM=
|
||||
github.com/mailru/easyjson v0.7.0/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs=
|
||||
github.com/marten-seemann/qpack v0.2.1 h1:jvTsT/HpCn2UZJdP+UUB53FfUUgeOyG5K1ns0OJOGVs=
|
||||
github.com/marten-seemann/qpack v0.2.1/go.mod h1:F7Gl5L1jIgN1D11ucXefiuJS9UMVP2opoCp2jDKb7wc=
|
||||
github.com/marten-seemann/qtls-go1-15 v0.1.4/go.mod h1:GyFwywLKkRt+6mfU99csTEY1joMZz5vmB1WNZH3P81I=
|
||||
github.com/marten-seemann/qtls-go1-15 v0.1.5 h1:Ci4EIUN6Rlb+D6GmLdej/bCQ4nPYNtVXQB+xjiXE1nk=
|
||||
github.com/marten-seemann/qtls-go1-15 v0.1.5/go.mod h1:GyFwywLKkRt+6mfU99csTEY1joMZz5vmB1WNZH3P81I=
|
||||
github.com/marten-seemann/qtls-go1-16 v0.1.4 h1:xbHbOGGhrenVtII6Co8akhLEdrawwB2iHl5yhJRpnco=
|
||||
github.com/marten-seemann/qtls-go1-16 v0.1.4/go.mod h1:gNpI2Ol+lRS3WwSOtIUUtRwZEQMXjYK+dQSBFbethAk=
|
||||
github.com/marten-seemann/qtls-go1-17 v0.1.0-rc.1 h1:/rpmWuGvceLwwWuaKPdjpR4JJEUH0tq64/I3hvzaNLM=
|
||||
github.com/marten-seemann/qtls-go1-17 v0.1.0-rc.1/go.mod h1:fz4HIxByo+LlWcreM4CZOYNuz3taBQ8rN2X6FqvaWo8=
|
||||
github.com/marten-seemann/qtls-go1-17 v0.1.0 h1:P9ggrs5xtwiqXv/FHNwntmuLMNq3KaSIG93AtAZ48xk=
|
||||
github.com/marten-seemann/qtls-go1-17 v0.1.0/go.mod h1:fz4HIxByo+LlWcreM4CZOYNuz3taBQ8rN2X6FqvaWo8=
|
||||
github.com/matryer/moq v0.0.0-20190312154309-6cfb0558e1bd/go.mod h1:9ELz6aaclSIGnZBoaSLZ3NAl1VTufbOrXBPvtcy6WiQ=
|
||||
github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
|
||||
github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
|
||||
@@ -1106,7 +1096,6 @@ github.com/spf13/cast v1.3.1 h1:nFm6S0SMdyzrzcmThSipiEubIDy8WEXKNZ0UOgiRpng=
|
||||
github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
|
||||
github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
|
||||
github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU=
|
||||
github.com/spf13/cobra v1.1.1 h1:KfztREH0tPxJJ+geloSLaAkaPkr4ki2Er5quFV1TDo4=
|
||||
github.com/spf13/cobra v1.1.1/go.mod h1:WnodtKOvamDL/PwE2M4iKs8aMDBZ5Q5klgD3qfVJQMI=
|
||||
github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
|
||||
github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo=
|
||||
@@ -1206,12 +1195,12 @@ github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:
|
||||
github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
|
||||
github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
|
||||
github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
|
||||
go.elastic.co/apm v1.11.0 h1:uJyt6nCW9880sZhfl1tB//Jy/5TadNoAd8edRUtgb3w=
|
||||
go.elastic.co/apm v1.11.0/go.mod h1:qoOSi09pnzJDh5fKnfY7bPmQgl8yl2tULdOu03xhui0=
|
||||
go.elastic.co/apm/module/apmhttp v1.11.0 h1:k/MjK0y2aLOXumoM8jcWXqxvIFlMS4U8Bn9cMUPdVX0=
|
||||
go.elastic.co/apm/module/apmhttp v1.11.0/go.mod h1:5JFMIxdeS4vJy+D1PPPjINuX6hZ3AHalZXoOgyqZAkk=
|
||||
go.elastic.co/apm/module/apmot v1.11.0 h1:Qmol6ztDJgvGK/B2cRdcPRNw4qE7kRv1d0vo9ptZfIo=
|
||||
go.elastic.co/apm/module/apmot v1.11.0/go.mod h1:Qnbt3w1DvUd/5QugAF1AJ3mR4AG86EcJFBnAGW77EmU=
|
||||
go.elastic.co/apm v1.13.1 h1:ICIcUcQOImg/bve9mQVyLCvm1cSUZ1afdwK6ACnxczU=
|
||||
go.elastic.co/apm v1.13.1/go.mod h1:dylGv2HKR0tiCV+wliJz1KHtDyuD8SPe69oV7VyK6WY=
|
||||
go.elastic.co/apm/module/apmhttp v1.13.1 h1:g2id6+AY8NRSA6nzwPDSU1AmBiHyZeh/lJRBlXq2yfQ=
|
||||
go.elastic.co/apm/module/apmhttp v1.13.1/go.mod h1:PmSy4HY0asQzoFpl+gna9n+ebfI43fPvo21sd22gquE=
|
||||
go.elastic.co/apm/module/apmot v1.13.1 h1:4PCbjgVz0A/9a/wuiHu1en83TLgmBbK9fJwLgES8Rr8=
|
||||
go.elastic.co/apm/module/apmot v1.13.1/go.mod h1:NnG6U6ahaixUHpjQioL0QvVtOxWjVn8Z09qJHSCsmqU=
|
||||
go.elastic.co/fastjson v1.1.0 h1:3MrGBWWVIxe/xvsbpghtkFoPciPhOCmjsR/HfwEeQR4=
|
