From a42d396ed212481f645b6b9cfc9c6591353dac85 Mon Sep 17 00:00:00 2001 From: Romain Date: Fri, 27 Sep 2024 11:18:05 +0200 Subject: [PATCH 01/13] Clean connection headers for forward auth request only Co-authored-by: Kevin Pollet --- docs/content/migration/v2.md | 12 +++++++ pkg/middlewares/auth/connectionheader.go | 36 ++++++++----------- pkg/middlewares/auth/connectionheader_test.go | 8 +---- pkg/middlewares/auth/forward.go | 4 ++- 4 files changed, 30 insertions(+), 30 deletions(-) diff --git a/docs/content/migration/v2.md b/docs/content/migration/v2.md index e0c000cad6..c0a58100b6 100644 --- a/docs/content/migration/v2.md +++ b/docs/content/migration/v2.md @@ -637,3 +637,15 @@ Increasing the `readTimeout` value could be the solution notably if you are deal - TCP: `Error while handling TCP connection: readfrom tcp X.X.X.X:X->X.X.X.X:X: read tcp X.X.X.X:X->X.X.X.X:X: i/o timeout` - HTTP: `'499 Client Closed Request' caused by: context canceled` - HTTP: `ReverseProxy read error during body copy: read tcp X.X.X.X:X->X.X.X.X:X: use of closed network connection` + +## v2.11.3 + +### Connection headers + +In `v2.11.3`, the handling of the request Connection headers directives has changed to prevent any abuse. +Before, Traefik removed any header listed in the Connection header just before forwarding the request to the backends. +Now, Traefik removes the headers listed in the Connection header as soon as the request is handled. +As a consequence, middlewares do not have access to those Connection headers, +and a new option has been introduced to specify which ones could go through the middleware chain before being removed: `.forwardedHeaders.connection`. + +Please check out the [entrypoint forwarded headers connection option configuration](../routing/entrypoints.md#forwarded-headers) documentation. diff --git a/pkg/middlewares/auth/connectionheader.go b/pkg/middlewares/auth/connectionheader.go index 1cd1da81ab..8b78b94308 100644 --- a/pkg/middlewares/auth/connectionheader.go +++ b/pkg/middlewares/auth/connectionheader.go @@ -13,34 +13,26 @@ const ( upgradeHeader = "Upgrade" ) -// Remover removes hop-by-hop headers listed in the "Connection" header. +// RemoveConnectionHeaders removes hop-by-hop headers listed in the "Connection" header. // See RFC 7230, section 6.1. -func Remover(next http.Handler) http.HandlerFunc { - return func(rw http.ResponseWriter, req *http.Request) { - var reqUpType string - if httpguts.HeaderValuesContainsToken(req.Header[connectionHeader], upgradeHeader) { - reqUpType = req.Header.Get(upgradeHeader) - } - - removeConnectionHeaders(req.Header) - - if reqUpType != "" { - req.Header.Set(connectionHeader, upgradeHeader) - req.Header.Set(upgradeHeader, reqUpType) - } else { - req.Header.Del(connectionHeader) - } - - next.ServeHTTP(rw, req) +func RemoveConnectionHeaders(req *http.Request) { + var reqUpType string + if httpguts.HeaderValuesContainsToken(req.Header[connectionHeader], upgradeHeader) { + reqUpType = req.Header.Get(upgradeHeader) } -} -func removeConnectionHeaders(h http.Header) { - for _, f := range h[connectionHeader] { + for _, f := range req.Header[connectionHeader] { for _, sf := range strings.Split(f, ",") { if sf = textproto.TrimString(sf); sf != "" { - h.Del(sf) + req.Header.Del(sf) } } } + + if reqUpType != "" { + req.Header.Set(connectionHeader, upgradeHeader) + req.Header.Set(upgradeHeader, reqUpType) + } else { + req.Header.Del(connectionHeader) + } } diff --git a/pkg/middlewares/auth/connectionheader_test.go b/pkg/middlewares/auth/connectionheader_test.go index 00d719ef04..26854b858d 100644 --- a/pkg/middlewares/auth/connectionheader_test.go +++ b/pkg/middlewares/auth/connectionheader_test.go @@ -50,19 +50,13 @@ func TestRemover(t *testing.T) { t.Run(test.desc, func(t *testing.T) { t.Parallel() - next := http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {}) - - h := Remover(next) - req := httptest.NewRequest(http.MethodGet, "https://localhost", nil) for k, v := range test.reqHeaders { req.Header.Set(k, v) } - rw := httptest.NewRecorder() - - h.ServeHTTP(rw, req) + RemoveConnectionHeaders(req) assert.Equal(t, test.expected, req.Header) }) diff --git a/pkg/middlewares/auth/forward.go b/pkg/middlewares/auth/forward.go index 27d42973cd..6004a01fa9 100644 --- a/pkg/middlewares/auth/forward.go +++ b/pkg/middlewares/auth/forward.go @@ -89,7 +89,7 @@ func NewForward(ctx context.Context, next http.Handler, config dynamic.ForwardAu fa.authResponseHeadersRegex = re } - return Remover(fa), nil + return fa, nil } func (fa *forwardAuth) GetTracingInformation() (string, ext.SpanKindEnum) { @@ -195,6 +195,8 @@ func (fa *forwardAuth) ServeHTTP(rw http.ResponseWriter, req *http.Request) { func writeHeader(req, forwardReq *http.Request, trustForwardHeader bool, allowedHeaders []string) { utils.CopyHeaders(forwardReq.Header, req.Header) + + RemoveConnectionHeaders(forwardReq) utils.RemoveHeaders(forwardReq.Header, hopHeaders...) forwardReq.Header = filterForwardRequestHeaders(forwardReq.Header, allowedHeaders) From e62f8af23b2613ee7f559528d2862de3e079a546 Mon Sep 17 00:00:00 2001 From: Romain Date: Fri, 27 Sep 2024 11:20:04 +0200 Subject: [PATCH 02/13] Rework condition to not log on timeout --- pkg/server/router/tcp/postgres.go | 2 +- pkg/server/router/tcp/router.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/server/router/tcp/postgres.go b/pkg/server/router/tcp/postgres.go index e82ba7eb3b..99a658c0eb 100644 --- a/pkg/server/router/tcp/postgres.go +++ b/pkg/server/router/tcp/postgres.go @@ -28,7 +28,7 @@ func isPostgres(br *bufio.Reader) (bool, error) { peeked, err := br.Peek(i) if err != nil { var opErr *net.OpError - if !errors.Is(err, io.EOF) && (!errors.As(err, &opErr) || opErr.Timeout()) { + if !errors.Is(err, io.EOF) && (!errors.As(err, &opErr) || !opErr.Timeout()) { log.Error().Err(err).Msg("Error while Peeking first byte") } return false, err diff --git a/pkg/server/router/tcp/router.go b/pkg/server/router/tcp/router.go index 06ea5c2239..46da18b5d9 100644 --- a/pkg/server/router/tcp/router.go +++ b/pkg/server/router/tcp/router.go @@ -363,7 +363,7 @@ func clientHelloInfo(br *bufio.Reader) (*clientHello, error) { hdr, err := br.Peek(1) if err != nil { var opErr *net.OpError - if !errors.Is(err, io.EOF) && (!errors.As(err, &opErr) || opErr.Timeout()) { + if !errors.Is(err, io.EOF) && (!errors.As(err, &opErr) || !opErr.Timeout()) { log.Error().Err(err).Msg("Error while Peeking first byte") } return nil, err From 61bb3ab9912a0a7c8b59e50c90e49a84b37ef827 Mon Sep 17 00:00:00 2001 From: Romain Date: Fri, 27 Sep 2024 11:34:05 +0200 Subject: [PATCH 03/13] Rework condition to not log on timeout --- pkg/server/router/tcp/router.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/server/router/tcp/router.go b/pkg/server/router/tcp/router.go index 0da33e10a9..4790cd7516 100644 --- a/pkg/server/router/tcp/router.go +++ b/pkg/server/router/tcp/router.go @@ -349,7 +349,7 @@ func clientHelloInfo(br *bufio.Reader) (*clientHello, error) { hdr, err := br.Peek(1) if err != nil { var opErr *net.OpError - if !errors.Is(err, io.EOF) && (!errors.As(err, &opErr) || opErr.Timeout()) { + if !errors.Is(err, io.EOF) && (!errors.As(err, &opErr) || !opErr.Timeout()) { log.WithoutContext().Errorf("Error while Peeking first byte: %s", err) } return nil, err From e485edbe9f19cb8532abd619b5c682753b653b19 Mon Sep 17 00:00:00 2001 From: lyrandy <42095565+lyrandy@users.noreply.github.com> Date: Fri, 27 Sep 2024 09:00:06 -0400 Subject: [PATCH 04/13] Update API documentation to mention pagination --- docs/content/operations/api.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/docs/content/operations/api.md b/docs/content/operations/api.md index f6786f6d5f..a495ab4e5a 100644 --- a/docs/content/operations/api.md +++ b/docs/content/operations/api.md @@ -136,6 +136,15 @@ api: All the following endpoints must be accessed with a `GET` HTTP request. +!!! info "Pagination" + + By default, up to 100 results are returned per page, and the next page can be checked using the `X-Next-Page` HTTP Header. + To control pagination, use the `page` and `per_page` query parameters. + + ```bash + curl https://traefik.example.com:8080/api/http/routers?page=2&per_page=20 + ``` + | Path | Description | |--------------------------------|---------------------------------------------------------------------------------------------| | `/api/http/routers` | Lists all the HTTP routers information. | From 14e5d4b4b36313cce6b38efcc3a6497e1e9dde3d Mon Sep 17 00:00:00 2001 From: Michel Heusschen <59014050+michelheusschen@users.noreply.github.com> Date: Fri, 27 Sep 2024 15:22:04 +0200 Subject: [PATCH 05/13] Remove unused boot files from webui --- webui/embed.go | 2 ++ webui/package.json | 3 --- webui/quasar.conf.js | 4 +--- webui/src/_directives/resize.js | 16 ---------------- webui/src/boot/_globals.js | 10 ---------- webui/src/boot/_hacks.js | 13 ------------- webui/src/boot/_init.js | 30 ------------------------------ webui/yarn.lock | 15 --------------- 8 files changed, 3 insertions(+), 90 deletions(-) delete mode 100644 webui/src/_directives/resize.js delete mode 100644 webui/src/boot/_globals.js delete mode 100644 webui/src/boot/_hacks.js delete mode 100644 webui/src/boot/_init.js diff --git a/webui/embed.go b/webui/embed.go index 155b0f9e64..23159dc1fb 100644 --- a/webui/embed.go +++ b/webui/embed.go @@ -5,6 +5,8 @@ import ( "io/fs" ) +// Files starting with . and _ are excluded by default +// //go:embed static var assets embed.FS diff --git a/webui/package.json b/webui/package.json index f0521e8f0f..0a8d12eacf 100644 --- a/webui/package.json +++ b/webui/package.json @@ -20,16 +20,13 @@ "dependencies": { "@quasar/extras": "^1.16.12", "axios": "^1.7.4", - "bowser": "^2.11.0", "chart.js": "^4.4.1", "core-js": "^3.35.1", "dot-prop": "^8.0.2", - "iframe-resizer": "^4.3.9", "lodash.isequal": "4.5.0", "moment": "^2.30.1", "quasar": "^2.16.6", "query-string": "^8.1.0", - "vh-check": "^2.0.5", "vue": "^3.0.0", "vue-chartjs": "^5.3.0", "vue-router": "^4.0.12", diff --git a/webui/quasar.conf.js b/webui/quasar.conf.js index 58a8e2c39c..c4a41a8c0c 100644 --- a/webui/quasar.conf.js +++ b/webui/quasar.conf.js @@ -13,9 +13,7 @@ module.exports = configure(function (ctx) { // app boot file (/src/boot) // --> boot files are part of "main.js" boot: [ - 'api', - '_hacks', - '_init' + 'api' ], css: [ diff --git a/webui/src/_directives/resize.js b/webui/src/_directives/resize.js deleted file mode 100644 index 3a0500a448..0000000000 --- a/webui/src/_directives/resize.js +++ /dev/null @@ -1,16 +0,0 @@ -import iframeResize from 'iframe-resizer/js/iframeResizer' - -const resize = { - mounted (el, binding) { - const options = binding.value || {} - el.addEventListener('load', () => iframeResize(options, el)) - }, - unmounted (el) { - const resizableEl = el - if (resizableEl.iFrameResizer) { - resizableEl.iFrameResizer.removeListeners() - } - } -} - -export default resize diff --git a/webui/src/boot/_globals.js b/webui/src/boot/_globals.js deleted file mode 100644 index f099d03cd6..0000000000 --- a/webui/src/boot/_globals.js +++ /dev/null @@ -1,10 +0,0 @@ -import { APP } from '../_helpers/APP' -import Boot from '../_middleware/Boot' - -export default async ({ app, router, store }) => { - app.use(Boot) - - APP.root = app - APP.router = router - APP.store = store -} diff --git a/webui/src/boot/_hacks.js b/webui/src/boot/_hacks.js deleted file mode 100644 index 2d63bbdd04..0000000000 --- a/webui/src/boot/_hacks.js +++ /dev/null @@ -1,13 +0,0 @@ -import Bowser from 'bowser' -import vhCheck from 'vh-check' - -const browser = Bowser.getParser(window.navigator.userAgent) - -// In Mobile -if (browser.getPlatform().type === 'mobile') { - vhCheck() -} - -export default async ({ app, Vue }) => { - -} diff --git a/webui/src/boot/_init.js b/webui/src/boot/_init.js deleted file mode 100644 index 5ec3caf4e3..0000000000 --- a/webui/src/boot/_init.js +++ /dev/null @@ -1,30 +0,0 @@ -import { APP } from '../_helpers/APP' -import errors from '../_helpers/Errors' -import resize from '../_directives/resize' - -export default async ({ app, router }) => { - // Directives - app.directive('resize', resize) - - // Router - // ---------------------------------------------- - router.beforeEach(async (to, from, next) => { - // Set APP - APP.routeTo = to - APP.routeFrom = from - next() - }) - - // Api (axios) - // ---------------------------------------------- - APP.api.interceptors.request.use((config) => { - console.log('interceptors -> config', config) - // config.headers['Accept'] = '*/*' - return config - }) - - APP.api.interceptors.response.use((response) => { - console.log('interceptors -> response', response) - return response - }, errors.handleResponse) -} diff --git a/webui/yarn.lock b/webui/yarn.lock index 88b6bac4fe..c9eb682333 100644 --- a/webui/yarn.lock +++ b/webui/yarn.lock @@ -2267,11 +2267,6 @@ boolbase@^1.0.0: resolved "https://registry.yarnpkg.com/boolbase/-/boolbase-1.0.0.tgz#68dff5fbe60c51eb37725ea9e3ed310dcc1e776e" integrity sha512-JZOSA7Mo9sNGB8+UjSgzdLtokWAky1zbztM3WRLCbZ70/3cTANmQmOdR7y2g+J0e2WXywy1yS468tY+IruqEww== -bowser@^2.11.0: - version "2.11.0" - resolved "https://registry.yarnpkg.com/bowser/-/bowser-2.11.0.tgz#5ca3c35757a7aa5771500c70a73a9f91ef420a8f" - integrity sha512-AlcaJBi/pqqJBIQ8U9Mcpc9i8Aqxn88Skv5d+xBX006BY5u8N3mGLHa5Lgppa7L/HfwgwLgZ6NYs+Ag6uUmJRA== - brace-expansion@^1.1.7: version "1.1.11" resolved "https://registry.yarnpkg.com/brace-expansion/-/brace-expansion-1.1.11.tgz#3c7fcbf529d87226f3d2f52b966ff5271eb441dd" @@ -3864,11 +3859,6 @@ ieee754@^1.1.13, ieee754@^1.2.1: resolved "https://registry.yarnpkg.com/ieee754/-/ieee754-1.2.1.tgz#8eb7a10a63fff25d15a57b001586d177d1b0d352" integrity sha512-dcyqhDvX1C46lXZcVqCpK+FtMRQVdIMN6/Df5js2zouUsqG7I6sFxitIC+7KYK29KdXOLHdu9zL4sFnoVQnqaA== -iframe-resizer@^4.3.9: - version "4.4.5" - resolved "https://registry.yarnpkg.com/iframe-resizer/-/iframe-resizer-4.4.5.tgz#f5048636e7f2fb5d9a09cc2ae78eb2da55ad555c" - integrity sha512-U8bCywf/Gh07O69RXo6dXAzTtODQrxaHGHRI7Nt4ipXsuq6EMxVsOP/jjaP43YtXz/ibESS0uSVDN3sOGCzSmw== - ignore@^5.2.0, ignore@^5.2.4: version "5.3.1" resolved "https://registry.yarnpkg.com/ignore/-/ignore-5.3.1.tgz#5073e554cd42c5b33b394375f538b8593e34d4ef" @@ -6007,11 +5997,6 @@ vary@~1.1.2: resolved "https://registry.yarnpkg.com/vary/-/vary-1.1.2.tgz#2299f02c6ded30d4a5961b0b9f74524a18f634fc" integrity sha512-BNGbWLfd0eUPabhkXUVm0j8uuvREyTh5ovRa/dyow/BqAbZJyC+5fU+IzQOzmAKzYqYRAISoRhdQr3eIZ/PXqg== -vh-check@^2.0.5: - version "2.0.5" - resolved "https://registry.yarnpkg.com/vh-check/-/vh-check-2.0.5.tgz#1b70610461e9776176f23d172daae3c4761aed09" - integrity sha512-vHtIYWt9uLl2P2tLlatVpMwv9+ezuJCtMNjUVIpzd5Pa/dJXN8AtqkKmVRcNSlmXyCjkCkbMQX/Vs9axmdlfgg== - vite-jsconfig-paths@^2.0.1: version "2.0.1" resolved "https://registry.yarnpkg.com/vite-jsconfig-paths/-/vite-jsconfig-paths-2.0.1.tgz#d66e36d67596dd8a8e4a6ed6e6db20debc50b45e" From 2bb712135df1b5c7b1f9d6b7c04bbd6ca3a83add Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9mi=20BUISSON?= Date: Fri, 27 Sep 2024 15:34:04 +0200 Subject: [PATCH 06/13] Specify default format value for access log --- docs/content/observability/access-logs.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/content/observability/access-logs.md b/docs/content/observability/access-logs.md index f96473a95d..1049e6fc53 100644 --- a/docs/content/observability/access-logs.md +++ b/docs/content/observability/access-logs.md @@ -47,6 +47,8 @@ accessLog: ### `format` +_Optional, Default="common"_ + By default, logs are written using the Common Log Format (CLF). To write logs in JSON, use `json` in the `format` option. If the given format is unsupported, the default (CLF) is used instead. From c02b72ca51e6dc8e0a92868cb168159b3343589b Mon Sep 17 00:00:00 2001 From: Jesper Noordsij <45041769+jnoordsij@users.noreply.github.com> Date: Fri, 27 Sep 2024 16:24:04 +0200 Subject: [PATCH 07/13] Disable IngressClass lookup when disableClusterScopeResources is enabled --- pkg/provider/kubernetes/ingress/kubernetes.go | 2 +- .../kubernetes/ingress/kubernetes_test.go | 63 ++++++++++++++++--- 2 files changed, 56 insertions(+), 9 deletions(-) diff --git a/pkg/provider/kubernetes/ingress/kubernetes.go b/pkg/provider/kubernetes/ingress/kubernetes.go index 982cc09e87..c6b38e5eac 100644 --- a/pkg/provider/kubernetes/ingress/kubernetes.go +++ b/pkg/provider/kubernetes/ingress/kubernetes.go @@ -219,7 +219,7 @@ func (p *Provider) loadConfigurationFromIngresses(ctx context.Context, client Cl var ingressClasses []*netv1.IngressClass - if !p.DisableIngressClassLookup { + if !p.DisableIngressClassLookup && !p.DisableClusterScopeResources { ics, err := client.GetIngressClasses() if err != nil { log.Ctx(ctx).Warn().Err(err).Msg("Failed to list ingress classes") diff --git a/pkg/provider/kubernetes/ingress/kubernetes_test.go b/pkg/provider/kubernetes/ingress/kubernetes_test.go index 9b736a454f..2af574c352 100644 --- a/pkg/provider/kubernetes/ingress/kubernetes_test.go +++ b/pkg/provider/kubernetes/ingress/kubernetes_test.go @@ -26,11 +26,12 @@ func Bool(v bool) *bool { return &v } func TestLoadConfigurationFromIngresses(t *testing.T) { testCases := []struct { - desc string - ingressClass string - expected *dynamic.Configuration - allowEmptyServices bool - disableIngressClassLookup bool + desc string + ingressClass string + expected *dynamic.Configuration + allowEmptyServices bool + disableIngressClassLookup bool + disableClusterScopeResources bool }{ { desc: "Empty ingresses", @@ -1335,6 +1336,38 @@ func TestLoadConfigurationFromIngresses(t *testing.T) { }, }, }, + { + // Duplicate test case with the same fixture as the one above, but with the disableClusterScopeResources option to true. + // Showing that disabling the ingressClass discovery still allow the discovery of ingresses with ingress annotation. + desc: "Ingress with ingress annotation", + disableClusterScopeResources: true, + expected: &dynamic.Configuration{ + HTTP: &dynamic.HTTPConfiguration{ + Middlewares: map[string]*dynamic.Middleware{}, + Routers: map[string]*dynamic.Router{ + "testing-bar": { + Rule: "PathPrefix(`/bar`)", + Service: "testing-service1-80", + }, + }, + Services: map[string]*dynamic.Service{ + "testing-service1-80": { + LoadBalancer: &dynamic.ServersLoadBalancer{ + PassHostHeader: Bool(true), + ResponseForwarding: &dynamic.ResponseForwarding{ + FlushInterval: ptypes.Duration(100 * time.Millisecond), + }, + Servers: []dynamic.Server{ + { + URL: "http://10.10.0.1:8080", + }, + }, + }, + }, + }, + }, + }, + }, { desc: "Ingress with ingressClass", expected: &dynamic.Configuration{ @@ -1377,6 +1410,19 @@ func TestLoadConfigurationFromIngresses(t *testing.T) { }, }, }, + { + // Duplicate test case with the same fixture as the one above, but with the disableClusterScopeResources option to true. + // Showing that disabling the ingressClass discovery avoid discovering Ingresses with an IngressClass. + desc: "Ingress with ingressClass", + disableClusterScopeResources: true, + expected: &dynamic.Configuration{ + HTTP: &dynamic.HTTPConfiguration{ + Middlewares: map[string]*dynamic.Middleware{}, + Routers: map[string]*dynamic.Router{}, + Services: map[string]*dynamic.Service{}, + }, + }, + }, { desc: "Ingress with named port", expected: &dynamic.Configuration{ @@ -1455,9 +1501,10 @@ func TestLoadConfigurationFromIngresses(t *testing.T) { clientMock := newClientMock(generateTestFilename(test.desc)) p := Provider{ - IngressClass: test.ingressClass, - AllowEmptyServices: test.allowEmptyServices, - DisableIngressClassLookup: test.disableIngressClassLookup, + IngressClass: test.ingressClass, + AllowEmptyServices: test.allowEmptyServices, + DisableIngressClassLookup: test.disableIngressClassLookup, + DisableClusterScopeResources: test.disableClusterScopeResources, } conf := p.loadConfigurationFromIngresses(context.Background(), clientMock) From 9eb804a689c9bdfd0e9cb969a7df7cc746be3de9 Mon Sep 17 00:00:00 2001 From: Kevin Pollet Date: Mon, 30 Sep 2024 11:56:04 +0200 Subject: [PATCH 