||||
go.elastic.co/fastjson v1.1.0/go.mod h1:boNGISWMjQsUPy/t6yqt2/1Wx4YNPSe+mZjlyw9vKKI=
|
||||
go.etcd.io/bbolt v1.3.1-etcd.8/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
|
||||
@@ -1303,8 +1292,9 @@ golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHl
|
||||
golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
|
||||
golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs=
|
||||
golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
|
||||
golang.org/x/lint v0.0.0-20200302205851-738671d3881b h1:Wh+f8QHJXR411sJR8/vRBTZ7YapZaRvUcLFFJhusH0k=
|
||||
golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
|
||||
golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5 h1:2M3HP5CCK1Si9FQhwnzYhXdG6DXeebvUHFpre8QvbyI=
|
||||
golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
|
||||
golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
|
||||
golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=
|
||||
golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
|
||||
@@ -1454,8 +1444,9 @@ golang.org/x/sys v0.0.0-20210225134936-a50acf3fe073/go.mod h1:h1NjWce9XRLGQEsW7w
|
||||
golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20210510120138-977fb7262007 h1:gG67DSER+11cZvqIMb8S8bt0vZtiN6xWYARwirrOSfE=
|
||||
golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20210817190340-bfb29a6856f2 h1:c8PlLMqBbOHoqtjteWm5/kbe6rNY2pbRfbIMVnepueo=
|
||||
golang.org/x/sys v0.0.0-20210817190340-bfb29a6856f2/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
|
||||
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
|
||||
golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d h1:SZxvLBoTP5yHO3Frd4z4vrF+DBX9vMVanchswa69toE=
|
||||
@@ -1715,7 +1706,6 @@ k8s.io/client-go v0.21.0 h1:n0zzzJsAQmJngpC0IhgFcApZyoGXPrDIAD601HD09ag=
|
||||
k8s.io/client-go v0.21.0/go.mod h1:nNBytTF9qPFDEhoqgEPaarobC8QPae13bElIVHzIglA=
|
||||
k8s.io/code-generator v0.20.1/go.mod h1:UsqdF+VX4PU2g46NC2JRs4gc+IfrctnwHb76RNbWHJg=
|
||||
k8s.io/code-generator v0.20.2/go.mod h1:UsqdF+VX4PU2g46NC2JRs4gc+IfrctnwHb76RNbWHJg=
|
||||
k8s.io/code-generator v0.21.0 h1:LGWJOvkbBNpuRBqBRXUjzfvymUh7F/iR2KDpwLnqCM4=
|
||||
k8s.io/code-generator v0.21.0/go.mod h1:hUlps5+9QaTrKx+jiM4rmq7YmH8wPOIko64uZCHDh6Q=
|
||||
k8s.io/component-base v0.20.1/go.mod h1:guxkoJnNoh8LNrbtiQOlyp2Y2XFCZQmrcg2n/DeYNLk=
|
||||
k8s.io/component-base v0.20.2/go.mod h1:pzFtCiwe/ASD0iV7ySMu8SYVJjCapNM9bjvk7ptpKh0=
|
||||
@@ -1723,7 +1713,6 @@ k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8
|
||||
k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
|
||||
k8s.io/gengo v0.0.0-20201113003025-83324d819ded/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
|
||||
k8s.io/gengo v0.0.0-20201203183100-97869a43a9d9/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
|
||||
k8s.io/gengo v0.0.0-20201214224949-b6c5ce23f027 h1:Uusb3oh8XcdzDF/ndlI4ToKTYVlkCSJP39SRY2mfRAw=
|
||||
k8s.io/gengo v0.0.0-20201214224949-b6c5ce23f027/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
|
||||
k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
|
||||
k8s.io/klog v0.2.0/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
|
||||
@@ -1754,7 +1743,6 @@ rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
|
||||
rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
|
||||
sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.14/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg=
|
||||
sigs.k8s.io/controller-runtime v0.8.3/go.mod h1:U/l+DUopBc1ecfRZ5aviA9JDmGFQKvLf5YkZNx2e0sU=
|
||||
sigs.k8s.io/controller-tools v0.5.0 h1:3u2RCwOlp0cjCALAigpOcbAf50pE+kHSdueUosrC/AE=
|
||||
sigs.k8s.io/controller-tools v0.5.0/go.mod h1:JTsstrMpxs+9BUj6eGuAaEb6SDSPTeVtUyp0jmnAM/I=
|
||||
sigs.k8s.io/gateway-api v0.3.0 h1:mKbQRlRIIY3dsCCbNF9Jv30V9vvOf6SRG82l0MfJQ9U=
|
||||
sigs.k8s.io/gateway-api v0.3.0/go.mod h1:Wb8bx7QhGVZxOSEU3i9vw/JqTB5Nlai9MLMYVZeDmRQ=
|
||||
|
||||
@@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.4.1
|
||||
controller-gen.kubebuilder.io/version: v0.6.2
|
||||
creationTimestamp: null
|
||||
name: ingressroutes.traefik.containo.us
|
||||
spec:
|
||||
@@ -202,7 +202,7 @@ apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.4.1
|
||||
controller-gen.kubebuilder.io/version: v0.6.2
|
||||
creationTimestamp: null
|
||||
name: ingressroutetcps.traefik.containo.us
|
||||
spec:
|
||||
@@ -362,7 +362,7 @@ apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.4.1
|
||||
controller-gen.kubebuilder.io/version: v0.6.2
|
||||
creationTimestamp: null
|
||||
name: ingressrouteudps.traefik.containo.us
|
||||
spec:
|
||||
@@ -446,7 +446,7 @@ apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.4.1
|
||||
controller-gen.kubebuilder.io/version: v0.6.2
|
||||
creationTimestamp: null
|
||||
name: middlewares.traefik.containo.us
|
||||
spec:
|
||||
@@ -1012,7 +1012,7 @@ apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.4.1
|
||||
controller-gen.kubebuilder.io/version: v0.6.2
|
||||
creationTimestamp: null
|
||||
name: middlewaretcps.traefik.containo.us
|
||||
spec:
|
||||
@@ -1071,7 +1071,7 @@ apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.4.1
|
||||
controller-gen.kubebuilder.io/version: v0.6.2
|
||||
creationTimestamp: null
|
||||
name: serverstransports.traefik.containo.us
|
||||
spec:
|
||||
@@ -1176,7 +1176,7 @@ apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.4.1
|
||||
controller-gen.kubebuilder.io/version: v0.6.2
|
||||
creationTimestamp: null
|
||||
name: tlsoptions.traefik.containo.us
|
||||
spec:
|
||||
@@ -1208,6 +1208,10 @@ spec:
|
||||
spec:
|
||||
description: TLSOptionSpec configures TLS for an entry point.
|
||||
properties:
|
||||
alpnProtocols:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
cipherSuites:
|
||||
items:
|
||||
type: string
|
||||
@@ -1263,7 +1267,7 @@ apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.4.1
|
||||
controller-gen.kubebuilder.io/version: v0.6.2
|
||||
creationTimestamp: null
|
||||
name: tlsstores.traefik.containo.us
|
||||
spec:
|
||||
@@ -1327,7 +1331,7 @@ apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.4.1
|
||||
controller-gen.kubebuilder.io/version: v0.6.2
|
||||
creationTimestamp: null
|
||||
name: traefikservices.traefik.containo.us
|
||||
spec:
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
//go:build !ignore_autogenerated
|
||||
// +build !ignore_autogenerated
|
||||
|
||||
/*
|
||||
|
||||
@@ -22,13 +22,18 @@ type responseModifier struct {
|
||||
}
|
||||
|
||||
// modifier can be nil.
|
||||
func newResponseModifier(w http.ResponseWriter, r *http.Request, modifier func(*http.Response) error) *responseModifier {
|
||||
return &responseModifier{
|
||||
func newResponseModifier(w http.ResponseWriter, r *http.Request, modifier func(*http.Response) error) http.ResponseWriter {
|
||||
rm := &responseModifier{
|
||||
req: r,
|
||||
rw: w,
|
||||
modifier: modifier,
|
||||
code: http.StatusOK,
|
||||
}
|
||||
|
||||
if _, ok := w.(http.CloseNotifier); ok {
|
||||
return responseModifierWithCloseNotify{responseModifier: rm}
|
||||
}
|
||||
return rm
|
||||
}
|
||||
|
||||
func (r *responseModifier) WriteHeader(code int) {
|
||||
@@ -93,7 +98,11 @@ func (r *responseModifier) Flush() {
|
||||
}
|
||||
}
|
||||
|
||||
// CloseNotify implements http.CloseNotifier.