08/13] Bump github.com/klauspost/compress to 8e14b1b5a913 --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index a32b04ba6d..4833b4267d 100644 --- a/go.mod +++ b/go.mod @@ -32,7 +32,7 @@ require ( github.com/influxdata/influxdb-client-go/v2 v2.7.0 github.com/influxdata/influxdb1-client v0.0.0-20200827194710-b269163b24ab // No tag on the repo. github.com/instana/go-sensor v1.38.3 - github.com/klauspost/compress v1.17.9 + github.com/klauspost/compress v1.17.11-0.20240927175842-8e14b1b5a913 // Required to have the content-type fix: https://github.com/klauspost/compress/pull/1011 github.com/kvtools/consul v1.0.2 github.com/kvtools/etcdv3 v1.0.2 github.com/kvtools/redis v1.1.0 diff --git a/go.sum b/go.sum index 4d4a050893..2faf7fb354 100644 --- a/go.sum +++ b/go.sum @@ -741,8 +741,8 @@ github.com/k0kubun/go-ansi v0.0.0-20180517002512-3bf9e2903213/go.mod h1:vNUNkEQ1 github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA= -github.com/klauspost/compress v1.17.9/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw= +github.com/klauspost/compress v1.17.11-0.20240927175842-8e14b1b5a913 h1:7s7Xd7zVElAw1qh/eh+tXDNfDNXXj38Tpq54eeG6/BM= +github.com/klauspost/compress v1.17.11-0.20240927175842-8e14b1b5a913/go.mod h1:pMDklpSncoRMuLFrf1W9Ss9KT+0rH90U12bZKk7uwG0= github.com/kolo/xmlrpc v0.0.0-20220921171641-a4b6fa1dd06b h1:udzkj9S/zlT5X367kqJis0QP7YMxobob6zhzq6Yre00= github.com/kolo/xmlrpc v0.0.0-20220921171641-a4b6fa1dd06b/go.mod h1:pcaDhQK0/NJZEvtCO0qQPPropqV0sJOJ6YW7X+9kRwM= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= From 4d6cb6af030688a9e341438020210b8d3cdb3012 Mon Sep 17 00:00:00 2001 From: Mathieu <45506907+Lamatte@users.noreply.github.com> Date: Mon, 30 Sep 2024 12:10:05 +0200 Subject: [PATCH 09/13] Ensure defaultGeneratedCert.main as Subject's CN --- pkg/provider/acme/provider.go | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/pkg/provider/acme/provider.go b/pkg/provider/acme/provider.go index 3b4c6d8458..47e3d731d8 100644 --- a/pkg/provider/acme/provider.go +++ b/pkg/provider/acme/provider.go @@ -552,8 +552,11 @@ func (p *Provider) resolveDefaultCertificate(ctx context.Context, domains []stri p.resolvingDomainsMutex.Lock() - sort.Strings(domains) - domainKey := strings.Join(domains, ",") + sortedDomains := make([]string, len(domains)) + copy(sortedDomains, domains) + sort.Strings(sortedDomains) + + domainKey := strings.Join(sortedDomains, ",") if _, ok := p.resolvingDomains[domainKey]; ok { p.resolvingDomainsMutex.Unlock() @@ -947,12 +950,14 @@ func (p *Provider) certExists(validDomains []string) bool { p.certificatesMu.RLock() defer p.certificatesMu.RUnlock() - sort.Strings(validDomains) + sortedDomains := make([]string, len(validDomains)) + copy(sortedDomains, validDomains) + sort.Strings(sortedDomains) for _, cert := range p.certificates { domains := cert.Certificate.Domain.ToStrArray() sort.Strings(domains) - if reflect.DeepEqual(domains, validDomains) { + if reflect.DeepEqual(domains, sortedDomains) { return true } } From 373095f1a8119dbc81a6e8f9b15e0427da836c57 Mon Sep 17 00:00:00 2001 From: Romain Date: Wed, 2 Oct 2024 10:34:04 +0200 Subject: [PATCH 10/13] Support NativeLB option in GatewayAPI provider Co-authored-by: Kevin Pollet --- .../reference/static-configuration/cli-ref.md | 3 + .../reference/static-configuration/env-ref.md | 3 + .../reference/static-configuration/file.toml | 1 + .../reference/static-configuration/file.yaml | 1 + .../kubernetes/crd/kubernetes_test.go | 20 +- .../kubernetes/gateway/annotations.go | 54 +++ .../kubernetes/gateway/annotations_test.go | 89 +++++ .../fixtures/httproute/simple_nativelb.yml | 51 +++ .../kubernetes/gateway/fixtures/services.yml | 44 +++ .../fixtures/tcproute/simple_nativelb.yml | 46 +++ .../fixtures/tlsroute/simple_nativelb.yml | 60 +++ pkg/provider/kubernetes/gateway/grpcroute.go | 2 +- pkg/provider/kubernetes/gateway/httproute.go | 2 +- pkg/provider/kubernetes/gateway/kubernetes.go | 28 +- .../kubernetes/gateway/kubernetes_test.go | 345 +++++++++++++++++- pkg/provider/kubernetes/gateway/tcproute.go | 2 +- pkg/provider/kubernetes/gateway/tlsroute.go | 2 +- 17 files changed, 734 insertions(+), 19 deletions(-) create mode 100644 pkg/provider/kubernetes/gateway/annotations.go create mode 100644 pkg/provider/kubernetes/gateway/annotations_test.go create mode 100644 pkg/provider/kubernetes/gateway/fixtures/httproute/simple_nativelb.yml create mode 100644 pkg/provider/kubernetes/gateway/fixtures/tcproute/simple_nativelb.yml create mode 100644 pkg/provider/kubernetes/gateway/fixtures/tlsroute/simple_nativelb.yml diff --git a/docs/content/reference/static-configuration/cli-ref.md b/docs/content/reference/static-configuration/cli-ref.md index 8bb8850a7d..a4264b017d 100644 --- a/docs/content/reference/static-configuration/cli-ref.md +++ b/docs/content/reference/static-configuration/cli-ref.md @@ -801,6 +801,9 @@ Kubernetes label selector to select specific GatewayClasses. `--providers.kubernetesgateway.namespaces`: Kubernetes namespaces. +`--providers.kubernetesgateway.nativelbbydefault`: +Defines whether to use Native Kubernetes load-balancing by default. (Default: ```false```) + `--providers.kubernetesgateway.statusaddress.hostname`: Hostname used for Kubernetes Gateway status address. diff --git a/docs/content/reference/static-configuration/env-ref.md b/docs/content/reference/static-configuration/env-ref.md index 480125d064..e835cfa830 100644 --- a/docs/content/reference/static-configuration/env-ref.md +++ b/docs/content/reference/static-configuration/env-ref.md @@ -801,6 +801,9 @@ Kubernetes label selector to select specific GatewayClasses. `TRAEFIK_PROVIDERS_KUBERNETESGATEWAY_NAMESPACES`: Kubernetes namespaces. +`TRAEFIK_PROVIDERS_KUBERNETESGATEWAY_NATIVELBBYDEFAULT`: +Defines whether to use Native Kubernetes load-balancing by default. (Default: ```false```) + `TRAEFIK_PROVIDERS_KUBERNETESGATEWAY_STATUSADDRESS_HOSTNAME`: Hostname used for Kubernetes Gateway status address. diff --git a/docs/content/reference/static-configuration/file.toml b/docs/content/reference/static-configuration/file.toml index 92244954c6..d5ad0411ef 100644 --- a/docs/content/reference/static-configuration/file.toml +++ b/docs/content/reference/static-configuration/file.toml @@ -158,6 +158,7 @@ labelSelector = "foobar" throttleDuration = "42s" experimentalChannel = true + nativeLBByDefault = true [providers.kubernetesGateway.statusAddress] ip = "foobar" hostname = "foobar" diff --git a/docs/content/reference/static-configuration/file.yaml b/docs/content/reference/static-configuration/file.yaml index a547708fc6..8823bb7549 100644 --- a/docs/content/reference/static-configuration/file.yaml +++ b/docs/content/reference/static-configuration/file.yaml @@ -183,6 +183,7 @@ providers: service: name: foobar namespace: foobar + nativeLBByDefault: true rest: insecure: true consulCatalog: diff --git a/pkg/provider/kubernetes/crd/kubernetes_test.go b/pkg/provider/kubernetes/crd/kubernetes_test.go index 49b7bc6869..b433662ae8 100644 --- a/pkg/provider/kubernetes/crd/kubernetes_test.go +++ b/pkg/provider/kubernetes/crd/kubernetes_test.go @@ -1609,7 +1609,7 @@ func TestLoadIngressRouteTCPs(t *testing.T) { k8sObjects, crdObjects := readResources(t, test.paths) - kubeClient := kubefake.NewSimpleClientset(k8sObjects...) + kubeClient := kubefake.NewClientset(k8sObjects...) crdClient := traefikcrdfake.NewSimpleClientset(crdObjects...) client := newClientImpl(kubeClient, crdClient) @@ -4891,7 +4891,7 @@ func TestLoadIngressRoutes(t *testing.T) { k8sObjects, crdObjects := readResources(t, test.paths) - kubeClient := kubefake.NewSimpleClientset(k8sObjects...) + kubeClient := kubefake.NewClientset(k8sObjects...) crdClient := traefikcrdfake.NewSimpleClientset(crdObjects...) client := newClientImpl(kubeClient, crdClient) @@ -4972,7 +4972,7 @@ func TestLoadIngressRoutes_multipleEndpointAddresses(t *testing.T) { k8sObjects, crdObjects := readResources(t, []string{"services.yml", "with_multiple_endpointslices.yml"}) - kubeClient := kubefake.NewSimpleClientset(k8sObjects...) + kubeClient := kubefake.NewClientset(k8sObjects...) crdClient := traefikcrdfake.NewSimpleClientset(crdObjects...) client := newClientImpl(kubeClient, crdClient) @@ -5481,7 +5481,7 @@ func TestLoadIngressRouteUDPs(t *testing.T) { k8sObjects, crdObjects := readResources(t, test.paths) - kubeClient := kubefake.NewSimpleClientset(k8sObjects...) + kubeClient := kubefake.NewClientset(k8sObjects...) crdClient := traefikcrdfake.NewSimpleClientset(crdObjects...) client := newClientImpl(kubeClient, crdClient) @@ -6971,7 +6971,7 @@ func TestCrossNamespace(t *testing.T) { k8sObjects, crdObjects := readResources(t, test.paths) - kubeClient := kubefake.NewSimpleClientset(k8sObjects...) + kubeClient := kubefake.NewClientset(k8sObjects...) crdClient := traefikcrdfake.NewSimpleClientset(crdObjects...) client := newClientImpl(kubeClient, crdClient) @@ -7240,7 +7240,7 @@ func TestExternalNameService(t *testing.T) { k8sObjects, crdObjects := readResources(t, test.paths) - kubeClient := kubefake.NewSimpleClientset(k8sObjects...) + kubeClient := kubefake.NewClientset(k8sObjects...) crdClient := traefikcrdfake.NewSimpleClientset(crdObjects...) client := newClientImpl(kubeClient, crdClient) @@ -7421,7 +7421,7 @@ func TestNativeLB(t *testing.T) { k8sObjects, crdObjects := readResources(t, test.paths) - kubeClient := kubefake.NewSimpleClientset(k8sObjects...) + kubeClient := kubefake.NewClientset(k8sObjects...) crdClient := traefikcrdfake.NewSimpleClientset(crdObjects...) client := newClientImpl(kubeClient, crdClient) @@ -7686,7 +7686,7 @@ func TestNodePortLB(t *testing.T) { k8sObjects, crdObjects := readResources(t, test.paths) - kubeClient := kubefake.NewSimpleClientset(k8sObjects...) + kubeClient := kubefake.NewClientset(k8sObjects...) crdClient := traefikcrdfake.NewSimpleClientset(crdObjects...) client := newClientImpl(kubeClient, crdClient) @@ -7727,7 +7727,7 @@ func TestCreateBasicAuthCredentials(t *testing.T) { } } - kubeClient := kubefake.NewSimpleClientset(k8sObjects...) + kubeClient := kubefake.NewClientset(k8sObjects...) crdClient := traefikcrdfake.NewSimpleClientset() client := newClientImpl(kubeClient, crdClient) @@ -8198,7 +8198,7 @@ func TestGlobalNativeLB(t *testing.T) { } } - kubeClient := kubefake.NewSimpleClientset(k8sObjects...) + kubeClient := kubefake.NewClientset(k8sObjects...) crdClient := traefikcrdfake.NewSimpleClientset(crdObjects...) client := newClientImpl(kubeClient, crdClient) diff --git a/pkg/provider/kubernetes/gateway/annotations.go b/pkg/provider/kubernetes/gateway/annotations.go new file mode 100644 index 0000000000..8e82ae6036 --- /dev/null +++ b/pkg/provider/kubernetes/gateway/annotations.go @@ -0,0 +1,54 @@ +package gateway + +import ( + "fmt" + "strings" + + "github.com/traefik/traefik/v3/pkg/config/label" +) + +const annotationsPrefix = "traefik.io/" + +// ServiceConfig is the service's root configuration from annotations. +type ServiceConfig struct { + Service Service `json:"service"` +} + +// Service is the service's configuration from annotations. +type Service struct { + NativeLB bool `json:"nativeLB"` +} + +func parseServiceAnnotations(annotations map[string]string) (ServiceConfig, error) { + var svcConf ServiceConfig + + labels := convertAnnotations(annotations) + if len(labels) == 0 { + return svcConf, nil + } + + if err := label.Decode(labels, &svcConf, "traefik.service."); err != nil { + return svcConf, fmt.Errorf("decoding labels: %w", err) + } + + return svcConf, nil +} + +func convertAnnotations(annotations map[string]string) map[string]string { + if len(annotations) == 0 { + return nil + } + + result := make(map[string]string) + + for key, value := range annotations { + if !strings.HasPrefix(key, annotationsPrefix) { + continue + } + + newKey := strings.ReplaceAll(key, "io/", "") + result[newKey] = value + } + + return result +} diff --git a/pkg/provider/kubernetes/gateway/annotations_test.go b/pkg/provider/kubernetes/gateway/annotations_test.go new file mode 100644 index 0000000000..80537526ad --- /dev/null +++ b/pkg/provider/kubernetes/gateway/annotations_test.go @@ -0,0 +1,89 @@ +package gateway + +import ( + "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +func Test_parseServiceConfig(t *testing.T) { + testCases := []struct { + desc string + annotations map[string]string + expected ServiceConfig + }{ + { + desc: "service annotations", + annotations: map[string]string{ + "ingress.kubernetes.io/foo": "bar", + "traefik.io/foo": "bar", + "traefik.io/service.nativelb": "true", + }, + expected: ServiceConfig{ + Service: Service{ + NativeLB: true, + }, + }, + }, + { + desc: "empty map", + annotations: map[string]string{}, + expected: ServiceConfig{}, + }, + { + desc: "nil map", + annotations: nil, + expected: ServiceConfig{}, + }, + } + + for _, test := range testCases { + t.Run(test.desc, func(t *testing.T) { + t.Parallel() + + cfg, err := parseServiceAnnotations(test.annotations) + require.NoError(t, err) + + assert.Equal(t, test.expected, cfg) + }) + } +} + +func Test_convertAnnotations(t *testing.T) { + testCases := []struct { + desc string + annotations map[string]string + expected map[string]string + }{ + { + desc: "service annotations", + annotations: map[string]string{ + "traefik.io/service.nativelb": "true", + }, + expected: map[string]string{ + "traefik.service.nativelb": "true", + }, + }, + { + desc: "empty map", + annotations: map[string]string{}, + expected: nil, + }, + { + desc: "nil map", + annotations: nil, + expected: nil, + }, + } + + for _, test := range testCases { + t.Run(test.desc, func(t *testing.T) { + t.Parallel() + + labels := convertAnnotations(test.annotations) + + assert.Equal(t, test.expected, labels) + }) + } +} diff --git a/pkg/provider/kubernetes/gateway/fixtures/httproute/simple_nativelb.yml b/pkg/provider/kubernetes/gateway/fixtures/httproute/simple_nativelb.yml new file mode 100644 index 0000000000..0d2febefa6 --- /dev/null +++ b/pkg/provider/kubernetes/gateway/fixtures/httproute/simple_nativelb.yml @@ -0,0 +1,51 @@ +--- +kind: GatewayClass +apiVersion: gateway.networking.k8s.io/v1 +metadata: + name: my-gateway-class +spec: + controllerName: traefik.io/gateway-controller + +--- +kind: Gateway +apiVersion: gateway.networking.k8s.io/v1 +metadata: + name: my-gateway + namespace: default +spec: + gatewayClassName: my-gateway-class + listeners: # Use GatewayClass defaults for listener definition. + - name: http + protocol: HTTP + port: 80 + allowedRoutes: + kinds: + - kind: HTTPRoute + group: gateway.networking.k8s.io + namespaces: + from: Same + +--- +kind: HTTPRoute +apiVersion: gateway.networking.k8s.io/v1 +metadata: + name: http-app-1 + namespace: default +spec: + parentRefs: + - name: my-gateway + kind: Gateway + group: gateway.networking.k8s.io + hostnames: + - "foo.com" + rules: + - matches: + - path: + type: Exact + value: /bar + backendRefs: + - name: whoami-native + port: 80 + weight: 1 + kind: Service + group: "" diff --git a/pkg/provider/kubernetes/gateway/fixtures/services.yml b/pkg/provider/kubernetes/gateway/fixtures/services.yml index fe7cf9d805..d2872a0d76 100644 --- a/pkg/provider/kubernetes/gateway/fixtures/services.yml +++ b/pkg/provider/kubernetes/gateway/fixtures/services.yml @@ -5,6 +5,7 @@ metadata: namespace: default spec: + clusterIP: 10.10.10.1 ports: - name: web2 protocol: TCP @@ -262,6 +263,7 @@ metadata: namespace: default spec: + clusterIP: 10.10.10.1 ports: - protocol: TCP port: 9000 @@ -424,3 +426,45 @@ spec: port: 80 name: wss appProtocol: kubernetes.io/wss + +--- +apiVersion: v1 +kind: Service +metadata: + name: whoami-native + namespace: default + annotations: + traefik.io/service.nativelb: "true" +spec: + clusterIP: 10.10.10.1 + ports: + - name: web2 + protocol: TCP + port: 8000 + targetPort: web2 + - name: web + protocol: TCP + port: 80 + targetPort: web + selector: + app: containous + task: whoami + +--- +apiVersion: v1 +kind: Service +metadata: + name: whoamitcp-native + namespace: default + annotations: + traefik.io/service.nativelb: "true" + +spec: + clusterIP: 10.10.10.1 + ports: + - protocol: TCP + port: 9000 + name: tcp-1 + - protocol: TCP + port: 10000 + name: tcp-2 diff --git a/pkg/provider/kubernetes/gateway/fixtures/tcproute/simple_nativelb.yml b/pkg/provider/kubernetes/gateway/fixtures/tcproute/simple_nativelb.yml new file mode 100644 index 0000000000..a852ee9133 --- /dev/null +++ b/pkg/provider/kubernetes/gateway/fixtures/tcproute/simple_nativelb.yml @@ -0,0 +1,46 @@ +--- +kind: GatewayClass +apiVersion: gateway.networking.k8s.io/v1 +metadata: + name: my-gateway-class + namespace: default +spec: + controllerName: traefik.io/gateway-controller + +--- +kind: Gateway +apiVersion: gateway.networking.k8s.io/v1 +metadata: + name: my-tcp-gateway + namespace: default +spec: + gatewayClassName: my-gateway-class + listeners: # Use GatewayClass defaults for listener definition. + - name: tcp + protocol: TCP + port: 9000 + allowedRoutes: + namespaces: + from: Same + kinds: + - kind: TCPRoute + group: gateway.networking.k8s.io + +--- +kind: TCPRoute +apiVersion: gateway.networking.k8s.io/v1alpha2 +metadata: + name: tcp-app-1 + namespace: default +spec: + parentRefs: + - name: my-tcp-gateway + kind: Gateway + group: gateway.networking.k8s.io + rules: + - backendRefs: + - name: whoamitcp-native + port: 9000 + weight: 1 + kind: Service + group: "" diff --git a/pkg/provider/kubernetes/gateway/fixtures/tlsroute/simple_nativelb.yml b/pkg/provider/kubernetes/gateway/fixtures/tlsroute/simple_nativelb.yml new file mode 100644 index 0000000000..253e59b9be --- /dev/null +++ b/pkg/provider/kubernetes/gateway/fixtures/tlsroute/simple_nativelb.yml @@ -0,0 +1,60 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: supersecret + namespace: default + +data: + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0= + tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0= + +--- +kind: GatewayClass +apiVersion: gateway.networking.k8s.io/v1 +metadata: + name: my-gateway-class + namespace: default +spec: + controllerName: traefik.io/gateway-controller + +--- +kind: Gateway +apiVersion: gateway.networking.k8s.io/v1 +metadata: + name: my-tls-gateway + namespace: default +spec: + gatewayClassName: my-gateway-class + listeners: # Use GatewayClass defaults for listener definition. + - name: tls + protocol: TLS + hostname: foo.example.com + port: 9000 + tls: + mode: Passthrough + allowedRoutes: + kinds: + - kind: TLSRoute + group: gateway.networking.k8s.io + namespaces: + from: Same + +--- +kind: TLSRoute +apiVersion: gateway.networking.k8s.io/v1alpha2 +metadata: + name: tls-app-1 + namespace: default +spec: + parentRefs: + - name: my-tls-gateway + kind: Gateway + group: gateway.networking.k8s.io + rules: + - backendRefs: + - name: whoamitcp-native + port: 9000 + weight: 1 + kind: Service + group: "" diff --git a/pkg/provider/kubernetes/gateway/grpcroute.go b/pkg/provider/kubernetes/gateway/grpcroute.go index 8dec437a25..21fc5e5d6b 100644 --- a/pkg/provider/kubernetes/gateway/grpcroute.go +++ b/pkg/provider/kubernetes/gateway/grpcroute.go @@ -350,7 +350,7 @@ func (p *Provider) loadGRPCServers(namespace string, route *gatev1.GRPCRoute, ba for _, ba := range backendAddresses { lb.Servers = append(lb.Servers, dynamic.Server{ - URL: fmt.Sprintf("h2c://%s", net.JoinHostPort(ba.Address, strconv.Itoa(int(ba.Port)))), + URL: fmt.Sprintf("h2c://%s", net.JoinHostPort(ba.IP, strconv.Itoa(int(ba.Port)))), }) } return lb, nil diff --git a/pkg/provider/kubernetes/gateway/httproute.go b/pkg/provider/kubernetes/gateway/httproute.go index 7d4502ceca..5fa5ef9ff2 100644 --- a/pkg/provider/kubernetes/gateway/httproute.go +++ b/pkg/provider/kubernetes/gateway/httproute.go @@ -482,7 +482,7 @@ func (p *Provider) loadHTTPServers(namespace string, route *gatev1.HTTPRoute, ba for _, ba := range backendAddresses { lb.Servers = append(lb.Servers, dynamic.Server{ - URL: fmt.Sprintf("%s://%s", protocol, net.JoinHostPort(ba.Address, strconv.Itoa(int(ba.Port)))), + URL: fmt.Sprintf("%s://%s", protocol, net.JoinHostPort(ba.IP, strconv.Itoa(int(ba.Port)))), }) } return lb, svcPort, nil diff --git a/pkg/provider/kubernetes/gateway/kubernetes.go b/pkg/provider/kubernetes/gateway/kubernetes.go index 6be790eb39..2588182b58 100644 --- a/pkg/provider/kubernetes/gateway/kubernetes.go +++ b/pkg/provider/kubernetes/gateway/kubernetes.go @@ -65,6 +65,7 @@ type Provider struct { ThrottleDuration ptypes.Duration `description:"Kubernetes refresh throttle duration" json:"throttleDuration,omitempty" toml:"throttleDuration,omitempty" yaml:"throttleDuration,omitempty" export:"true"` ExperimentalChannel bool `description:"Toggles Experimental Channel resources support (TCPRoute, TLSRoute...)