|
||||
func (r *responseModifier) CloseNotify() <-chan bool {
|
||||
return r.rw.(http.CloseNotifier).CloseNotify()
|
||||
type responseModifierWithCloseNotify struct {
|
||||
*responseModifier
|
||||
}
|
||||
|
||||
// CloseNotify implements http.CloseNotifier.
|
||||
func (r *responseModifierWithCloseNotify) CloseNotify() <-chan bool {
|
||||
return r.responseModifier.rw.(http.CloseNotifier).CloseNotify()
|
||||
}
|
||||
|
||||
@@ -11,6 +11,15 @@ type statusCodeRecoder interface {
|
||||
Status() int
|
||||
}
|
||||
|
||||
// newStatusCodeRecoder returns an initialized statusCodeRecoder.
|
||||
func newStatusCodeRecoder(rw http.ResponseWriter, status int) statusCodeRecoder {
|
||||
recorder := &statusCodeWithoutCloseNotify{rw, status}
|
||||
if _, ok := rw.(http.CloseNotifier); ok {
|
||||
return &statusCodeWithCloseNotify{recorder}
|
||||
}
|
||||
return recorder
|
||||
}
|
||||
|
||||
type statusCodeWithoutCloseNotify struct {
|
||||
http.ResponseWriter
|
||||
status int
|
||||
@@ -46,12 +55,3 @@ type statusCodeWithCloseNotify struct {
|
||||
func (s *statusCodeWithCloseNotify) CloseNotify() <-chan bool {
|
||||
return s.ResponseWriter.(http.CloseNotifier).CloseNotify()
|
||||
}
|
||||
|
||||
// newStatusCodeRecoder returns an initialized statusCodeRecoder.
|
||||
func newStatusCodeRecoder(rw http.ResponseWriter, status int) statusCodeRecoder {
|
||||
recorder := &statusCodeWithoutCloseNotify{rw, status}
|
||||
if _, ok := rw.(http.CloseNotifier); ok {
|
||||
return &statusCodeWithCloseNotify{recorder}
|
||||
}
|
||||
return recorder
|
||||
}
|
||||
|
||||
@@ -703,6 +703,12 @@ func buildTLSOptions(ctx context.Context, client Client) map[string]tls.Options
|
||||
id = tlsOption.Name
|
||||
nsDefault = append(nsDefault, tlsOption.Namespace)
|
||||
}
|
||||
|
||||
alpnProtocols := tls.DefaultTLSOptions.ALPNProtocols
|
||||
if len(tlsOption.Spec.ALPNProtocols) > 0 {
|
||||
alpnProtocols = tlsOption.Spec.ALPNProtocols
|
||||
}
|
||||
|
||||
tlsOptions[id] = tls.Options{
|
||||
MinVersion: tlsOption.Spec.MinVersion,
|
||||
MaxVersion: tlsOption.Spec.MaxVersion,
|
||||
@@ -714,6 +720,7 @@ func buildTLSOptions(ctx context.Context, client Client) map[string]tls.Options
|
||||
},
|
||||
SniStrict: tlsOption.Spec.SniStrict,
|
||||
PreferServerCipherSuites: tlsOption.Spec.PreferServerCipherSuites,
|
||||
ALPNProtocols: alpnProtocols,
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -616,6 +616,11 @@ func TestLoadIngressRouteTCPs(t *testing.T) {
|
||||
},
|
||||
SniStrict: true,
|
||||
PreferServerCipherSuites: true,
|
||||
ALPNProtocols: []string{
|
||||
"h2",
|
||||
"http/1.1",
|
||||
"acme-tls/1",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
@@ -678,6 +683,11 @@ func TestLoadIngressRouteTCPs(t *testing.T) {
|
||||
ClientAuthType: "VerifyClientCertIfGiven",
|
||||
},
|
||||
SniStrict: true,
|
||||
ALPNProtocols: []string{
|
||||
"h2",
|
||||
"http/1.1",
|
||||
"acme-tls/1",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
@@ -739,6 +749,11 @@ func TestLoadIngressRouteTCPs(t *testing.T) {
|
||||
ClientAuthType: "VerifyClientCertIfGiven",
|
||||
},
|
||||
SniStrict: true,
|
||||
ALPNProtocols: []string{
|
||||
"h2",
|
||||
"http/1.1",
|
||||
"acme-tls/1",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
@@ -789,6 +804,11 @@ func TestLoadIngressRouteTCPs(t *testing.T) {
|
||||
Options: map[string]tls.Options{
|
||||
"default-foo": {
|
||||
MinVersion: "VersionTLS12",
|
||||
ALPNProtocols: []string{
|
||||
"h2",
|
||||
"http/1.1",
|
||||
"acme-tls/1",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
@@ -839,6 +859,11 @@ func TestLoadIngressRouteTCPs(t *testing.T) {
|
||||
Options: map[string]tls.Options{
|
||||
"default-foo": {
|
||||
MinVersion: "VersionTLS12",
|
||||
ALPNProtocols: []string{
|
||||
"h2",
|
||||
"http/1.1",
|
||||
"acme-tls/1",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
@@ -2539,6 +2564,11 @@ func TestLoadIngressRoutes(t *testing.T) {
|
||||
},
|
||||
SniStrict: true,
|
||||
PreferServerCipherSuites: true,
|
||||
ALPNProtocols: []string{
|
||||
"h2",
|
||||
"http/1.1",
|
||||
"acme-tls/1",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
@@ -2648,6 +2678,11 @@ func TestLoadIngressRoutes(t *testing.T) {
|
||||
},
|
||||
SniStrict: true,
|
||||
PreferServerCipherSuites: true,
|
||||
ALPNProtocols: []string{
|
||||
"h2",
|
||||
"http/1.1",
|
||||
"acme-tls/1",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
@@ -2716,6 +2751,11 @@ func TestLoadIngressRoutes(t *testing.T) {
|
||||
ClientAuthType: "VerifyClientCertIfGiven",
|
||||
},
|
||||
SniStrict: true,
|
||||
ALPNProtocols: []string{
|
||||
"h2",
|
||||
"http/1.1",
|
||||
"acme-tls/1",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
@@ -2779,6 +2819,11 @@ func TestLoadIngressRoutes(t *testing.T) {
|
||||
ClientAuthType: "VerifyClientCertIfGiven",
|
||||
},
|
||||
SniStrict: true,
|
||||
ALPNProtocols: []string{
|
||||
"h2",
|
||||
"http/1.1",
|
||||
"acme-tls/1",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
@@ -2831,6 +2876,11 @@ func TestLoadIngressRoutes(t *testing.T) {
|
||||
Options: map[string]tls.Options{
|
||||
"default-foo": {
|
||||
MinVersion: "VersionTLS12",
|
||||
ALPNProtocols: []string{
|
||||
"h2",
|
||||
"http/1.1",
|
||||
"acme-tls/1",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
@@ -2883,6 +2933,11 @@ func TestLoadIngressRoutes(t *testing.T) {
|
||||
Options: map[string]tls.Options{
|
||||
"default-foo": {
|
||||
MinVersion: "VersionTLS12",
|
||||
ALPNProtocols: []string{
|
||||
"h2",
|
||||
"http/1.1",
|
||||
"acme-tls/1",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
|
||||
@@ -27,6 +27,7 @@ type TLSOptionSpec struct {
|
||||
ClientAuth ClientAuth `json:"clientAuth,omitempty"`
|
||||
SniStrict bool `json:"sniStrict,omitempty"`
|
||||
PreferServerCipherSuites bool `json:"preferServerCipherSuites,omitempty"`
|
||||
ALPNProtocols []string `json:"alpnProtocols,omitempty"`
|
||||
}
|
||||
|
||||
// +k8s:deepcopy-gen=true
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
//go:build !ignore_autogenerated
|
||||
// +build !ignore_autogenerated
|
||||
|
||||
/*
|
||||
@@ -1327,6 +1328,11 @@ func (in *TLSOptionSpec) DeepCopyInto(out *TLSOptionSpec) {
|
||||
copy(*out, *in)
|
||||
}
|
||||
in.ClientAuth.DeepCopyInto(&out.ClientAuth)
|
||||
if in.ALPNProtocols != nil {
|
||||
in, out := &in.ALPNProtocols, &out.ALPNProtocols
|
||||
*out = make([]string, len(*in))
|
||||
copy(*out, *in)
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
|
||||
@@ -417,7 +417,7 @@ func (p *Provider) fillGatewayConf(ctx context.Context, client Client, gateway *
|
||||
}
|
||||
|
||||
if tlsModeType == v1alpha1.TLSModePassthrough && listener.TLS.CertificateRef != nil {
|
||||
// https://gateway-api.sigs.k8s.io/guides/tls/
|
||||
// https://gateway-api.sigs.k8s.io/v1alpha1/guides/tls/
|
||||
logger.Warnf("In case of Passthrough TLS mode, no TLS settings take effect as the TLS session from the client is NOT terminated at the Gateway")
|
||||
}
|
||||
|
||||
@@ -900,7 +900,7 @@ func hostRule(httpRouteSpec v1alpha1.HTTPRouteSpec) (string, error) {
|
||||
continue
|
||||
}
|
||||
|
||||
// https://gateway-api.sigs.k8s.io/references/spec/#networking.x-k8s.io/v1alpha1.Hostname
|
||||