." json:"experimentalChannel,omitempty" toml:"experimentalChannel,omitempty" yaml:"experimentalChannel,omitempty" export:"true"` StatusAddress *StatusAddress `description:"Defines the Kubernetes Gateway status address." json:"statusAddress,omitempty" toml:"statusAddress,omitempty" yaml:"statusAddress,omitempty" export:"true"` + NativeLBByDefault bool `description:"Defines whether to use Native Kubernetes load-balancing by default." json:"nativeLBByDefault,omitempty" toml:"nativeLBByDefault,omitempty" yaml:"nativeLBByDefault,omitempty" export:"true"` EntryPoints map[string]Entrypoint `json:"-" toml:"-" yaml:"-" label:"-" file:"-"` @@ -873,8 +874,8 @@ func (p *Provider) allowedNamespaces(gatewayNamespace string, routeNamespaces *g } type backendAddress struct { - Address string - Port int32 + IP string + Port int32 } func (p *Provider) getBackendAddresses(namespace string, ref gatev1.BackendRef) ([]backendAddress, corev1.ServicePort, error) { @@ -889,6 +890,9 @@ func (p *Provider) getBackendAddresses(namespace string, ref gatev1.BackendRef) if !exists { return nil, corev1.ServicePort{}, errors.New("service not found") } + if service.Spec.Type == corev1.ServiceTypeExternalName { + return nil, corev1.ServicePort{}, errors.New("type ExternalName is not supported for Kubernetes Service reference") + } var svcPort *corev1.ServicePort for _, p := range service.Spec.Ports { @@ -901,6 +905,22 @@ func (p *Provider) getBackendAddresses(namespace string, ref gatev1.BackendRef) return nil, corev1.ServicePort{}, fmt.Errorf("service port %d not found", *ref.Port) } + annotationsConfig, err := parseServiceAnnotations(service.Annotations) + if err != nil { + return nil, corev1.ServicePort{}, fmt.Errorf("parsing service annotations config: %w", err) + } + + if p.NativeLBByDefault || annotationsConfig.Service.NativeLB { + if service.Spec.ClusterIP == "" || service.Spec.ClusterIP == "None" { + return nil, corev1.ServicePort{}, fmt.Errorf("no clusterIP found for service: %s/%s", service.Namespace, service.Name) + } + + return []backendAddress{{ + IP: service.Spec.ClusterIP, + Port: svcPort.Port, + }}, *svcPort, nil + } + endpointSlices, err := p.client.ListEndpointSlicesForService(namespace, string(ref.Name)) if err != nil { return nil, corev1.ServicePort{}, fmt.Errorf("getting endpointslices: %w", err) @@ -935,8 +955,8 @@ func (p *Provider) getBackendAddresses(namespace string, ref gatev1.BackendRef) uniqAddresses[address] = struct{}{} backendServers = append(backendServers, backendAddress{ - Address: address, - Port: port, + IP: address, + Port: port, }) } } diff --git a/pkg/provider/kubernetes/gateway/kubernetes_test.go b/pkg/provider/kubernetes/gateway/kubernetes_test.go index 211381d751..e8929b639d 100644 --- a/pkg/provider/kubernetes/gateway/kubernetes_test.go +++ b/pkg/provider/kubernetes/gateway/kubernetes_test.go @@ -57,6 +57,7 @@ func TestLoadHTTPRoutes(t *testing.T) { expected *dynamic.Configuration entryPoints map[string]Entrypoint experimentalChannel bool + nativeLB bool }{ { desc: "Empty", @@ -2334,6 +2335,123 @@ func TestLoadHTTPRoutes(t *testing.T) { TLS: &dynamic.TLSConfiguration{}, }, }, + { + desc: "Simple HTTPRoute with NativeLBByDefault enabled", + paths: []string{"services.yml", "httproute/simple.yml"}, + nativeLB: true, + entryPoints: map[string]Entrypoint{"web": { + Address: ":80", + }}, + expected: &dynamic.Configuration{ + UDP: &dynamic.UDPConfiguration{ + Routers: map[string]*dynamic.UDPRouter{}, + Services: map[string]*dynamic.UDPService{}, + }, + TCP: &dynamic.TCPConfiguration{ + Routers: map[string]*dynamic.TCPRouter{}, + Middlewares: map[string]*dynamic.TCPMiddleware{}, + Services: map[string]*dynamic.TCPService{}, + ServersTransports: map[string]*dynamic.TCPServersTransport{}, + }, + HTTP: &dynamic.HTTPConfiguration{ + Routers: map[string]*dynamic.Router{ + "default-http-app-1-my-gateway-web-0-1c0cf64bde37d9d0df06": { + EntryPoints: []string{"web"}, + Service: "default-http-app-1-my-gateway-web-0-1c0cf64bde37d9d0df06-wrr", + Rule: "Host(`foo.com`) && Path(`/bar`)", + Priority: 100008, + RuleSyntax: "v3", + }, + }, + Middlewares: map[string]*dynamic.Middleware{}, + Services: map[string]*dynamic.Service{ + "default-http-app-1-my-gateway-web-0-1c0cf64bde37d9d0df06-wrr": { + Weighted: &dynamic.WeightedRoundRobin{ + Services: []dynamic.WRRService{ + { + Name: "default-whoami-80", + Weight: ptr.To(1), + }, + }, + }, + }, + "default-whoami-80": { + LoadBalancer: &dynamic.ServersLoadBalancer{ + Servers: []dynamic.Server{ + { + URL: "http://10.10.10.1:80", + }, + }, + PassHostHeader: ptr.To(true), + ResponseForwarding: &dynamic.ResponseForwarding{ + FlushInterval: ptypes.Duration(100 * time.Millisecond), + }, + }, + }, + }, + ServersTransports: map[string]*dynamic.ServersTransport{}, + }, + TLS: &dynamic.TLSConfiguration{}, + }, + }, + { + desc: "Simple HTTPRoute with NativeLB annotation", + paths: []string{"services.yml", "httproute/simple_nativelb.yml"}, + entryPoints: map[string]Entrypoint{"web": { + Address: ":80", + }}, + expected: &dynamic.Configuration{ + UDP: &dynamic.UDPConfiguration{ + Routers: map[string]*dynamic.UDPRouter{}, + Services: map[string]*dynamic.UDPService{}, + }, + TCP: &dynamic.TCPConfiguration{ + Routers: map[string]*dynamic.TCPRouter{}, + Middlewares: map[string]*dynamic.TCPMiddleware{}, + Services: map[string]*dynamic.TCPService{}, + ServersTransports: map[string]*dynamic.TCPServersTransport{}, + }, + HTTP: &dynamic.HTTPConfiguration{ + Routers: map[string]*dynamic.Router{ + "default-http-app-1-my-gateway-web-0-1c0cf64bde37d9d0df06": { + EntryPoints: []string{"web"}, + Service: "default-http-app-1-my-gateway-web-0-1c0cf64bde37d9d0df06-wrr", + Rule: "Host(`foo.com`) && Path(`/bar`)", + Priority: 100008, + RuleSyntax: "v3", + }, + }, + Middlewares: map[string]*dynamic.Middleware{}, + Services: map[string]*dynamic.Service{ + "default-http-app-1-my-gateway-web-0-1c0cf64bde37d9d0df06-wrr": { + Weighted: &dynamic.WeightedRoundRobin{ + Services: []dynamic.WRRService{ + { + Name: "default-whoami-native-80", + Weight: ptr.To(1), + }, + }, + }, + }, + "default-whoami-native-80": { + LoadBalancer: &dynamic.ServersLoadBalancer{ + Servers: []dynamic.Server{ + { + URL: "http://10.10.10.1:80", + }, + }, + PassHostHeader: ptr.To(true), + ResponseForwarding: &dynamic.ResponseForwarding{ + FlushInterval: ptypes.Duration(100 * time.Millisecond), + }, + }, + }, + }, + ServersTransports: map[string]*dynamic.ServersTransport{}, + }, + TLS: &dynamic.TLSConfiguration{}, + }, + }, } for _, test := range testCases { @@ -2363,6 +2481,7 @@ func TestLoadHTTPRoutes(t *testing.T) { p := Provider{ EntryPoints: test.entryPoints, ExperimentalChannel: test.experimentalChannel, + NativeLBByDefault: test.nativeLB, client: client, } @@ -3078,6 +3197,7 @@ func TestLoadTCPRoutes(t *testing.T) { paths []string expected *dynamic.Configuration entryPoints map[string]Entrypoint + nativeLB bool }{ { desc: "Empty", @@ -3826,6 +3946,113 @@ func TestLoadTCPRoutes(t *testing.T) { TLS: &dynamic.TLSConfiguration{}, }, }, + { + desc: "Simple TCPRoute with NativeLBByDefault", + paths: []string{"services.yml", "tcproute/simple.yml"}, + nativeLB: true, + entryPoints: map[string]Entrypoint{ + "tcp": {Address: ":9000"}, + }, + expected: &dynamic.Configuration{ + UDP: &dynamic.UDPConfiguration{ + Routers: map[string]*dynamic.UDPRouter{}, + Services: map[string]*dynamic.UDPService{}, + }, + TCP: &dynamic.TCPConfiguration{ + Routers: map[string]*dynamic.TCPRouter{ + "default-tcp-app-1-my-tcp-gateway-tcp-0-e3b0c44298fc1c149afb": { + EntryPoints: []string{"tcp"}, + Service: "default-tcp-app-1-my-tcp-gateway-tcp-0-e3b0c44298fc1c149afb-wrr", + Rule: "HostSNI(`*`)", + RuleSyntax: "v3", + }, + }, + Middlewares: map[string]*dynamic.TCPMiddleware{}, + Services: map[string]*dynamic.TCPService{ + "default-tcp-app-1-my-tcp-gateway-tcp-0-e3b0c44298fc1c149afb-wrr": { + Weighted: &dynamic.TCPWeightedRoundRobin{ + Services: []dynamic.TCPWRRService{ + { + Name: "default-whoamitcp-9000", + Weight: ptr.To(1), + }, + }, + }, + }, + "default-whoamitcp-9000": { + LoadBalancer: &dynamic.TCPServersLoadBalancer{ + Servers: []dynamic.TCPServer{ + { + Address: "10.10.10.1:9000", + }, + }, + }, + }, + }, + ServersTransports: map[string]*dynamic.TCPServersTransport{}, + }, + HTTP: &dynamic.HTTPConfiguration{ + Routers: map[string]*dynamic.Router{}, + Middlewares: map[string]*dynamic.Middleware{}, + Services: map[string]*dynamic.Service{}, + ServersTransports: map[string]*dynamic.ServersTransport{}, + }, + TLS: &dynamic.TLSConfiguration{}, + }, + }, + { + desc: "Simple TCPRoute with NativeLB annotation", + paths: []string{"services.yml", "tcproute/simple_nativelb.yml"}, + entryPoints: map[string]Entrypoint{ + "tcp": {Address: ":9000"}, + }, + expected: &dynamic.Configuration{ + UDP: &dynamic.UDPConfiguration{ + Routers: map[string]*dynamic.UDPRouter{}, + Services: map[string]*dynamic.UDPService{}, + }, + TCP: &dynamic.TCPConfiguration{ + Routers: map[string]*dynamic.TCPRouter{ + "default-tcp-app-1-my-tcp-gateway-tcp-0-e3b0c44298fc1c149afb": { + EntryPoints: []string{"tcp"}, + Service: "default-tcp-app-1-my-tcp-gateway-tcp-0-e3b0c44298fc1c149afb-wrr", + Rule: "HostSNI(`*`)", + RuleSyntax: "v3", + }, + }, + Middlewares: map[string]*dynamic.TCPMiddleware{}, + Services: map[string]*dynamic.TCPService{ + "default-tcp-app-1-my-tcp-gateway-tcp-0-e3b0c44298fc1c149afb-wrr": { + Weighted: &dynamic.TCPWeightedRoundRobin{ + Services: []dynamic.TCPWRRService{ + { + Name: "default-whoamitcp-native-9000", + Weight: ptr.To(1), + }, + }, + }, + }, + "default-whoamitcp-native-9000": { + LoadBalancer: &dynamic.TCPServersLoadBalancer{ + Servers: []dynamic.TCPServer{ + { + Address: "10.10.10.1:9000", + }, + }, + }, + }, + }, + ServersTransports: map[string]*dynamic.TCPServersTransport{}, + }, + HTTP: &dynamic.HTTPConfiguration{ + Routers: map[string]*dynamic.Router{}, + Middlewares: map[string]*dynamic.Middleware{}, + Services: map[string]*dynamic.Service{}, + ServersTransports: map[string]*dynamic.ServersTransport{}, + }, + TLS: &dynamic.TLSConfiguration{}, + }, + }, } for _, test := range testCases { @@ -3854,6 +4081,7 @@ func TestLoadTCPRoutes(t *testing.T) { p := Provider{ EntryPoints: test.entryPoints, + NativeLBByDefault: test.nativeLB, ExperimentalChannel: true, client: client, } @@ -3869,8 +4097,9 @@ func TestLoadTLSRoutes(t *testing.T) { desc string ingressClass string paths []string - expected *dynamic.Configuration entryPoints map[string]Entrypoint + nativeLB bool + expected *dynamic.Configuration }{ { desc: "Empty", @@ -4975,6 +5204,119 @@ func TestLoadTLSRoutes(t *testing.T) { TLS: &dynamic.TLSConfiguration{}, }, }, + { + desc: "Simple TLSRoute with NativeLBByDefault", + paths: []string{"services.yml", "tlsroute/simple_TLS_to_TLSRoute.yml"}, + nativeLB: true, + entryPoints: map[string]Entrypoint{ + "tcp": {Address: ":9000"}, + }, + expected: &dynamic.Configuration{ + UDP: &dynamic.UDPConfiguration{ + Routers: map[string]*dynamic.UDPRouter{}, + Services: map[string]*dynamic.UDPService{}, + }, + TCP: &dynamic.TCPConfiguration{ + Routers: map[string]*dynamic.TCPRouter{ + "default-tls-app-1-my-tls-gateway-tcp-0-e3b0c44298fc1c149afb": { + EntryPoints: []string{"tcp"}, + Service: "default-tls-app-1-my-tls-gateway-tcp-0-e3b0c44298fc1c149afb-wrr", + Rule: "HostSNI(`foo.example.com`)", + RuleSyntax: "v3", + TLS: &dynamic.RouterTCPTLSConfig{ + Passthrough: true, + }, + }, + }, + Middlewares: map[string]*dynamic.TCPMiddleware{}, + Services: map[string]*dynamic.TCPService{ + "default-tls-app-1-my-tls-gateway-tcp-0-e3b0c44298fc1c149afb-wrr": { + Weighted: &dynamic.TCPWeightedRoundRobin{ + Services: []dynamic.TCPWRRService{ + { + Name: "default-whoamitcp-9000", + Weight: ptr.To(1), + }, + }, + }, + }, + "default-whoamitcp-9000": { + LoadBalancer: &dynamic.TCPServersLoadBalancer{ + Servers: []dynamic.TCPServer{ + { + Address: "10.10.10.1:9000", + }, + }, + }, + }, + }, + ServersTransports: map[string]*dynamic.TCPServersTransport{}, + }, + HTTP: &dynamic.HTTPConfiguration{ + Routers: map[string]*dynamic.Router{}, + Middlewares: map[string]*dynamic.Middleware{}, + Services: map[string]*dynamic.Service{}, + ServersTransports: map[string]*dynamic.ServersTransport{}, + }, + TLS: &dynamic.TLSConfiguration{}, + }, + }, + { + desc: "Simple TLSRoute with NativeLB annotation", + paths: []string{"services.yml", "tlsroute/simple_nativelb.yml"}, + entryPoints: map[string]Entrypoint{ + "tcp": {Address: ":9000"}, + }, + expected: &dynamic.Configuration{ + UDP: &dynamic.UDPConfiguration{ + Routers: map[string]*dynamic.UDPRouter{}, + Services: map[string]*dynamic.UDPService{}, + }, + TCP: &dynamic.TCPConfiguration{ + Routers: map[string]*dynamic.TCPRouter{ + "default-tls-app-1-my-tls-gateway-tcp-0-e3b0c44298fc1c149afb": { + EntryPoints: []string{"tcp"}, + Service: "default-tls-app-1-my-tls-gateway-tcp-0-e3b0c44298fc1c149afb-wrr", + Rule: "HostSNI(`foo.example.com`)", + RuleSyntax: "v3", + TLS: &dynamic.RouterTCPTLSConfig{ + Passthrough: true, + }, + }, + }, + Middlewares: map[string]*dynamic.TCPMiddleware{}, + Services: map[string]*dynamic.TCPService{ + "default-tls-app-1-my-tls-gateway-tcp-0-e3b0c44298fc1c149afb-wrr": { + Weighted: &dynamic.TCPWeightedRoundRobin{ + Services: []dynamic.TCPWRRService{ + { + Name: "default-whoamitcp-native-9000", + Weight: ptr.To(1), + }, + }, + }, + }, + "default-whoamitcp-native-9000": { + LoadBalancer: &dynamic.TCPServersLoadBalancer{ + Servers: []dynamic.TCPServer{ + { + Address: "10.10.10.1:9000", + }, + }, + }, + }, + }, + ServersTransports: map[string]*dynamic.TCPServersTransport{}, + }, + HTTP: &dynamic.HTTPConfiguration{ + Routers: map[string]*dynamic.Router{}, + Middlewares: map[string]*dynamic.Middleware{}, + Services: map[string]*dynamic.Service{}, + ServersTransports: map[string]*dynamic.ServersTransport{}, + }, + TLS: &dynamic.TLSConfiguration{}, + }, + }, } for _, test := range testCases { @@ -5003,6 +5345,7 @@ func TestLoadTLSRoutes(t *testing.T) { p := Provider{ EntryPoints: test.entryPoints, + NativeLBByDefault: test.nativeLB, ExperimentalChannel: true, client: client, } diff --git a/pkg/provider/kubernetes/gateway/tcproute.go b/pkg/provider/kubernetes/gateway/tcproute.go index 6d7cfb8a48..90e98b8aea 100644 --- a/pkg/provider/kubernetes/gateway/tcproute.go +++ b/pkg/provider/kubernetes/gateway/tcproute.go @@ -286,7 +286,7 @@ func (p *Provider) loadTCPServers(namespace string, route *gatev1alpha2.TCPRoute for _, ba := range backendAddresses { lb.Servers = append(lb.Servers, dynamic.TCPServer{ - Address: net.JoinHostPort(ba.Address, strconv.Itoa(int(ba.Port))), + Address: net.JoinHostPort(ba.IP, strconv.Itoa(int(ba.Port))), }) } return lb, nil diff --git a/pkg/provider/kubernetes/gateway/tlsroute.go b/pkg/provider/kubernetes/gateway/tlsroute.go index bf6f437580..ea3a54270f 100644 --- a/pkg/provider/kubernetes/gateway/tlsroute.go +++ b/pkg/provider/kubernetes/gateway/tlsroute.go @@ -289,7 +289,7 @@ func (p *Provider) loadTLSServers(namespace string, route *gatev1alpha2.TLSRoute for _, ba := range backendAddresses { lb.Servers = append(lb.Servers, dynamic.TCPServer{ // TODO determine whether the servers needs TLS, from the port? - Address: net.JoinHostPort(ba.Address, strconv.Itoa(int(ba.Port))), + Address: net.JoinHostPort(ba.IP, strconv.Itoa(int(ba.Port))), }) } return lb, nil From 518caa79f96c8b581e8d4ef21b57499e213a155b Mon Sep 17 00:00:00 2001 From: Kevin Pollet Date: Wed, 2 Oct 2024 11:10:04 +0200 Subject: [PATCH 11/13] Prepare release v2.11.11 --- CHANGELOG.md | 14 ++++++++++++++ script/gcg/traefik-bugfix.toml | 6 +++--- 2 files changed, 17 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7cca4f6a1e..c660fa3b9a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,17 @@ +## [v2.11.11](https://github.com/traefik/traefik/tree/v2.11.11) (2024-10-02) +[All Commits](https://github.com/traefik/traefik/compare/v2.11.10...v2.11.11) + +**Bug fixes:** +- **[acme]** Ensure defaultGeneratedCert.main as Subject's CN ([#10581](https://github.com/traefik/traefik/pull/10581) by [Lamatte](https://github.com/Lamatte)) +- **[middleware,authentication]** Clean connection headers for forward auth request only ([#11095](https://github.com/traefik/traefik/pull/11095) by [rtribotte](https://github.com/rtribotte)) +- **[middleware]** Bump github.com/klauspost/compress to 8e14b1b5a913 ([#11141](https://github.com/traefik/traefik/pull/11141) by [kevinpollet](https://github.com/kevinpollet)) +- **[server]** Rework condition to not log on timeout ([#11133](https://github.com/traefik/traefik/pull/11133) by [rtribotte](https://github.com/rtribotte)) +- **[webui]** Remove unused boot files from webui ([#11109](https://github.com/traefik/traefik/pull/11109) by [michelheusschen](https://github.com/michelheusschen)) + +**Documentation:** +- **[accesslogs]** Specify default format value for access log ([#11130](https://github.com/traefik/traefik/pull/11130) by [darkweaver87](https://github.com/darkweaver87)) +- **[api]** Update API documentation to mention pagination ([#11115](https://github.com/traefik/traefik/pull/11115) by [lyrandy](https://github.com/lyrandy)) + ## [v2.11.10](https://github.com/traefik/traefik/tree/v2.11.10) (2024-09-19) [All Commits](https://github.com/traefik/traefik/compare/v2.11.9...v2.11.10) diff --git a/script/gcg/traefik-bugfix.toml b/script/gcg/traefik-bugfix.toml index b2a7f7401c..8522d893fa 100644 --- a/script/gcg/traefik-bugfix.toml +++ b/script/gcg/traefik-bugfix.toml @@ -4,11 +4,11 @@ RepositoryName = "traefik" OutputType = "file" FileName = "traefik_changelog.md" -# example new bugfix v2.11.10 +# example new bugfix v2.11.11 CurrentRef = "v2.11" -PreviousRef = "v2.11.9" +PreviousRef = "v2.11.10" BaseBranch = "v2.11" -FutureCurrentRefName = "v2.11.10" +FutureCurrentRefName = "v2.11.11" ThresholdPreviousRef = 10 ThresholdCurrentRef = 10 From a2ab3e534dfa9775e0809e0c5d754f48979925fd Mon Sep 17 00:00:00 2001 From: Kevin Pollet Date: Wed, 2 Oct 2024 14:42:05 +0200 Subject: [PATCH 12/13] Prepare release v3.1.5 --- CHANGELOG.md | 9 +++++++++ script/gcg/traefik-bugfix.toml | 6 +++--- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b593061697..4d6d15b2e6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,12 @@ +## [v3.1.5](https://github.com/traefik/traefik/tree/v3.1.5) (2024-10-02) +[All Commits](https://github.com/traefik/traefik/compare/v3.1.4...v3.1.5) + +**Bug fixes:** +- **[k8s/ingress,k8s]** Disable IngressClass lookup when disableClusterScopeResources is enabled ([#11111](https://github.com/traefik/traefik/pull/11111) by [jnoordsij](https://github.com/jnoordsij)) +- **[server]** Rework condition to not log on timeout ([#11132](https://github.com/traefik/traefik/pull/11132) by [rtribotte](https://github.com/rtribotte)) +- Merge branch v2.11 into v3.1 ([#11149](https://github.com/traefik/traefik/pull/11149) by [kevinpollet](https://github.com/kevinpollet)) +- Merge branch v2.11 into v3.1 ([#11142](https://github.com/traefik/traefik/pull/11142) by [rtribotte](https://github.com/rtribotte)) + ## [v2.11.11](https://github.com/traefik/traefik/tree/v2.11.11) (2024-10-02) [All Commits](https://github.com/traefik/traefik/compare/v2.11.10...v2.11.11) diff --git a/script/gcg/traefik-bugfix.toml b/script/gcg/traefik-bugfix.toml index 56b36a3df9..9e3667318d 100644 --- a/script/gcg/traefik-bugfix.toml +++ b/script/gcg/traefik-bugfix.toml @@ -4,11 +4,11 @@ RepositoryName = "traefik" OutputType = "file" FileName = "traefik_changelog.md" -# example new bugfix v3.1.4 +# example new bugfix v3.1.5 CurrentRef = "v3.1" -PreviousRef = "v3.1.3" +PreviousRef = "v3.1.4" BaseBranch = "v3.1" -FutureCurrentRefName = "v3.1.4" +FutureCurrentRefName = "v3.1.5" ThresholdPreviousRef = 10 ThresholdCurrentRef = 10 From a7502c8700e111963b2b52fb0d25c0128fb0c05a Mon Sep 17 00:00:00 2001 From: Romain Date: Wed, 2 Oct 2024 16:24:04 +0200 Subject: [PATCH 13/13] Prepare Release v3.2.0-rc1 --- .semaphore/semaphore.yml | 2 +- CHANGELOG.md | 28 ++++ .../getting-started/configuration-overview.md | 2 +- .../getting-started/install-traefik.md | 8 +- .../quick-start-with-kubernetes.md | 2 +- docs/content/getting-started/quick-start.md | 2 +- docs/content/observability/access-logs.md | 2 +- docs/content/providers/docker.md | 2 +- docs/content/providers/kubernetes-crd.md | 4 +- docs/content/providers/kubernetes-gateway.md | 2 +- docs/content/providers/kubernetes-ingress.md | 2 +- docs/content/providers/swarm.md | 2 +- .../kubernetes-crd-definition-v1.yml | 142 +++++++++--------- .../kubernetes-gateway-traefik-lb-svc.yml | 2 +- .../traefik.io_ingressroutes.yaml | 28 ++-- .../traefik.io_ingressroutetcps.yaml | 18 +-- .../traefik.io_ingressrouteudps.yaml | 2 +- .../traefik.io_middlewares.yaml | 64 ++++---- .../traefik.io_middlewaretcps.yaml | 6 +- .../traefik.io_serverstransports.yaml | 2 +- .../traefik.io_serverstransporttcps.yaml | 2 +- .../traefik.io_tlsoptions.yaml | 8 +- .../traefik.io_tlsstores.yaml | 2 +- .../traefik.io_traefikservices.yaml | 10 +- .../routing/providers/kubernetes-crd.md | 2 +- .../routing/providers/kubernetes-ingress.md | 6 +- .../user-guides/crd-acme/03-deployments.yml | 2 +- docs/content/user-guides/crd-acme/index.md | 12 +- docs/content/user-guides/crd-acme/k3s.yml | 2 +- .../acme-dns/docker-compose.yml | 2 +- .../acme-dns/docker-compose_secrets.yml | 2 +- .../acme-http/docker-compose.yml | 2 +- .../acme-tls/docker-compose.yml | 2 +- .../basic-example/docker-compose.yml | 2 +- .../docker-compose/basic-example/index.md | 2 +- integration/fixtures/k8s/01-traefik-crd.yml | 142 +++++++++--------- pkg/cli/deprecation.go | 48 +++--- pkg/config/dynamic/middlewares.go | 48 +++--- pkg/config/dynamic/tcp_config.go | 2 +- pkg/config/dynamic/tcp_middlewares.go | 4 +- .../crd/traefikio/v1alpha1/ingressroute.go | 30 ++-- .../crd/traefikio/v1alpha1/ingressroutetcp.go | 20 +-- .../crd/traefikio/v1alpha1/ingressrouteudp.go | 2 +- .../crd/traefikio/v1alpha1/middleware.go | 26 ++-- .../crd/traefikio/v1alpha1/middlewaretcp.go | 6 +- .../traefikio/v1alpha1/serverstransport.go | 2 +- .../traefikio/v1alpha1/serverstransporttcp.go | 2 +- .../crd/traefikio/v1alpha1/service.go | 8 +- .../crd/traefikio/v1alpha1/tlsoption.go | 8 +- .../crd/traefikio/v1alpha1/tlsstore.go | 2 +- script/gcg/traefik-rc-first.toml | 6 +- 51 files changed, 382 insertions(+), 354 deletions(-) diff --git a/.semaphore/semaphore.yml b/.semaphore/semaphore.yml index 57b9fc70d2..7872e7f51b 100644 --- a/.semaphore/semaphore.yml +++ b/.semaphore/semaphore.yml @@ -46,7 +46,7 @@ blocks: - name: GH_VERSION value: 2.32.1 - name: CODENAME - value: "comte" + value: "munster" prologue: commands: - export VERSION=${SEMAPHORE_GIT_TAG_NAME} diff --git a/CHANGELOG.md b/CHANGELOG.md index 4d6d15b2e6..c921652b1d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,31 @@ +## [v3.2.0-rc1](https://github.com/traefik/traefik/tree/v3.2.0-rc1) (2024-10-02) +[All Commits](https://github.com/traefik/traefik/compare/v3.1.0-rc1...v3.2.0-rc1) + +**Enhancements:** +- **[acme]** Remove same email requirement for certresolvers ([#11019](https://github.com/traefik/traefik/pull/11019) by [Emrio](https://github.com/Emrio)) +- **[acme]** Add support for custom CA certificates by certificate resolver ([#10816](https://github.com/traefik/traefik/pull/10816) by [ldez](https://github.com/ldez)) +- **[acme]** Add 30 day certificatesDuration step ([#10970](https://github.com/traefik/traefik/pull/10970) by [luker983](https://github.com/luker983)) +- **[docker]** Support HTTP BasicAuth for docker and swarm endpoint ([#10776](https://github.com/traefik/traefik/pull/10776) by [985492783](https://github.com/985492783)) +- **[k8s,k8s/gatewayapi]** Add supported features to the Gateway API GatewayClass status ([#11056](https://github.com/traefik/traefik/pull/11056) by [rtribotte](https://github.com/rtribotte)) +- **[k8s,k8s/gatewayapi]** Update sigs.k8s.io/gateway-api to v1.2.0-rc1 ([#11124](https://github.com/traefik/traefik/pull/11124) by [rtribotte](https://github.com/rtribotte)) +- **[k8s,k8s/gatewayapi]** Add support for backend protocol selection in HTTP and GRPC routes ([#11051](https://github.com/traefik/traefik/pull/11051) by [rtribotte](https://github.com/rtribotte)) +- **[k8s,k8s/gatewayapi]** Improve Kubernetes GatewayAPI TCPRoute and TLSRoute support ([#11042](https://github.com/traefik/traefik/pull/11042) by [rtribotte](https://github.com/rtribotte)) +- **[k8s,k8s/gatewayapi]** Support HTTPRoute destination port matching ([#11134](https://github.com/traefik/traefik/pull/11134) by [kevinpollet](https://github.com/kevinpollet)) +- **[k8s,k8s/gatewayapi]** Bump sigs.k8s.io/gateway-api to v1.2.0-rc2 ([#11131](https://github.com/traefik/traefik/pull/11131) by [kevinpollet](https://github.com/kevinpollet)) +- **[k8s,k8s/gatewayapi]** Add support for Gateway API BackendTLSPolicies ([#11009](https://github.com/traefik/traefik/pull/11009) by [rtribotte](https://github.com/rtribotte)) +- **[k8s,k8s/gatewayapi]** Support NativeLB option in GatewayAPI provider ([#11147](https://github.com/traefik/traefik/pull/11147) by [rtribotte](https://github.com/rtribotte)) +- **[k8s,k8s/gatewayapi]** Support ResponseHeaderModifier filter ([#10987](https://github.com/traefik/traefik/pull/10987) by [kevinpollet](https://github.com/kevinpollet)) +- **[k8s,k8s/gatewayapi]** Support GRPC routes ([#10975](https://github.com/traefik/traefik/pull/10975) by [kevinpollet](https://github.com/kevinpollet)) +- **[metrics,otel]** Allow setting service.name for OTLP metrics ([#10917](https://github.com/traefik/traefik/pull/10917) by [cmartell-at-ocp](https://github.com/cmartell-at-ocp)) +- **[middleware,accesslogs]** Record trace id and EntryPoint span id into access log ([#10921](https://github.com/traefik/traefik/pull/10921) by [weijiany](https://github.com/weijiany)) +- **[middleware,authentication]** Support LogUserHeader with forwardAuth middleware ([#10833](https://github.com/traefik/traefik/pull/10833) by [GaleHuang](https://github.com/GaleHuang)) +- **[middleware]** Add encodings option to the compression middleware ([#10943](https://github.com/traefik/traefik/pull/10943) by [wollomatic](https://github.com/wollomatic)) +- **[middleware]** Add support for ipv6 subnet in ipStrategy ([#9747](https://github.com/traefik/traefik/pull/9747) by [michal-kralik](https://github.com/michal-kralik)) +- **[nomad]** Support for watching instead of polling Nomad ([#10997](https://github.com/traefik/traefik/pull/10997) by [deverton-godaddy](https://github.com/deverton-godaddy)) +- **[server,performance]** Introduce a fast proxy mode to improve HTTP/1.1 performances with backends ([#11122](https://github.com/traefik/traefik/pull/11122) by [kevinpollet](https://github.com/kevinpollet)) +- **[server]** Configurable max request header size ([#10995](https://github.com/traefik/traefik/pull/10995) by [lucasrod16](https://github.com/lucasrod16)) +- **[service]** Add mirrorBody option to HTTP mirroring ([#11032](https://github.com/traefik/traefik/pull/11032) by [MatteoPaier](https://github.com/MatteoPaier)) + ## [v3.1.5](https://github.com/traefik/traefik/tree/v3.1.5) (2024-10-02) [All Commits](https://github.com/traefik/traefik/compare/v3.1.4...v3.1.5) diff --git a/docs/content/getting-started/configuration-overview.md b/docs/content/getting-started/configuration-overview.md index 196a2607a5..062cfb7153 100644 --- a/docs/content/getting-started/configuration-overview.md +++ b/docs/content/getting-started/configuration-overview.md @@ -79,7 +79,7 @@ traefik --help # or docker run traefik[:version] --help -# ex: docker run traefik:v3.1 --help +# ex: docker run traefik:v3.2 --help ``` Check the [CLI reference](../reference/static-configuration/cli.md "Link to CLI reference overview") for an overview about all available arguments. diff --git a/docs/content/getting-started/install-traefik.md b/docs/content/getting-started/install-traefik.md index 15634aecd7..1fb52caba0 100644 --- a/docs/content/getting-started/install-traefik.md +++ b/docs/content/getting-started/install-traefik.md @@ -16,12 +16,12 @@ You can install Traefik with the following flavors: Choose one of the [official Docker images](https://hub.docker.com/_/traefik) and run it with one sample configuration file: -* [YAML](https://raw.githubusercontent.com/traefik/traefik/v3.1/traefik.sample.yml) -* [TOML](https://raw.githubusercontent.com/traefik/traefik/v3.1/traefik.sample.toml) +* [YAML](https://raw.githubusercontent.com/traefik/traefik/v3.2/traefik.sample.yml) +* [TOML](https://raw.githubusercontent.com/traefik/traefik/v3.2/traefik.sample.toml) ```shell docker run -d -p 8080:8080 -p 80:80 \ - -v $PWD/traefik.yml:/etc/traefik/traefik.yml traefik:v3.1 + -v $PWD/traefik.yml:/etc/traefik/traefik.yml traefik:v3.2 ``` For more details, go to the [Docker provider documentation](../providers/docker.md) @@ -29,7 +29,7 @@ For more details, go to the [Docker provider documentation](../providers/docker. !!! tip * Prefer a fixed version than the latest that could be an unexpected version. - ex: `traefik:v3.1` + ex: `traefik:v3.2` * Docker images are based from the [Alpine Linux Official image](https://hub.docker.com/_/alpine). * Any orchestrator using docker images can fetch the official Traefik docker image. diff --git a/docs/content/getting-started/quick-start-with-kubernetes.md b/docs/content/getting-started/quick-start-with-kubernetes.md index c371f0072f..ee7bd38c7e 100644 --- a/docs/content/getting-started/quick-start-with-kubernetes.md +++ b/docs/content/getting-started/quick-start-with-kubernetes.md @@ -154,7 +154,7 @@ spec: serviceAccountName: traefik-account containers: - name: traefik - image: traefik:v3.1 + image: traefik:v3.2 args: - --api.insecure - --providers.kubernetesingress diff --git a/docs/content/getting-started/quick-start.md b/docs/content/getting-started/quick-start.md index 8a60efd5b3..350a57d1fd 100644 --- a/docs/content/getting-started/quick-start.md +++ b/docs/content/getting-started/quick-start.md @@ -20,7 +20,7 @@ version: '3' services: reverse-proxy: # The official v3 Traefik docker image - image: traefik:v3.1 + image: traefik:v3.2 # Enables the web UI and tells Traefik to listen to docker command: --api.insecure=true --providers.docker ports: diff --git a/docs/content/observability/access-logs.md b/docs/content/observability/access-logs.md index 7f520600bd..956b5678b9 100644 --- a/docs/content/observability/access-logs.md +++ b/docs/content/observability/access-logs.md @@ -279,7 +279,7 @@ version: "3.7" services: traefik: - image: traefik:v3.1 + image: traefik:v3.2 environment: - TZ=US/Alaska command: diff --git a/docs/content/providers/docker.md b/docs/content/providers/docker.md index f5d9a737b6..d2ffed6c53 100644 --- a/docs/content/providers/docker.md +++ b/docs/content/providers/docker.md @@ -166,7 +166,7 @@ See the [Docker API Access](#docker-api-access) section for more information. services: traefik: - image: traefik:v3.1 # The official v3 Traefik docker image + image: traefik:v3.2 # The official v3 Traefik docker image ports: - "80:80" volumes: diff --git a/docs/content/providers/kubernetes-crd.md b/docs/content/providers/kubernetes-crd.md index 7a710facf0..bb213c7876 100644 --- a/docs/content/providers/kubernetes-crd.md +++ b/docs/content/providers/kubernetes-crd.md @@ -31,10 +31,10 @@ the Traefik engineering team developed a [Custom Resource Definition](https://ku ```bash # Install Traefik Resource Definitions: - kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml + kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.2/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml # Install RBAC for Traefik: - kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml + kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.2/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml ``` ## Resource Configuration diff --git a/docs/content/providers/kubernetes-gateway.md b/docs/content/providers/kubernetes-gateway.md index e6afcc404b..4dc368c508 100644 --- a/docs/content/providers/kubernetes-gateway.md +++ b/docs/content/providers/kubernetes-gateway.md @@ -34,7 +34,7 @@ For more details, check out the conformance [report](https://github.com/kubernet ```bash # Install Traefik RBACs. - kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/content/reference/dynamic-configuration/kubernetes-gateway-rbac.yml + kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.2/docs/content/reference/dynamic-configuration/kubernetes-gateway-rbac.yml ``` 3. Deploy Traefik and enable the `kubernetesGateway` provider in the static configuration as detailed below: diff --git a/docs/content/providers/kubernetes-ingress.md b/docs/content/providers/kubernetes-ingress.md index 20e7457c94..f57ccfdfcb 100644 --- a/docs/content/providers/kubernetes-ingress.md +++ b/docs/content/providers/kubernetes-ingress.md @@ -526,6 +526,6 @@ providers: ### Further To learn more about the various aspects of the Ingress specification that Traefik supports, -many examples of Ingresses definitions are located in the test [examples](https://github.com/traefik/traefik/tree/v3.1/pkg/provider/kubernetes/ingress/fixtures) of the Traefik repository. +many examples of Ingresses definitions are located in the test [examples](https://github.com/traefik/traefik/tree/v3.2/pkg/provider/kubernetes/ingress/fixtures) of the Traefik repository. {!traefik-for-business-applications.md!} diff --git a/docs/content/providers/swarm.md b/docs/content/providers/swarm.md index 427e54af97..9220580a73 100644 --- a/docs/content/providers/swarm.md +++ b/docs/content/providers/swarm.md @@ -212,7 +212,7 @@ See the [Docker Swarm API Access](#docker-api-access) section for more informati services: traefik: - image: traefik:v3.1 # The official v3 Traefik docker image + image: traefik:v3.2 # The official v3 Traefik docker image ports: - "80:80" volumes: diff --git a/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml b/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml index 226d4a2f25..042feaaf8a 100644 --- a/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml +++ b/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml @@ -43,7 +43,7 @@ spec: description: |- EntryPoints defines the list of entry point names to bind to. Entry points have to be configured in the static configuration. - More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/ + More info: https://doc.traefik.io/traefik/v3.2/routing/entrypoints/ Default: all. items: type: string @@ -63,12 +63,12 @@ spec: match: description: |- Match defines the router's rule. - More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rule + More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rule type: string middlewares: description: |- Middlewares defines the list of references to Middleware resources. - More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-middleware + More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-middleware items: description: MiddlewareRef is a reference to a Middleware resource. @@ -88,7 +88,7 @@ spec: priority: description: |- Priority defines the router's priority. - More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#priority + More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#priority type: integer services: description: |- @@ -229,7 +229,7 @@ spec: sticky: description: |- Sticky defines the sticky sessions configuration. - More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions + More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions properties: cookie: description: Cookie defines the sticky cookie configuration. @@ -277,7 +277,7 @@ spec: syntax: description: |- Syntax defines the router's rule syntax. - More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rulesyntax + More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rulesyntax type: string required: - kind @@ -287,18 +287,18 @@ spec: tls: description: |- TLS defines the TLS configuration. - More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#tls + More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#tls properties: certResolver: description: |- CertResolver defines the name of the certificate resolver to use. Cert resolvers have to be configured in the static configuration. - More info: https://doc.traefik.io/traefik/v3.1/https/acme/#certificate-resolvers + More info: https://doc.traefik.io/traefik/v3.2/https/acme/#certificate-resolvers type: string domains: description: |- Domains defines the list of domains that will be used to issue certificates. - More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#domains + More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#domains items: description: Domain holds a domain name with SANs. properties: @@ -317,17 +317,17 @@ spec: description: |- Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection. If not defined, the `default` TLSOption is used. - More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options + More info: https://doc.traefik.io/traefik/v3.2/https/tls/#tls-options properties: name: description: |- Name defines the name of the referenced TLSOption. - More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsoption + More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsoption type: string namespace: description: |- Namespace defines the namespace of the referenced TLSOption. - More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsoption + More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsoption type: string required: - name @@ -344,12 +344,12 @@ spec: name: description: |- Name defines the name of the referenced TLSStore. - More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsstore + More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsstore type: string namespace: description: |- Namespace defines the namespace of the referenced TLSStore. - More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsstore + More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsstore type: string required: - name @@ -409,7 +409,7 @@ spec: description: |- EntryPoints defines the list of entry point names to bind to. Entry points have to be configured in the static configuration. - More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/ + More info: https://doc.traefik.io/traefik/v3.2/routing/entrypoints/ Default: all. items: type: string @@ -422,7 +422,7 @@ spec: match: description: |- Match defines the router's rule. - More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rule_1 + More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rule_1 type: string middlewares: description: Middlewares defines the list of references to MiddlewareTCP @@ -446,7 +446,7 @@ spec: priority: description: |- Priority defines the router's priority. - More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#priority_1 + More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#priority_1 type: integer services: description: Services defines the list of TCP services. @@ -487,7 +487,7 @@ spec: proxyProtocol: description: |- ProxyProtocol defines the PROXY protocol configuration. - More info: https://doc.traefik.io/traefik/v3.1/routing/services/#proxy-protocol + More info: https://doc.traefik.io/traefik/v3.2/routing/services/#proxy-protocol properties: version: description: Version defines the PROXY Protocol version @@ -525,7 +525,7 @@ spec: syntax: description: |- Syntax defines the router's rule syntax. - More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rulesyntax_1 + More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rulesyntax_1 type: string required: - match @@ -534,18 +534,18 @@ spec: tls: description: |- TLS defines the TLS configuration on a layer 4 / TCP Route. - More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#tls_1 + More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#tls_1 properties: certResolver: description: |- CertResolver defines the name of the certificate resolver to use. Cert resolvers have to be configured in the static configuration. - More info: https://doc.traefik.io/traefik/v3.1/https/acme/#certificate-resolvers + More info: https://doc.traefik.io/traefik/v3.2/https/acme/#certificate-resolvers type: string domains: description: |- Domains defines the list of domains that will be used to issue certificates. - More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#domains + More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#domains items: description: Domain holds a domain name with SANs. properties: @@ -564,7 +564,7 @@ spec: description: |- Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection. If not defined, the `default` TLSOption is used. - More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options + More info: https://doc.traefik.io/traefik/v3.2/https/tls/#tls-options properties: name: description: Name defines the name of the referenced Traefik @@ -656,7 +656,7 @@ spec: description: |- EntryPoints defines the list of entry point names to bind to. Entry points have to be configured in the static configuration. - More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/ + More info: https://doc.traefik.io/traefik/v3.2/routing/entrypoints/ Default: all. items: type: string @@ -743,7 +743,7 @@ spec: openAPIV3Schema: description: |- Middleware is the CRD implementation of a Traefik Middleware. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/overview/ + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/overview/ properties: apiVersion: description: |- @@ -769,7 +769,7 @@ spec: description: |- AddPrefix holds the add prefix middleware configuration. This middleware updates the path of a request before forwarding it. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/addprefix/ + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/addprefix/ properties: prefix: description: |- @@ -781,12 +781,12 @@ spec: description: |- BasicAuth holds the basic auth middleware configuration. This middleware restricts access to your services to known users. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/ + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/ properties: headerField: description: |- HeaderField defines a header field to store the authenticated user. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/#headerfield + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/#headerfield type: string realm: description: |- @@ -807,7 +807,7 @@ spec: description: |- Buffering holds the buffering middleware configuration. This middleware retries or limits the size of requests that can be forwarded to backends. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/buffering/#maxrequestbodybytes + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/buffering/#maxrequestbodybytes properties: maxRequestBodyBytes: description: |- @@ -839,14 +839,14 @@ spec: description: |- RetryExpression defines the retry conditions. It is a logical combination of functions with operators AND (&&) and OR (||). - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/buffering/#retryexpression + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/buffering/#retryexpression type: string type: object chain: description: |- Chain holds the configuration of the chain middleware. This middleware enables to define reusable combinations of other pieces of middleware. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/chain/ + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/chain/ properties: middlewares: description: Middlewares is the list of MiddlewareRef which composes @@ -905,7 +905,7 @@ spec: description: |- Compress holds the compress middleware configuration. This middleware compresses responses before sending them to the client, using gzip, brotli, or zstd compression. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/compress/ + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/compress/ properties: defaultEncoding: description: DefaultEncoding specifies the default encoding if @@ -954,12 +954,12 @@ spec: description: |- DigestAuth holds the digest auth middleware configuration. This middleware restricts access to your services to known users. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/digestauth/ + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/digestauth/ properties: headerField: description: |- HeaderField defines a header field to store the authenticated user. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/#headerfield + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/#headerfield type: string realm: description: |- @@ -979,7 +979,7 @@ spec: description: |- ErrorPage holds the custom error middleware configuration. This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/errorpages/ + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/errorpages/ properties: query: description: |- @@ -989,7 +989,7 @@ spec: service: description: |- Service defines the reference to a Kubernetes Service that will serve the error page. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/errorpages/#service + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/errorpages/#service properties: healthCheck: description: Healthcheck defines health checks for ExternalName @@ -1122,7 +1122,7 @@ spec: sticky: description: |- Sticky defines the sticky sessions configuration. - More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions + More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions properties: cookie: description: Cookie defines the sticky cookie configuration. @@ -1180,7 +1180,7 @@ spec: description: |- ForwardAuth holds the forward auth middleware configuration. This middleware delegates the request authentication to a Service. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/forwardauth/ + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/forwardauth/ properties: addAuthCookiesToResponse: description: AddAuthCookiesToResponse defines the list of cookies @@ -1208,7 +1208,7 @@ spec: authResponseHeadersRegex: description: |- AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/forwardauth/#authresponseheadersregex + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/forwardauth/#authresponseheadersregex type: string tls: description: TLS defines the configuration used to secure the @@ -1255,7 +1255,7 @@ spec: description: |- Headers holds the headers middleware configuration. This middleware manages the requests and responses headers. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/headers/#customrequestheaders + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/headers/#customrequestheaders properties: accessControlAllowCredentials: description: AccessControlAllowCredentials defines whether the @@ -1426,7 +1426,7 @@ spec: description: |- InFlightReq holds the in-flight request middleware configuration. This middleware limits the number of requests being processed and served concurrently. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/inflightreq/ + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/inflightreq/ properties: amount: description: |- @@ -1439,12 +1439,12 @@ spec: SourceCriterion defines what criterion is used to group requests as originating from a common source. If several strategies are defined at the same time, an error will be raised. If none are set, the default is to use the requestHost. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/inflightreq/#sourcecriterion + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/inflightreq/#sourcecriterion properties: ipStrategy: description: |- IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/#ipstrategy properties: depth: description: Depth tells Traefik to use the X-Forwarded-For @@ -1479,12 +1479,12 @@ spec: description: |- IPAllowList holds the IP allowlist middleware configuration. This middleware limits allowed requests based on the client IP. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/ + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/ properties: ipStrategy: description: |- IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/#ipstrategy properties: depth: description: Depth tells Traefik to use the X-Forwarded-For @@ -1521,7 +1521,7 @@ spec: ipStrategy: description: |- IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/#ipstrategy properties: depth: description: Depth tells Traefik to use the X-Forwarded-For @@ -1551,7 +1551,7 @@ spec: description: |- PassTLSClientCert holds the pass TLS client cert middleware configuration. This middleware adds the selected data from the passed client TLS certificate to a header. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/passtlsclientcert/ + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/passtlsclientcert/ properties: info: description: Info selects the specific client certificate details @@ -1660,7 +1660,7 @@ spec: description: |- RateLimit holds the rate limit configuration. This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ratelimit/ + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ratelimit/ properties: average: description: |- @@ -1693,7 +1693,7 @@ spec: ipStrategy: description: |- IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/#ipstrategy properties: depth: description: Depth tells Traefik to use the X-Forwarded-For @@ -1728,7 +1728,7 @@ spec: description: |- RedirectRegex holds the redirect regex middleware configuration. This middleware redirects a request using regex matching and replacement. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/redirectregex/#regex + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/redirectregex/#regex properties: permanent: description: Permanent defines whether the redirection is permanent @@ -1747,7 +1747,7 @@ spec: description: |- RedirectScheme holds the redirect scheme middleware configuration. This middleware redirects requests from a scheme/port to another. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/redirectscheme/ + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/redirectscheme/ properties: permanent: description: Permanent defines whether the redirection is permanent @@ -1764,7 +1764,7 @@ spec: description: |- ReplacePath holds the replace path middleware configuration. This middleware replaces the path of the request URL and store the original path in an X-Replaced-Path header. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/replacepath/ + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/replacepath/ properties: path: description: Path defines the path to use as replacement in the @@ -1775,7 +1775,7 @@ spec: description: |- ReplacePathRegex holds the replace path regex middleware configuration. This middleware replaces the path of a URL using regex matching and replacement. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/replacepathregex/ + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/replacepathregex/ properties: regex: description: Regex defines the regular expression used to match @@ -1791,7 +1791,7 @@ spec: Retry holds the retry middleware configuration. This middleware reissues requests a given number of times to a backend server if that server does not reply. As soon as the server answers, the middleware stops retrying, regardless of the response status. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/retry/ + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/retry/ properties: attempts: description: Attempts defines how many times the request should @@ -1813,7 +1813,7 @@ spec: description: |- StripPrefix holds the strip prefix middleware configuration. This middleware removes the specified prefixes from the URL path. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/stripprefix/ + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/stripprefix/ properties: forceSlash: description: |- @@ -1832,7 +1832,7 @@ spec: description: |- StripPrefixRegex holds the strip prefix regex middleware configuration. This middleware removes the matching prefixes from the URL path. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/stripprefixregex/ + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/stripprefixregex/ properties: regex: description: Regex defines the regular expression to match the @@ -1869,7 +1869,7 @@ spec: openAPIV3Schema: description: |- MiddlewareTCP is the CRD implementation of a Traefik TCP middleware. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/overview/ + More info: https://doc.traefik.io/traefik/v3.2/middlewares/overview/ properties: apiVersion: description: |- @@ -1905,7 +1905,7 @@ spec: description: |- IPAllowList defines the IPAllowList middleware configuration. This middleware accepts/refuses connections based on the client IP. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/tcp/ipallowlist/ + More info: https://doc.traefik.io/traefik/v3.2/middlewares/tcp/ipallowlist/ properties: sourceRange: description: SourceRange defines the allowed IPs (or ranges of @@ -1919,7 +1919,7 @@ spec: IPWhiteList defines the IPWhiteList middleware configuration. This middleware accepts/refuses connections based on the client IP. Deprecated: please use IPAllowList instead. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/tcp/ipwhitelist/ + More info: https://doc.traefik.io/traefik/v3.2/middlewares/tcp/ipwhitelist/ properties: sourceRange: description: SourceRange defines the allowed IPs (or ranges of @@ -1958,7 +1958,7 @@ spec: ServersTransport is the CRD implementation of a ServersTransport. If no serversTransport is specified, the default@internal will be used. The default@internal serversTransport is created from the static configuration. - More info: https://doc.traefik.io/traefik/v3.1/routing/services/#serverstransport_1 + More info: https://doc.traefik.io/traefik/v3.2/routing/services/#serverstransport_1 properties: apiVersion: description: |- @@ -2097,7 +2097,7 @@ spec: ServersTransportTCP is the CRD implementation of a TCPServersTransport. If no tcpServersTransport is specified, a default one named default@internal will be used. The default@internal tcpServersTransport can be configured in the static configuration. - More info: https://doc.traefik.io/traefik/v3.1/routing/services/#serverstransport_3 + More info: https://doc.traefik.io/traefik/v3.2/routing/services/#serverstransport_3 properties: apiVersion: description: |- @@ -2215,7 +2215,7 @@ spec: openAPIV3Schema: description: |- TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection. - More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options + More info: https://doc.traefik.io/traefik/v3.2/https/tls/#tls-options properties: apiVersion: description: |- @@ -2240,14 +2240,14 @@ spec: alpnProtocols: description: |- ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference. - More info: https://doc.traefik.io/traefik/v3.1/https/tls/#alpn-protocols + More info: https://doc.traefik.io/traefik/v3.2/https/tls/#alpn-protocols items: type: string type: array cipherSuites: description: |- CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2. - More info: https://doc.traefik.io/traefik/v3.1/https/tls/#cipher-suites + More info: https://doc.traefik.io/traefik/v3.2/https/tls/#cipher-suites items: type: string type: array @@ -2275,7 +2275,7 @@ spec: curvePreferences: description: |- CurvePreferences defines the preferred elliptic curves in a specific order. - More info: https://doc.traefik.io/traefik/v3.1/https/tls/#curve-preferences + More info: https://doc.traefik.io/traefik/v3.2/https/tls/#curve-preferences items: type: string type: array @@ -2331,7 +2331,7 @@ spec: TLSStore is the CRD implementation of a Traefik TLS Store. For the time being, only the TLSStore named default is supported. This means that you cannot have two stores that are named default in different Kubernetes namespaces. - More info: https://doc.traefik.io/traefik/v3.1/https/tls/#certificates-stores + More info: https://doc.traefik.io/traefik/v3.2/https/tls/#certificates-stores properties: apiVersion: description: |- @@ -2429,7 +2429,7 @@ spec: TraefikService object allows to: - Apply weight to Services on load-balancing - Mirror traffic on services - More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-traefikservice + More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-traefikservice properties: apiVersion: description: |- @@ -2675,7 +2675,7 @@ spec: sticky: description: |- Sticky defines the sticky sessions configuration. - More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions + More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions properties: cookie: description: Cookie defines the sticky cookie configuration. @@ -2782,7 +2782,7 @@ spec: sticky: description: |- Sticky defines the sticky sessions configuration. - More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions + More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions properties: cookie: description: Cookie defines the sticky cookie configuration. @@ -2965,7 +2965,7 @@ spec: sticky: description: |- Sticky defines the sticky sessions configuration. - More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions + More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions properties: cookie: description: Cookie defines the sticky cookie configuration. @@ -3012,7 +3012,7 @@ spec: sticky: description: |- Sticky defines whether sticky sessions are enabled. - More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#stickiness-and-load-balancing + More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#stickiness-and-load-balancing properties: cookie: description: Cookie defines the sticky cookie configuration. diff --git a/docs/content/reference/dynamic-configuration/kubernetes-gateway-traefik-lb-svc.yml b/docs/content/reference/dynamic-configuration/kubernetes-gateway-traefik-lb-svc.yml index f9d40a3aca..9e4ba93378 100644 --- a/docs/content/reference/dynamic-configuration/kubernetes-gateway-traefik-lb-svc.yml +++ b/docs/content/reference/dynamic-configuration/kubernetes-gateway-traefik-lb-svc.yml @@ -25,7 +25,7 @@ spec: serviceAccountName: traefik-controller containers: - name: traefik - image: traefik:v3.1 + image: traefik:v3.2 args: - --entryPoints.web.address=:80 - --entryPoints.websecure.address=:443 diff --git a/docs/content/reference/dynamic-configuration/traefik.io_ingressroutes.yaml b/docs/content/reference/dynamic-configuration/traefik.io_ingressroutes.yaml index 6ce60d68e4..ccb374a94a 100644 --- a/docs/content/reference/dynamic-configuration/traefik.io_ingressroutes.yaml +++ b/docs/content/reference/dynamic-configuration/traefik.io_ingressroutes.yaml @@ -43,7 +43,7 @@ spec: description: |- EntryPoints defines the list of entry point names to bind to. Entry points have to be configured in the static configuration. - More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/ + More info: https://doc.traefik.io/traefik/v3.2/routing/entrypoints/ Default: all. items: type: string @@ -63,12 +63,12 @@ spec: match: description: |- Match defines the router's rule. - More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rule + More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rule type: string middlewares: description: |- Middlewares defines the list of references to Middleware resources. - More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-middleware + More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-middleware items: description: MiddlewareRef is a reference to a Middleware resource. @@ -88,7 +88,7 @@ spec: priority: description: |- Priority defines the router's