// https://gateway-api.sigs.k8s.io/v1alpha1/references/spec/#networking.x-k8s.io/v1alpha1.Hostname
|
||||
if !strings.HasPrefix(host, "*.") || wildcard > 1 {
|
||||
return "", fmt.Errorf("invalid rule: %q", host)
|
||||
}
|
||||
|
||||
@@ -846,6 +846,11 @@ func Test_buildConfiguration(t *testing.T) {
|
||||
ClientAuthType: "foobar",
|
||||
},
|
||||
SniStrict: true,
|
||||
ALPNProtocols: []string{
|
||||
"h2",
|
||||
"http/1.1",
|
||||
"acme-tls/1",
|
||||
},
|
||||
},
|
||||
"Options1": {
|
||||
MinVersion: "foobar",
|
||||
@@ -866,6 +871,11 @@ func Test_buildConfiguration(t *testing.T) {
|
||||
ClientAuthType: "foobar",
|
||||
},
|
||||
SniStrict: true,
|
||||
ALPNProtocols: []string{
|
||||
"h2",
|
||||
"http/1.1",
|
||||
"acme-tls/1",
|
||||
},
|
||||
},
|
||||
},
|
||||
Stores: map[string]tls.Store{
|
||||
|
||||
@@ -182,7 +182,13 @@ func Test_mergeConfiguration_tlsOptions(t *testing.T) {
|
||||
desc: "Nil returns an empty configuration",
|
||||
given: nil,
|
||||
expected: map[string]tls.Options{
|
||||
"default": {},
|
||||
"default": {
|
||||
ALPNProtocols: []string{
|
||||
"h2",
|
||||
"http/1.1",
|
||||
"acme-tls/1",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
@@ -199,7 +205,13 @@ func Test_mergeConfiguration_tlsOptions(t *testing.T) {
|
||||
},
|
||||
},
|
||||
expected: map[string]tls.Options{
|
||||
"default": {},
|
||||
"default": {
|
||||
ALPNProtocols: []string{
|
||||
"h2",
|
||||
"http/1.1",
|
||||
"acme-tls/1",
|
||||
},
|
||||
},
|
||||
"foo@provider-1": {
|
||||
MinVersion: "VersionTLS12",
|
||||
},
|
||||
@@ -228,7 +240,13 @@ func Test_mergeConfiguration_tlsOptions(t *testing.T) {
|
||||
},
|
||||
},
|
||||
expected: map[string]tls.Options{
|
||||
"default": {},
|
||||
"default": {
|
||||
ALPNProtocols: []string{
|
||||
"h2",
|
||||
"http/1.1",
|
||||
"acme-tls/1",
|
||||
},
|
||||
},
|
||||
"foo@provider-1": {
|
||||
MinVersion: "VersionTLS13",
|
||||
},
|
||||
@@ -334,7 +352,13 @@ func Test_mergeConfiguration_tlsOptions(t *testing.T) {
|
||||
},
|
||||
},
|
||||
expected: map[string]tls.Options{
|
||||
"default": {},
|
||||
"default": {
|
||||
ALPNProtocols: []string{
|
||||
"h2",
|
||||
"http/1.1",
|
||||
"acme-tls/1",
|
||||
},
|
||||
},
|
||||
"foo@provider-1": {
|
||||
MinVersion: "VersionTLS12",
|
||||
},
|
||||
|
||||
@@ -76,7 +76,13 @@ func TestNewConfigurationWatcher(t *testing.T) {
|
||||
},
|
||||
TLS: &dynamic.TLSConfiguration{
|
||||
Options: map[string]tls.Options{
|
||||
"default": {},
|
||||
"default": {
|
||||
ALPNProtocols: []string{
|
||||
"h2",
|
||||
"http/1.1",
|
||||
"acme-tls/1",
|
||||
},
|
||||
},
|
||||
},
|
||||
Stores: map[string]tls.Store{},
|
||||
},
|
||||
@@ -236,7 +242,13 @@ func TestListenProvidersDoesNotSkipFlappingConfiguration(t *testing.T) {
|
||||
},
|
||||
TLS: &dynamic.TLSConfiguration{
|
||||
Options: map[string]tls.Options{
|
||||
"default": {},
|
||||
"default": {
|
||||
ALPNProtocols: []string{
|
||||
"h2",
|
||||
"http/1.1",
|
||||
"acme-tls/1",
|
||||
},
|
||||
},
|
||||
},
|
||||
Stores: map[string]tls.Store{},
|
||||
},
|
||||
@@ -292,7 +304,13 @@ func TestListenProvidersPublishesConfigForEachProvider(t *testing.T) {
|
||||
},
|
||||
TLS: &dynamic.TLSConfiguration{
|
||||
Options: map[string]tls.Options{
|
||||
"default": {},
|
||||
"default": {
|
||||
ALPNProtocols: []string{
|
||||
"h2",
|
||||
"http/1.1",
|
||||
"acme-tls/1",
|
||||
},
|
||||
},
|
||||
},
|
||||
Stores: map[string]tls.Store{},
|
||||
},
|
||||
|
||||
@@ -204,7 +204,7 @@ func newReusableRequest(req *http.Request, maxBodySize int64) (*reusableRequest,
|
||||
if req == nil {
|
||||
return nil, nil, errors.New("nil input request")
|
||||
}
|
||||
if req.Body == nil {
|
||||
if req.Body == nil || req.ContentLength == 0 {
|
||||
return &reusableRequest{req: req}, nil, nil
|
||||
}
|
||||
|
||||
|
||||
@@ -243,9 +243,22 @@ func TestCloneRequest(t *testing.T) {
|
||||
req, err := http.NewRequest(http.MethodPost, "/", buf)
|
||||
assert.NoError(t, err)
|
||||
|
||||
_, expectedBytes, err := newReusableRequest(req, 20)
|
||||
rr, expectedBytes, err := newReusableRequest(req, 20)
|
||||
assert.NoError(t, err)
|
||||
assert.Nil(t, expectedBytes)
|
||||
assert.Len(t, rr.body, 10)
|
||||
})
|
||||
|
||||
t.Run("valid GET case with maxBodySize", func(t *testing.T) {
|
||||
buf := bytes.NewBuffer([]byte{})
|
||||
|
||||
req, err := http.NewRequest(http.MethodGet, "/", buf)
|
||||
assert.NoError(t, err)
|
||||
|
||||
rr, expectedBytes, err := newReusableRequest(req, 20)
|
||||
assert.NoError(t, err)
|
||||
assert.Nil(t, expectedBytes)
|
||||
assert.Len(t, rr.body, 0)
|
||||
})
|
||||
|
||||
t.Run("no request given", func(t *testing.T) {
|
||||
|
||||
@@ -23,6 +23,13 @@ type Options struct {
|
||||
ClientAuth ClientAuth `json:"clientAuth,omitempty" toml:"clientAuth,omitempty" yaml:"clientAuth,omitempty"`
|
||||
SniStrict bool `json:"sniStrict,omitempty" toml:"sniStrict,omitempty" yaml:"sniStrict,omitempty" export:"true"`
|
||||
PreferServerCipherSuites bool `json:"preferServerCipherSuites,omitempty" toml:"preferServerCipherSuites,omitempty" yaml:"preferServerCipherSuites,omitempty" export:"true"`
|
||||
ALPNProtocols []string `json:"alpnProtocols,omitempty" toml:"alpnProtocols,omitempty" yaml:"alpnProtocols,omitempty" export:"true"`
|
||||
}
|
||||
|
||||
// SetDefaults sets the default values for an Options struct.
|
||||
func (o *Options) SetDefaults() {
|
||||
// ensure http2 enabled
|
||||
o.ALPNProtocols = DefaultTLSOptions.ALPNProtocols
|
||||
}
|
||||
|
||||
// +k8s:deepcopy-gen=true
|
||||
|
||||
@@ -24,7 +24,10 @@ const (
|
||||
)
|
||||
|
||||
// DefaultTLSOptions the default TLS options.
|
||||
var DefaultTLSOptions = Options{}
|
||||
var DefaultTLSOptions = Options{
|
||||
// ensure http2 enabled
|
||||
ALPNProtocols: []string{"h2", "http/1.1", tlsalpn01.ACMETLS1Protocol},
|
||||
}
|
||||
|
||||
// Manager is the TLS option/store/configuration factory.
|
||||
type Manager struct {
|
||||
@@ -230,10 +233,9 @@ func buildCertificateStore(ctx context.Context, tlsStore Store, storename string
|
||||
|
||||
// creates a TLS config that allows terminating HTTPS for multiple domains using SNI.
|
||||
func buildTLSConfig(tlsOption Options) (*tls.Config, error) {
|
||||
conf := &tls.Config{}
|
||||
|
||||
// ensure http2 enabled
|
||||
conf.NextProtos = []string{"h2", "http/1.1", tlsalpn01.ACMETLS1Protocol}
|
||||
conf := &tls.Config{
|
||||
NextProtos: tlsOption.ALPNProtocols,
|
||||
}
|
||||
|
||||
if len(tlsOption.ClientAuth.CAFiles) > 0 {
|
||||
pool := x509.NewCertPool()
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
//go:build !ignore_autogenerated
|
||||
// +build !ignore_autogenerated
|
||||
|
||||
/*
|
||||
@@ -85,6 +86,11 @@ func (in *Options) DeepCopyInto(out *Options) {
|
||||
copy(*out, *in)
|
||||
}
|
||||
in.ClientAuth.DeepCopyInto(&out.ClientAuth)
|
||||
if in.ALPNProtocols != nil {
|
||||
in, out := &in.ALPNProtocols, &out.ALPNProtocols
|
||||
*out = make([]string, len(*in))
|
||||
copy(*out, *in)
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
//go:build !ignore_autogenerated
|
||||
// +build !ignore_autogenerated
|
||||
|
||||
/*
|
||||
|
||||
@@ -11,14 +11,29 @@ docker build --build-arg KUBE_VERSION=v0.20.2 --build-arg USER=$USER --build-arg
|
||||
-t "${IMAGE_NAME}" \
|
||||
"."
|
||||
|
||||
cmd="/go/src/k8s.io/code-generator/generate-groups.sh all ${PROJECT_MODULE}/${MODULE_VERSION}/pkg/provider/kubernetes/crd/generated ${PROJECT_MODULE}/${MODULE_VERSION}/pkg/provider/kubernetes/crd traefik:v1alpha1 --go-header-file=/go/src/${PROJECT_MODULE}/script/boilerplate.go.tmpl"
|
||||
|
||||
echo "Generating Traefik clientSet code ..."
|
||||
echo $(pwd)
|
||||
cmd="/go/src/k8s.io/code-generator/generate-groups.sh all ${PROJECT_MODULE}/${MODULE_VERSION}/pkg/provider/kubernetes/crd/generated ${PROJECT_MODULE}/${MODULE_VERSION}/pkg/provider/kubernetes/crd traefik:v1alpha1 --go-header-file=/go/src/${PROJECT_MODULE}/script/boilerplate.go.tmpl"
|
||||
docker run --rm \
|
||||
-v "$(pwd):/go/src/${PROJECT_MODULE}" \
|
||||
-w "/go/src/${PROJECT_MODULE}" \
|
||||
"${IMAGE_NAME}" $cmd
|
||||
|
||||
echo "Generating DeepCopy code ..."
|
||||
cmd="deepcopy-gen --input-dirs ${PROJECT_MODULE}/${MODULE_VERSION}/pkg/config/dynamic --input-dirs ${PROJECT_MODULE}/${MODULE_VERSION}/pkg/tls --input-dirs ${PROJECT_MODULE}/${MODULE_VERSION}/pkg/types --output-package ${PROJECT_MODULE}/${MODULE_VERSION} -O zz_generated.deepcopy --go-header-file=/go/src/${PROJECT_MODULE}/script/boilerplate.go.tmpl"
|
||||
docker run --rm \
|
||||
-v "$(pwd):/go/src/${PROJECT_MODULE}" \
|
||||
-w "/go/src/${PROJECT_MODULE}" \
|
||||
"${IMAGE_NAME}" $cmd
|
||||
|
||||
echo "Generating the CRD definitions for the documentation ..."
|
||||
cmd="controller-gen crd:crdVersions=v1 paths=./pkg/provider/kubernetes/crd/traefik/v1alpha1/... output:dir=./docs/content/reference/dynamic-configuration/"
|
||||
docker run --rm \
|
||||
-v "$(pwd):/go/src/${PROJECT_MODULE}" \
|
||||
-w "/go/src/${PROJECT_MODULE}" \
|
||||
"${IMAGE_NAME}" $cmd
|
||||
|
||||
echo "Concatenate the CRD definitions for the integration tests ..."
|
||||
cat $(pwd)/docs/content/reference/dynamic-configuration/traefik.containo.us_*.yaml > $(pwd)/integration/fixtures/k8s/01-traefik-crd.yml
|
||||
|
||||
cp -r $(pwd)/${MODULE_VERSION}/* $(pwd)
|
||||
rm -rf $(pwd)/${MODULE_VERSION}
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
FROM golang:1.16
|
||||
FROM golang:1.17
|
||||
|
||||
ARG USER=$USER
|
||||
ARG UID=$UID
|
||||
@@ -10,6 +10,8 @@ ARG KUBE_VERSION
|
||||
|
||||
RUN go get k8s.io/code-generator@$KUBE_VERSION; exit 0
|
||||
RUN go get k8s.io/apimachinery@$KUBE_VERSION; exit 0
|
||||
RUN go get k8s.io/code-generator/cmd/deepcopy-gen@$KUBE_VERSION; exit 0
|
||||
RUN go get sigs.k8s.io/controller-tools/cmd/controller-gen@v0.6.2; exit 0
|
||||
|
||||
RUN mkdir -p $GOPATH/src/k8s.io/{code-generator,apimachinery}
|
||||
RUN cp -R $GOPATH/pkg/mod/k8s.io/code-generator@$KUBE_VERSION $GOPATH/src/k8s.io/code-generator
|
||||
|
||||
@@ -4,11 +4,11 @@ RepositoryName = "traefik"
|
||||
OutputType = "file"
|
||||
FileName = "traefik_changelog.md"
|
||||
|
||||
# example new bugfix v2.4.14
|
||||
CurrentRef = "v2.4"
|
||||
PreviousRef = "v2.4.13"
|
||||
BaseBranch = "v2.4"
|
||||
FutureCurrentRefName = "v2.4.14"
|
||||
# example new bugfix v2.5.2
|
||||
CurrentRef = "v2.5"
|
||||
PreviousRef = "v2.5.1"
|
||||
BaseBranch = "v2.5"
|
||||
FutureCurrentRefName = "v2.5.2"
|
||||
|
||||
ThresholdPreviousRef = 10
|
||||
ThresholdCurrentRef = 10
|
||||
|
||||
Reference in New Issue
Block a user