priority. - More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#priority + More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#priority type: integer services: description: |- @@ -229,7 +229,7 @@ spec: sticky: description: |- Sticky defines the sticky sessions configuration. - More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions + More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions properties: cookie: description: Cookie defines the sticky cookie configuration. @@ -277,7 +277,7 @@ spec: syntax: description: |- Syntax defines the router's rule syntax. - More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rulesyntax + More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rulesyntax type: string required: - kind @@ -287,18 +287,18 @@ spec: tls: description: |- TLS defines the TLS configuration. - More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#tls + More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#tls properties: certResolver: description: |- CertResolver defines the name of the certificate resolver to use. Cert resolvers have to be configured in the static configuration. - More info: https://doc.traefik.io/traefik/v3.1/https/acme/#certificate-resolvers + More info: https://doc.traefik.io/traefik/v3.2/https/acme/#certificate-resolvers type: string domains: description: |- Domains defines the list of domains that will be used to issue certificates. - More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#domains + More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#domains items: description: Domain holds a domain name with SANs. properties: @@ -317,17 +317,17 @@ spec: description: |- Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection. If not defined, the `default` TLSOption is used. - More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options + More info: https://doc.traefik.io/traefik/v3.2/https/tls/#tls-options properties: name: description: |- Name defines the name of the referenced TLSOption. - More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsoption + More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsoption type: string namespace: description: |- Namespace defines the namespace of the referenced TLSOption. - More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsoption + More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsoption type: string required: - name @@ -344,12 +344,12 @@ spec: name: description: |- Name defines the name of the referenced TLSStore. - More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsstore + More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsstore type: string namespace: description: |- Namespace defines the namespace of the referenced TLSStore. - More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsstore + More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsstore type: string required: - name diff --git a/docs/content/reference/dynamic-configuration/traefik.io_ingressroutetcps.yaml b/docs/content/reference/dynamic-configuration/traefik.io_ingressroutetcps.yaml index 9db38f869c..ae675f6a6f 100644 --- a/docs/content/reference/dynamic-configuration/traefik.io_ingressroutetcps.yaml +++ b/docs/content/reference/dynamic-configuration/traefik.io_ingressroutetcps.yaml @@ -43,7 +43,7 @@ spec: description: |- EntryPoints defines the list of entry point names to bind to. Entry points have to be configured in the static configuration. - More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/ + More info: https://doc.traefik.io/traefik/v3.2/routing/entrypoints/ Default: all. items: type: string @@ -56,7 +56,7 @@ spec: match: description: |- Match defines the router's rule. - More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rule_1 + More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rule_1 type: string middlewares: description: Middlewares defines the list of references to MiddlewareTCP @@ -80,7 +80,7 @@ spec: priority: description: |- Priority defines the router's priority. - More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#priority_1 + More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#priority_1 type: integer services: description: Services defines the list of TCP services. @@ -121,7 +121,7 @@ spec: proxyProtocol: description: |- ProxyProtocol defines the PROXY protocol configuration. - More info: https://doc.traefik.io/traefik/v3.1/routing/services/#proxy-protocol + More info: https://doc.traefik.io/traefik/v3.2/routing/services/#proxy-protocol properties: version: description: Version defines the PROXY Protocol version @@ -159,7 +159,7 @@ spec: syntax: description: |- Syntax defines the router's rule syntax. - More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rulesyntax_1 + More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rulesyntax_1 type: string required: - match @@ -168,18 +168,18 @@ spec: tls: description: |- TLS defines the TLS configuration on a layer 4 / TCP Route. - More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#tls_1 + More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#tls_1 properties: certResolver: description: |- CertResolver defines the name of the certificate resolver to use. Cert resolvers have to be configured in the static configuration. - More info: https://doc.traefik.io/traefik/v3.1/https/acme/#certificate-resolvers + More info: https://doc.traefik.io/traefik/v3.2/https/acme/#certificate-resolvers type: string domains: description: |- Domains defines the list of domains that will be used to issue certificates. - More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#domains + More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#domains items: description: Domain holds a domain name with SANs. properties: @@ -198,7 +198,7 @@ spec: description: |- Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection. If not defined, the `default` TLSOption is used. - More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options + More info: https://doc.traefik.io/traefik/v3.2/https/tls/#tls-options properties: name: description: Name defines the name of the referenced Traefik diff --git a/docs/content/reference/dynamic-configuration/traefik.io_ingressrouteudps.yaml b/docs/content/reference/dynamic-configuration/traefik.io_ingressrouteudps.yaml index 9b04a83551..a815d86836 100644 --- a/docs/content/reference/dynamic-configuration/traefik.io_ingressrouteudps.yaml +++ b/docs/content/reference/dynamic-configuration/traefik.io_ingressrouteudps.yaml @@ -43,7 +43,7 @@ spec: description: |- EntryPoints defines the list of entry point names to bind to. Entry points have to be configured in the static configuration. - More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/ + More info: https://doc.traefik.io/traefik/v3.2/routing/entrypoints/ Default: all. items: type: string diff --git a/docs/content/reference/dynamic-configuration/traefik.io_middlewares.yaml b/docs/content/reference/dynamic-configuration/traefik.io_middlewares.yaml index baf3d5b1ec..f3ea9fc58e 100644 --- a/docs/content/reference/dynamic-configuration/traefik.io_middlewares.yaml +++ b/docs/content/reference/dynamic-configuration/traefik.io_middlewares.yaml @@ -19,7 +19,7 @@ spec: openAPIV3Schema: description: |- Middleware is the CRD implementation of a Traefik Middleware. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/overview/ + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/overview/ properties: apiVersion: description: |- @@ -45,7 +45,7 @@ spec: description: |- AddPrefix holds the add prefix middleware configuration. This middleware updates the path of a request before forwarding it. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/addprefix/ + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/addprefix/ properties: prefix: description: |- @@ -57,12 +57,12 @@ spec: description: |- BasicAuth holds the basic auth middleware configuration. This middleware restricts access to your services to known users. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/ + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/ properties: headerField: description: |- HeaderField defines a header field to store the authenticated user. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/#headerfield + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/#headerfield type: string realm: description: |- @@ -83,7 +83,7 @@ spec: description: |- Buffering holds the buffering middleware configuration. This middleware retries or limits the size of requests that can be forwarded to backends. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/buffering/#maxrequestbodybytes + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/buffering/#maxrequestbodybytes properties: maxRequestBodyBytes: description: |- @@ -115,14 +115,14 @@ spec: description: |- RetryExpression defines the retry conditions. It is a logical combination of functions with operators AND (&&) and OR (||). - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/buffering/#retryexpression + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/buffering/#retryexpression type: string type: object chain: description: |- Chain holds the configuration of the chain middleware. This middleware enables to define reusable combinations of other pieces of middleware. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/chain/ + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/chain/ properties: middlewares: description: Middlewares is the list of MiddlewareRef which composes @@ -181,7 +181,7 @@ spec: description: |- Compress holds the compress middleware configuration. This middleware compresses responses before sending them to the client, using gzip, brotli, or zstd compression. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/compress/ + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/compress/ properties: defaultEncoding: description: DefaultEncoding specifies the default encoding if @@ -230,12 +230,12 @@ spec: description: |- DigestAuth holds the digest auth middleware configuration. This middleware restricts access to your services to known users. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/digestauth/ + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/digestauth/ properties: headerField: description: |- HeaderField defines a header field to store the authenticated user. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/#headerfield + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/#headerfield type: string realm: description: |- @@ -255,7 +255,7 @@ spec: description: |- ErrorPage holds the custom error middleware configuration. This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/errorpages/ + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/errorpages/ properties: query: description: |- @@ -265,7 +265,7 @@ spec: service: description: |- Service defines the reference to a Kubernetes Service that will serve the error page. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/errorpages/#service + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/errorpages/#service properties: healthCheck: description: Healthcheck defines health checks for ExternalName @@ -398,7 +398,7 @@ spec: sticky: description: |- Sticky defines the sticky sessions configuration. - More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions + More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions properties: cookie: description: Cookie defines the sticky cookie configuration. @@ -456,7 +456,7 @@ spec: description: |- ForwardAuth holds the forward auth middleware configuration. This middleware delegates the request authentication to a Service. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/forwardauth/ + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/forwardauth/ properties: addAuthCookiesToResponse: description: AddAuthCookiesToResponse defines the list of cookies @@ -484,7 +484,7 @@ spec: authResponseHeadersRegex: description: |- AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/forwardauth/#authresponseheadersregex + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/forwardauth/#authresponseheadersregex type: string tls: description: TLS defines the configuration used to secure the @@ -531,7 +531,7 @@ spec: description: |- Headers holds the headers middleware configuration. This middleware manages the requests and responses headers. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/headers/#customrequestheaders + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/headers/#customrequestheaders properties: accessControlAllowCredentials: description: AccessControlAllowCredentials defines whether the @@ -702,7 +702,7 @@ spec: description: |- InFlightReq holds the in-flight request middleware configuration. This middleware limits the number of requests being processed and served concurrently. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/inflightreq/ + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/inflightreq/ properties: amount: description: |- @@ -715,12 +715,12 @@ spec: SourceCriterion defines what criterion is used to group requests as originating from a common source. If several strategies are defined at the same time, an error will be raised. If none are set, the default is to use the requestHost. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/inflightreq/#sourcecriterion + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/inflightreq/#sourcecriterion properties: ipStrategy: description: |- IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/#ipstrategy properties: depth: description: Depth tells Traefik to use the X-Forwarded-For @@ -755,12 +755,12 @@ spec: description: |- IPAllowList holds the IP allowlist middleware configuration. This middleware limits allowed requests based on the client IP. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/ + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/ properties: ipStrategy: description: |- IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/#ipstrategy properties: depth: description: Depth tells Traefik to use the X-Forwarded-For @@ -797,7 +797,7 @@ spec: ipStrategy: description: |- IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/#ipstrategy properties: depth: description: Depth tells Traefik to use the X-Forwarded-For @@ -827,7 +827,7 @@ spec: description: |- PassTLSClientCert holds the pass TLS client cert middleware configuration. This middleware adds the selected data from the passed client TLS certificate to a header. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/passtlsclientcert/ + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/passtlsclientcert/ properties: info: description: Info selects the specific client certificate details @@ -936,7 +936,7 @@ spec: description: |- RateLimit holds the rate limit configuration. This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ratelimit/ + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ratelimit/ properties: average: description: |- @@ -969,7 +969,7 @@ spec: ipStrategy: description: |- IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/#ipstrategy properties: depth: description: Depth tells Traefik to use the X-Forwarded-For @@ -1004,7 +1004,7 @@ spec: description: |- RedirectRegex holds the redirect regex middleware configuration. This middleware redirects a request using regex matching and replacement. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/redirectregex/#regex + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/redirectregex/#regex properties: permanent: description: Permanent defines whether the redirection is permanent @@ -1023,7 +1023,7 @@ spec: description: |- RedirectScheme holds the redirect scheme middleware configuration. This middleware redirects requests from a scheme/port to another. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/redirectscheme/ + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/redirectscheme/ properties: permanent: description: Permanent defines whether the redirection is permanent @@ -1040,7 +1040,7 @@ spec: description: |- ReplacePath holds the replace path middleware configuration. This middleware replaces the path of the request URL and store the original path in an X-Replaced-Path header. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/replacepath/ + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/replacepath/ properties: path: description: Path defines the path to use as replacement in the @@ -1051,7 +1051,7 @@ spec: description: |- ReplacePathRegex holds the replace path regex middleware configuration. This middleware replaces the path of a URL using regex matching and replacement. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/replacepathregex/ + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/replacepathregex/ properties: regex: description: Regex defines the regular expression used to match @@ -1067,7 +1067,7 @@ spec: Retry holds the retry middleware configuration. This middleware reissues requests a given number of times to a backend server if that server does not reply. As soon as the server answers, the middleware stops retrying, regardless of the response status. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/retry/ + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/retry/ properties: attempts: description: Attempts defines how many times the request should @@ -1089,7 +1089,7 @@ spec: description: |- StripPrefix holds the strip prefix middleware configuration. This middleware removes the specified prefixes from the URL path. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/stripprefix/ + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/stripprefix/ properties: forceSlash: description: |- @@ -1108,7 +1108,7 @@ spec: description: |- StripPrefixRegex holds the strip prefix regex middleware configuration. This middleware removes the matching prefixes from the URL path. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/stripprefixregex/ + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/stripprefixregex/ properties: regex: description: Regex defines the regular expression to match the diff --git a/docs/content/reference/dynamic-configuration/traefik.io_middlewaretcps.yaml b/docs/content/reference/dynamic-configuration/traefik.io_middlewaretcps.yaml index f09e3d4129..fc23e11b52 100644 --- a/docs/content/reference/dynamic-configuration/traefik.io_middlewaretcps.yaml +++ b/docs/content/reference/dynamic-configuration/traefik.io_middlewaretcps.yaml @@ -19,7 +19,7 @@ spec: openAPIV3Schema: description: |- MiddlewareTCP is the CRD implementation of a Traefik TCP middleware. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/overview/ + More info: https://doc.traefik.io/traefik/v3.2/middlewares/overview/ properties: apiVersion: description: |- @@ -55,7 +55,7 @@ spec: description: |- IPAllowList defines the IPAllowList middleware configuration. This middleware accepts/refuses connections based on the client IP. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/tcp/ipallowlist/ + More info: https://doc.traefik.io/traefik/v3.2/middlewares/tcp/ipallowlist/ properties: sourceRange: description: SourceRange defines the allowed IPs (or ranges of @@ -69,7 +69,7 @@ spec: IPWhiteList defines the IPWhiteList middleware configuration. This middleware accepts/refuses connections based on the client IP. Deprecated: please use IPAllowList instead. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/tcp/ipwhitelist/ + More info: https://doc.traefik.io/traefik/v3.2/middlewares/tcp/ipwhitelist/ properties: sourceRange: description: SourceRange defines the allowed IPs (or ranges of diff --git a/docs/content/reference/dynamic-configuration/traefik.io_serverstransports.yaml b/docs/content/reference/dynamic-configuration/traefik.io_serverstransports.yaml index a447c97f19..fe2f129ad7 100644 --- a/docs/content/reference/dynamic-configuration/traefik.io_serverstransports.yaml +++ b/docs/content/reference/dynamic-configuration/traefik.io_serverstransports.yaml @@ -21,7 +21,7 @@ spec: ServersTransport is the CRD implementation of a ServersTransport. If no serversTransport is specified, the default@internal will be used. The default@internal serversTransport is created from the static configuration. - More info: https://doc.traefik.io/traefik/v3.1/routing/services/#serverstransport_1 + More info: https://doc.traefik.io/traefik/v3.2/routing/services/#serverstransport_1 properties: apiVersion: description: |- diff --git a/docs/content/reference/dynamic-configuration/traefik.io_serverstransporttcps.yaml b/docs/content/reference/dynamic-configuration/traefik.io_serverstransporttcps.yaml index 319044709c..2f24c84748 100644 --- a/docs/content/reference/dynamic-configuration/traefik.io_serverstransporttcps.yaml +++ b/docs/content/reference/dynamic-configuration/traefik.io_serverstransporttcps.yaml @@ -21,7 +21,7 @@ spec: ServersTransportTCP is the CRD implementation of a TCPServersTransport. If no tcpServersTransport is specified, a default one named default@internal will be used. The default@internal tcpServersTransport can be configured in the static configuration. - More info: https://doc.traefik.io/traefik/v3.1/routing/services/#serverstransport_3 + More info: https://doc.traefik.io/traefik/v3.2/routing/services/#serverstransport_3 properties: apiVersion: description: |- diff --git a/docs/content/reference/dynamic-configuration/traefik.io_tlsoptions.yaml b/docs/content/reference/dynamic-configuration/traefik.io_tlsoptions.yaml index 932f958114..498fc3c8bb 100644 --- a/docs/content/reference/dynamic-configuration/traefik.io_tlsoptions.yaml +++ b/docs/content/reference/dynamic-configuration/traefik.io_tlsoptions.yaml @@ -19,7 +19,7 @@ spec: openAPIV3Schema: description: |- TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection. - More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options + More info: https://doc.traefik.io/traefik/v3.2/https/tls/#tls-options properties: apiVersion: description: |- @@ -44,14 +44,14 @@ spec: alpnProtocols: description: |- ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference. - More info: https://doc.traefik.io/traefik/v3.1/https/tls/#alpn-protocols + More info: https://doc.traefik.io/traefik/v3.2/https/tls/#alpn-protocols items: type: string type: array cipherSuites: description: |- CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2. - More info: https://doc.traefik.io/traefik/v3.1/https/tls/#cipher-suites + More info: https://doc.traefik.io/traefik/v3.2/https/tls/#cipher-suites items: type: string type: array @@ -79,7 +79,7 @@ spec: curvePreferences: description: |- CurvePreferences defines the preferred elliptic curves in a specific order. - More info: https://doc.traefik.io/traefik/v3.1/https/tls/#curve-preferences + More info: https://doc.traefik.io/traefik/v3.2/https/tls/#curve-preferences items: type: string type: array diff --git a/docs/content/reference/dynamic-configuration/traefik.io_tlsstores.yaml b/docs/content/reference/dynamic-configuration/traefik.io_tlsstores.yaml index 37afedc024..7eacb770e1 100644 --- a/docs/content/reference/dynamic-configuration/traefik.io_tlsstores.yaml +++ b/docs/content/reference/dynamic-configuration/traefik.io_tlsstores.yaml @@ -21,7 +21,7 @@ spec: TLSStore is the CRD implementation of a Traefik TLS Store. For the time being, only the TLSStore named default is supported. This means that you cannot have two stores that are named default in different Kubernetes namespaces. - More info: https://doc.traefik.io/traefik/v3.1/https/tls/#certificates-stores + More info: https://doc.traefik.io/traefik/v3.2/https/tls/#certificates-stores properties: apiVersion: description: |- diff --git a/docs/content/reference/dynamic-configuration/traefik.io_traefikservices.yaml b/docs/content/reference/dynamic-configuration/traefik.io_traefikservices.yaml index 48e629bb8d..01e28fc5c7 100644 --- a/docs/content/reference/dynamic-configuration/traefik.io_traefikservices.yaml +++ b/docs/content/reference/dynamic-configuration/traefik.io_traefikservices.yaml @@ -22,7 +22,7 @@ spec: TraefikService object allows to: - Apply weight to Services on load-balancing - Mirror traffic on services - More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-traefikservice + More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-traefikservice properties: apiVersion: description: |- @@ -268,7 +268,7 @@ spec: sticky: description: |- Sticky defines the sticky sessions configuration. - More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions + More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions properties: cookie: description: Cookie defines the sticky cookie configuration. @@ -375,7 +375,7 @@ spec: sticky: description: |- Sticky defines the sticky sessions configuration. - More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions + More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions properties: cookie: description: Cookie defines the sticky cookie configuration. @@ -558,7 +558,7 @@ spec: sticky: description: |- Sticky defines the sticky sessions configuration. - More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions + More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions properties: cookie: description: Cookie defines the sticky cookie configuration. @@ -605,7 +605,7 @@ spec: sticky: description: |- Sticky defines whether sticky sessions are enabled. - More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#stickiness-and-load-balancing + More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#stickiness-and-load-balancing properties: cookie: description: Cookie defines the sticky cookie configuration. diff --git a/docs/content/routing/providers/kubernetes-crd.md b/docs/content/routing/providers/kubernetes-crd.md index 3f860f3aa2..fca592bebb 100644 --- a/docs/content/routing/providers/kubernetes-crd.md +++ b/docs/content/routing/providers/kubernetes-crd.md @@ -48,7 +48,7 @@ The Kubernetes Ingress Controller, The Custom Resource Way. serviceAccountName: traefik-ingress-controller containers: - name: traefik - image: traefik:v3.1 + image: traefik:v3.2 args: - --log.level=DEBUG - --api diff --git a/docs/content/routing/providers/kubernetes-ingress.md b/docs/content/routing/providers/kubernetes-ingress.md index 158543b464..a5444f5d67 100644 --- a/docs/content/routing/providers/kubernetes-ingress.md +++ b/docs/content/routing/providers/kubernetes-ingress.md @@ -130,7 +130,7 @@ which in turn will create the resulting routers, services, handlers, etc. serviceAccountName: traefik-ingress-controller containers: - name: traefik - image: traefik:v3.1 + image: traefik:v3.2 args: - --entryPoints.web.address=:80 - --providers.kubernetesingress @@ -543,7 +543,7 @@ This way, any Ingress attached to this Entrypoint will have TLS termination by d serviceAccountName: traefik-ingress-controller containers: - name: traefik - image: traefik:v3.1 + image: traefik:v3.2 args: - --entryPoints.websecure.address=:443 - --entryPoints.websecure.http.tls @@ -736,7 +736,7 @@ For more options, please refer to the available [annotations](#on-ingress). serviceAccountName: traefik-ingress-controller containers: - name: traefik - image: traefik:v3.1 + image: traefik:v3.2 args: - --entryPoints.websecure.address=:443 - --providers.kubernetesingress diff --git a/docs/content/user-guides/crd-acme/03-deployments.yml b/docs/content/user-guides/crd-acme/03-deployments.yml index 28555eb1d8..10d27d2f15 100644 --- a/docs/content/user-guides/crd-acme/03-deployments.yml +++ b/docs/content/user-guides/crd-acme/03-deployments.yml @@ -26,7 +26,7 @@ spec: serviceAccountName: traefik-ingress-controller containers: - name: traefik - image: traefik:v3.1 + image: traefik:v3.2 args: - --api.insecure - --accesslog diff --git a/docs/content/user-guides/crd-acme/index.md b/docs/content/user-guides/crd-acme/index.md index d794a1a4d9..a302ac89ef 100644 --- a/docs/content/user-guides/crd-acme/index.md +++ b/docs/content/user-guides/crd-acme/index.md @@ -49,10 +49,10 @@ and the RBAC authorization resources which will be referenced through the `servi ```bash # Install Traefik Resource Definitions: -kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml +kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.2/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml # Install RBAC for Traefik: -kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml +kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.2/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml ``` ### Services @@ -60,7 +60,7 @@ kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/con Then, the services. One for Traefik itself, and one for the app it routes for, i.e. in this case our demo HTTP server: [whoami](https://github.com/traefik/whoami). ```bash -kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/content/user-guides/crd-acme/02-services.yml +kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.2/docs/content/user-guides/crd-acme/02-services.yml ``` ```yaml @@ -73,7 +73,7 @@ Next, the deployments, i.e. the actual pods behind the services. Again, one pod for Traefik, and one for the whoami app. ```bash -kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/content/user-guides/crd-acme/03-deployments.yml +kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.2/docs/content/user-guides/crd-acme/03-deployments.yml ``` ```yaml @@ -100,7 +100,7 @@ Look it up. We can now finally apply the actual ingressRoutes, with: ```bash -kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/content/user-guides/crd-acme/04-ingressroutes.yml +kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.2/docs/content/user-guides/crd-acme/04-ingressroutes.yml ``` ```yaml @@ -126,7 +126,7 @@ Nowadays, TLS v1.0 and v1.1 are deprecated. In order to force TLS v1.2 or later on all your IngressRoute, you can define the `default` TLSOption: ```bash -kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/content/user-guides/crd-acme/05-tlsoption.yml +kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.2/docs/content/user-guides/crd-acme/05-tlsoption.yml ``` ```yaml diff --git a/docs/content/user-guides/crd-acme/k3s.yml b/docs/content/user-guides/crd-acme/k3s.yml index b5cf562424..25fd81bbc5 100644 --- a/docs/content/user-guides/crd-acme/k3s.yml +++ b/docs/content/user-guides/crd-acme/k3s.yml @@ -26,5 +26,5 @@ node: - K3S_CLUSTER_SECRET=somethingtotallyrandom volumes: # this is where you would place a alternative traefik image (saved as a .tar file with - # 'docker save'), if you want to use it, instead of the traefik:v3.1 image. + # 'docker save'), if you want to use it, instead of the traefik:v3.2 image. - /somewhere/on/your/host/custom-image:/var/lib/rancher/k3s/agent/images diff --git a/docs/content/user-guides/docker-compose/acme-dns/docker-compose.yml b/docs/content/user-guides/docker-compose/acme-dns/docker-compose.yml index eccf0a23e2..809fba3733 100644 --- a/docs/content/user-guides/docker-compose/acme-dns/docker-compose.yml +++ b/docs/content/user-guides/docker-compose/acme-dns/docker-compose.yml @@ -3,7 +3,7 @@ version: "3.3" services: traefik: - image: "traefik:v3.1" + image: "traefik:v3.2" container_name: "traefik" command: #- "--log.level=DEBUG" diff --git a/docs/content/user-guides/docker-compose/acme-dns/docker-compose_secrets.yml b/docs/content/user-guides/docker-compose/acme-dns/docker-compose_secrets.yml index c61baf0fea..2a1be3638d 100644 --- a/docs/content/user-guides/docker-compose/acme-dns/docker-compose_secrets.yml +++ b/docs/content/user-guides/docker-compose/acme-dns/docker-compose_secrets.yml @@ -13,7 +13,7 @@ secrets: services: traefik: - image: "traefik:v3.1" + image: "traefik:v3.2" container_name: "traefik" command: #- "--log.level=DEBUG" diff --git a/docs/content/user-guides/docker-compose/acme-http/docker-compose.yml b/docs/content/user-guides/docker-compose/acme-http/docker-compose.yml index c9e4efe486..76da4da5ab 100644 --- a/docs/content/user-guides/docker-compose/acme-http/docker-compose.yml +++ b/docs/content/user-guides/docker-compose/acme-http/docker-compose.yml @@ -3,7 +3,7 @@ version: "3.3" services: traefik: - image: "traefik:v3.1" + image: "traefik:v3.2" container_name: "traefik" command: #- "--log.level=DEBUG" diff --git a/docs/content/user-guides/docker-compose/acme-tls/docker-compose.yml b/docs/content/user-guides/docker-compose/acme-tls/docker-compose.yml index d3b6b10eb4..95fd2d16af 100644 --- a/docs/content/user-guides/docker-compose/acme-tls/docker-compose.yml +++ b/docs/content/user-guides/docker-compose/acme-tls/docker-compose.yml @@ -3,7 +3,7 @@ version: "3.3" services: traefik: - image: "traefik:v3.1" + image: "traefik:v3.2" container_name: "traefik" command: #- "--log.level=DEBUG" diff --git a/docs/content/user-guides/docker-compose/basic-example/docker-compose.yml b/docs/content/user-guides/docker-compose/basic-example/docker-compose.yml index b9a40728d6..124d5ab43e 100644 --- a/docs/content/user-guides/docker-compose/basic-example/docker-compose.yml +++ b/docs/content/user-guides/docker-compose/basic-example/docker-compose.yml @@ -3,7 +3,7 @@ version: "3.3" services: traefik: - image: "traefik:v3.1" + image: "traefik:v3.2" container_name: "traefik" command: #- "--log.level=DEBUG" diff --git a/docs/content/user-guides/docker-compose/basic-example/index.md b/docs/content/user-guides/docker-compose/basic-example/index.md index aa27773a25..d95953b180 100644 --- a/docs/content/user-guides/docker-compose/basic-example/index.md +++ b/docs/content/user-guides/docker-compose/basic-example/index.md @@ -31,7 +31,7 @@ Create a `docker-compose.yml` file with the following content: services: traefik: - image: "traefik:v3.1" + image: "traefik:v3.2" ... networks: - traefiknet diff --git a/integration/fixtures/k8s/01-traefik-crd.yml b/integration/fixtures/k8s/01-traefik-crd.yml index 226d4a2f25..042feaaf8a 100644 --- a/integration/fixtures/k8s/01-traefik-crd.yml +++ b/integration/fixtures/k8s/01-traefik-crd.yml @@ -43,7 +43,7 @@ spec: description: |- EntryPoints defines the list of entry point names to bind to. Entry points have to be configured in the static configuration. - More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/ + More info: https://doc.traefik.io/traefik/v3.2/routing/entrypoints/ Default: all. items: type: string @@ -63,12 +63,12 @@ spec: match: description: |- Match defines the router's rule. - More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rule + More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rule type: string middlewares: description: |- Middlewares defines the list of references to Middleware resources. - More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-middleware + More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-middleware items: description: MiddlewareRef is a reference to a Middleware resource. @@ -88,7 +88,7 @@ spec: priority: description: |- Priority defines the router's priority. - More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#priority + More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#priority type: integer services: description: |- @@ -229,7 +229,7 @@ spec: sticky: description: |- Sticky defines the sticky sessions configuration. - More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions + More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions properties: cookie: description: Cookie defines the sticky cookie configuration. @@ -277,7 +277,7 @@ spec: syntax: description: |- Syntax defines the router's rule syntax. - More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rulesyntax + More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rulesyntax type: string required: - kind @@ -287,18 +287,18 @@ spec: tls: description: |- TLS defines the TLS configuration. - More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#tls + More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#tls properties: certResolver: description: |- CertResolver defines the name of the certificate resolver to use. Cert resolvers have to be configured in the static configuration. - More info: https://doc.traefik.io/traefik/v3.1/https/acme/#certificate-resolvers + More info: https://doc.traefik.io/traefik/v3.2/https/acme/#certificate-resolvers type: string domains: description: |- Domains defines the list of domains that will be used to issue certificates. - More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#domains + More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#domains items: description: Domain holds a domain name with SANs. properties: @@ -317,17 +317,17 @@ spec: description: |- Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection. If not defined, the `default` TLSOption is used. - More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options + More info: https://doc.traefik.io/traefik/v3.2/https/tls/#tls-options properties: name: description: |- Name defines the name of the referenced TLSOption. - More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsoption + More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsoption type: string namespace: description: |- Namespace defines the namespace of the referenced TLSOption. - More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsoption + More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsoption type: string required: - name @@ -344,12 +344,12 @@ spec: name: description: |- Name defines the name of the referenced TLSStore. - More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsstore + More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsstore type: string namespace: description: |- Namespace defines the namespace of the referenced TLSStore. - More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsstore + More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsstore type: string required: - name @@ -409,7 +409,7 @@ spec: description: |- EntryPoints defines the list of entry point names to bind to. Entry points have to be configured in the static configuration. - More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/ + More info: https://doc.traefik.io/traefik/v3.2/routing/entrypoints/ Default: all. items: type: string @@ -422,7 +422,7 @@ spec: match: description: |- Match defines the router's rule. - More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rule_1 + More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rule_1 type: string middlewares: description: Middlewares defines the list of references to MiddlewareTCP @@ -446,7 +446,7 @@ spec: priority: description: |- Priority defines the router's priority. - More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#priority_1 + More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#priority_1 type: integer services: description: Services defines the list of TCP services. @@ -487,7 +487,7 @@ spec: proxyProtocol: description: |- ProxyProtocol defines the PROXY protocol configuration. - More info: https://doc.traefik.io/traefik/v3.1/routing/services/#proxy-protocol + More info: https://doc.traefik.io/traefik/v3.2/routing/services/#proxy-protocol properties: version: description: Version defines the PROXY Protocol version @@ -525,7 +525,7 @@ spec: syntax: description: |- Syntax defines the router's rule syntax. - More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rulesyntax_1 + More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rulesyntax_1 type: string required: - match @@ -534,18 +534,18 @@ spec: tls: description: |- TLS defines the TLS configuration on a layer 4 / TCP Route. - More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#tls_1 + More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#tls_1 properties: certResolver: description: |- CertResolver defines the name of the certificate resolver to use. Cert resolvers have to be configured in the static configuration. - More info: https://doc.traefik.io/traefik/v3.1/https/acme/#certificate-resolvers + More info: https://doc.traefik.io/traefik/v3.2/https/acme/#certificate-resolvers type: string domains: description: |- Domains defines the list of domains that will be used to issue certificates. - More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#domains + More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#domains items: description: Domain holds a domain name with SANs. properties: @@ -564,7 +564,7 @@ spec: description: |- Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection. If not defined, the `default` TLSOption is used. - More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options + More info: https://doc.traefik.io/traefik/v3.2/https/tls/#tls-options properties: name: description: Name defines the name of the referenced Traefik @@ -656,7 +656,7 @@ spec: description: |- EntryPoints defines the list of entry point names to bind to. Entry points have to be configured in the static configuration. - More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/ + More info: https://doc.traefik.io/traefik/v3.2/routing/entrypoints/ Default: all. items: type: string @@ -743,7 +743,7 @@ spec: openAPIV3Schema: description: |- Middleware is the CRD implementation of a Traefik Middleware. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/overview/ + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/overview/ properties: apiVersion: description: |- @@ -769,7 +769,7 @@ spec: description: |- AddPrefix holds the add prefix middleware configuration. This middleware updates the path of a request before forwarding it. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/addprefix/ + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/addprefix/ properties: prefix: description: |- @@ -781,12 +781,12 @@ spec: description: |- BasicAuth holds the basic auth middleware configuration. This middleware restricts access to your services to known users. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/ + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/ properties: headerField: description: |- HeaderField defines a header field to store the authenticated user. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/#headerfield + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/#headerfield type: string realm: description: |- @@ -807,7 +807,7 @@ spec: description: |- Buffering holds the buffering middleware configuration. This middleware retries or limits the size of requests that can be forwarded to backends. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/buffering/#maxrequestbodybytes + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/buffering/#maxrequestbodybytes properties: maxRequestBodyBytes: description: |- @@ -839,14 +839,14 @@ spec: description: |- RetryExpression defines the retry conditions. It is a logical combination of functions with operators AND (&&) and OR (||). - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/buffering/#retryexpression + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/buffering/#retryexpression type: string type: object chain: description: |- Chain holds the configuration of the chain middleware. This middleware enables to define reusable combinations of other pieces of middleware. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/chain/ + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/chain/ properties: middlewares: description: Middlewares is the list of MiddlewareRef which composes @@ -905,7 +905,7 @@ spec: description: |- Compress holds the compress middleware configuration. This middleware compresses responses before sending them to the client, using gzip, brotli, or zstd compression. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/compress/ + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/compress/ properties: defaultEncoding: description: DefaultEncoding specifies the default encoding if @@ -954,12 +954,12 @@ spec: description: |- DigestAuth holds the digest auth middleware configuration. This middleware restricts access to your services to known users. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/digestauth/ + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/digestauth/ properties: headerField: description: |- HeaderField defines a header field to store the authenticated user. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/#headerfield + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/#headerfield type: string realm: description: |- @@ -979,7 +979,7 @@ spec: description: |- ErrorPage holds the custom error middleware configuration. This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/errorpages/ + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/errorpages/ properties: query: description: |- @@ -989,7 +989,7 @@ spec: service: description: |- Service defines the reference to a Kubernetes Service that will serve the error page. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/errorpages/#service + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/errorpages/#service properties: healthCheck: description: Healthcheck defines health checks for ExternalName @@ -1122,7 +1122,7 @@ spec: sticky: description: |- Sticky defines the sticky sessions configuration. - More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions + More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions properties: cookie: description: Cookie defines the sticky cookie configuration. @@ -1180,7 +1180,7 @@ spec: description: |- ForwardAuth holds the forward auth middleware configuration. This middleware delegates the request authentication to a Service. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/forwardauth/ + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/forwardauth/ properties: addAuthCookiesToResponse: description: AddAuthCookiesToResponse defines the list of cookies @@ -1208,7 +1208,7 @@ spec: authResponseHeadersRegex: description: |- AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/forwardauth/#authresponseheadersregex + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/forwardauth/#authresponseheadersregex type: string tls: description: TLS defines the configuration used to secure the @@ -1255,7 +1255,7 @@ spec: description: |- Headers holds the headers middleware configuration. This middleware manages the requests and responses headers. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/headers/#customrequestheaders + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/headers/#customrequestheaders properties: accessControlAllowCredentials: description: AccessControlAllowCredentials defines whether the @@ -1426,7 +1426,7 @@ spec: description: |- InFlightReq holds the in-flight request middleware configuration. This middleware limits the number of requests being processed and served concurrently. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/inflightreq/ + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/inflightreq/ properties: amount: description: |- @@ -1439,12 +1439,12 @@ spec: SourceCriterion defines what criterion is used to group requests as originating from a common source. If several strategies are defined at the same time, an error will be raised. If none are set, the default is to use the requestHost. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/inflightreq/#sourcecriterion + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/inflightreq/#sourcecriterion properties: ipStrategy: description: |- IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/#ipstrategy properties: depth: description: Depth tells Traefik to use the X-Forwarded-For @@ -1479,12 +1479,12 @@ spec: description: |- IPAllowList holds the IP allowlist middleware configuration. This middleware limits allowed requests based on the client IP. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/ + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/ properties: ipStrategy: description: |- IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/#ipstrategy properties: depth: description: Depth tells Traefik to use the X-Forwarded-For @@ -1521,7 +1521,7 @@ spec: ipStrategy: description: |- IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/#ipstrategy properties: depth: description: Depth tells Traefik to use the X-Forwarded-For @@ -1551,7 +1551,7 @@ spec: description: |- PassTLSClientCert holds the pass TLS client cert middleware configuration. This middleware adds the selected data from the passed client TLS certificate to a header. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/passtlsclientcert/ + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/passtlsclientcert/ properties: info: description: Info selects the specific client certificate details @@ -1660,7 +1660,7 @@ spec: description: |- RateLimit holds the rate limit configuration. This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ratelimit/ + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ratelimit/ properties: average: description: |- @@ -1693,7 +1693,7 @@ spec: ipStrategy: description: |- IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/#ipstrategy properties: depth: description: Depth tells Traefik to use the X-Forwarded-For @@ -1728,7 +1728,7 @@ spec: description: |- RedirectRegex holds the redirect regex middleware configuration. This middleware redirects a request using regex matching and replacement. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/redirectregex/#regex + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/redirectregex/#regex properties: permanent: description: Permanent defines whether the redirection is permanent @@ -1747,7 +1747,7 @@ spec: description: |- RedirectScheme holds the redirect scheme middleware configuration. This middleware redirects requests from a scheme/port to another. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/redirectscheme/ + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/redirectscheme/ properties: permanent: description: Permanent defines whether the redirection is permanent @@ -1764,7 +1764,7 @@ spec: description: |- ReplacePath holds the replace path middleware configuration. This middleware replaces the path of the request URL and store the original path in an X-Replaced-Path header. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/replacepath/ + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/replacepath/ properties: path: description: Path defines the path to use as replacement in the @@ -1775,7 +1775,7 @@ spec: description: |- ReplacePathRegex holds the replace path regex middleware configuration. This middleware replaces the path of a URL using regex matching and replacement. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/replacepathregex/ + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/replacepathregex/ properties: regex: description: Regex defines the regular expression used to match @@ -1791,7 +1791,7 @@ spec: Retry holds the retry middleware configuration. This middleware reissues requests a given number of times to a backend server if that server does not reply. As soon as the server answers, the middleware stops retrying, regardless of the response status. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/retry/ + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/retry/ properties: attempts: description: Attempts defines how many times the request should @@ -1813,7 +1813,7 @@ spec: description: |- StripPrefix holds the strip prefix middleware configuration. This middleware removes the specified prefixes from the URL path. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/stripprefix/ + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/stripprefix/ properties: forceSlash: description: |- @@ -1832,7 +1832,7 @@ spec: description: |- StripPrefixRegex holds the strip prefix regex middleware configuration. This middleware removes the matching prefixes from the URL path. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/stripprefixregex/ + More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/stripprefixregex/ properties: regex: description: Regex defines the regular expression to match the @@ -1869,7 +1869,7 @@ spec: openAPIV3Schema: description: |- MiddlewareTCP is the CRD implementation of a Traefik TCP middleware. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/overview/ + More info: https://doc.traefik.io/traefik/v3.2/middlewares/overview/ properties: apiVersion: description: |- @@ -1905,7 +1905,7 @@ spec: description: |- IPAllowList defines the IPAllowList middleware configuration. This middleware accepts/refuses connections based on the client IP. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/tcp/ipallowlist/ + More info: https://doc.traefik.io/traefik/v3.2/middlewares/tcp/ipallowlist/ properties: sourceRange: description: SourceRange defines the allowed IPs (or ranges of @@ -1919,7 +1919,7 @@ spec: IPWhiteList defines the IPWhiteList middleware configuration. This middleware accepts/refuses connections based on the client IP. Deprecated: please use IPAllowList instead. - More info: https://doc.traefik.io/traefik/v3.1/middlewares/tcp/ipwhitelist/ + More info: https://doc.traefik.io/traefik/v3.2/middlewares/tcp/ipwhitelist/ properties: sourceRange: description: SourceRange defines the allowed IPs (or ranges of @@ -1958,7 +1958,7 @@ spec: ServersTransport is the CRD implementation of a ServersTransport. If no serversTransport is specified, the default@internal will be used. The default@internal serversTransport is created from the static configuration. - More info: https://doc.traefik.io/traefik/v3.1/routing/services/#serverstransport_1 + More info: https://doc.traefik.io/traefik/v3.2/routing/services/#serverstransport_1 properties: apiVersion: description: |- @@ -2097,7 +2097,7 @@ spec: ServersTransportTCP is the CRD implementation of a TCPServersTransport. If no tcpServersTransport is specified, a default one named default@internal will be used. The default@internal tcpServersTransport can be configured in the static configuration. - More info: https://doc.traefik.io/traefik/v3.1/routing/services/#serverstransport_3 + More info: https://doc.traefik.io/traefik/v3.2/routing/services/#serverstransport_3 properties: apiVersion: description: |- @@ -2215,7 +2215,7 @@ spec: openAPIV3Schema: description: |- TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection. - More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options + More info: https://doc.traefik.io/traefik/v3.2/https/tls/#tls-options properties: apiVersion: description: |- @@ -2240,14 +2240,14 @@ spec: alpnProtocols: description: |- ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference. - More info: https://doc.traefik.io/traefik/v3.1/https/tls/#alpn-protocols + More info: https://doc.traefik.io/traefik/v3.2/https/tls/#alpn-protocols items: type: string type: array cipherSuites: description: |- CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2. - More info: https://doc.traefik.io/traefik/v3.1/https/tls/#cipher-suites + More info: https://doc.traefik.io/traefik/v3.2/https/tls/#cipher-suites items: type: string type: array @@ -2275,7 +2275,7 @@ spec: curvePreferences: description: |- CurvePreferences defines the preferred elliptic curves in a specific order. - More info: https://doc.traefik.io/traefik/v3.1/https/tls/#curve-preferences + More info: https://doc.traefik.io/traefik/v3.2/https/tls/#curve-preferences items: type: string type: array @@ -2331,7 +2331,7 @@ spec: TLSStore is the CRD implementation of a Traefik TLS Store. For the time being, only the TLSStore named default is supported. This means that you cannot have two stores that are named default in different Kubernetes namespaces. - More info: https://doc.traefik.io/traefik/v3.1/https/tls/#certificates-stores + More info: https://doc.traefik.io/traefik/v3.2/https/tls/#certificates-stores properties: apiVersion: description: |- @@ -2429,7 +2429,7 @@ spec: TraefikService object allows to: - Apply weight to Services on load-balancing - Mirror traffic on services - More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-traefikservice + More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-traefikservice properties: apiVersion: description: |- @@ -2675,7 +2675,7 @@ spec: sticky: description: |- Sticky defines the sticky sessions configuration. - More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions + More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions properties: cookie: description: Cookie defines the sticky cookie configuration. @@ -2782,7 +2782,7 @@ spec: sticky: description: |- Sticky defines the sticky sessions configuration. - More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions + More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions properties: cookie: description: Cookie defines the sticky cookie configuration. @@ -2965,7 +2965,7 @@ spec: sticky: description: |- Sticky defines the sticky sessions configuration. - More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions + More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions properties: cookie: description: Cookie defines the sticky cookie configuration. @@ -3012,7 +3012,7 @@ spec: sticky: description: |- Sticky defines whether sticky sessions are enabled. - More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#stickiness-and-load-balancing + More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#stickiness-and-load-balancing properties: cookie: description: Cookie defines the sticky cookie configuration. diff --git a/pkg/cli/deprecation.go b/pkg/cli/deprecation.go index 58d74cf795..7466b2758e 100644 --- a/pkg/cli/deprecation.go +++ b/pkg/cli/deprecation.go @@ -194,7 +194,7 @@ func (c *configuration) deprecationNotice(logger zerolog.Logger) bool { if c.Pilot != nil { incompatible = true logger.Error().Msg("Pilot configuration has been removed in v3, please remove all Pilot-related static configuration for Traefik to start." + - "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#pilot") + "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#pilot") } incompatibleExperimental := c.Experimental.deprecationNotice(logger) @@ -227,13 +227,13 @@ func (p *providers) deprecationNotice(logger zerolog.Logger) bool { if p.Marathon != nil { incompatible = true logger.Error().Msg("Marathon provider has been removed in v3, please remove all Marathon-related static configuration for Traefik to start." + - "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#marathon-provider") + "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#marathon-provider") } if p.Rancher != nil { incompatible = true logger.Error().Msg("Rancher provider has been removed in v3, please remove all Rancher-related static configuration for Traefik to start." + - "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#rancher-v1-provider") + "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#rancher-v1-provider") } dockerIncompatible := p.Docker.deprecationNotice(logger) @@ -275,14 +275,14 @@ func (d *docker) deprecationNotice(logger zerolog.Logger) bool { if d.SwarmMode != nil { incompatible = true logger.Error().Msg("Docker provider `swarmMode` option has been removed in v3, please use the Swarm Provider instead." + - "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#docker-docker-swarm") + "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#docker-docker-swarm") } if d.TLS != nil && d.TLS.CAOptional != nil { incompatible = true logger.Error().Msg("Docker provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." + "Please remove all occurrences from the static configuration for Traefik to start." + - "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tlscaoptional") + "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#tlscaoptional") } return incompatible @@ -323,7 +323,7 @@ func (e *etcd) deprecationNotice(logger zerolog.Logger) bool { incompatible = true logger.Error().Msg("ETCD provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." + "Please remove all occurrences from the static configuration for Traefik to start." + - "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tlscaoptional_3") + "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#tlscaoptional_3") } return incompatible @@ -344,7 +344,7 @@ func (r *redis) deprecationNotice(logger zerolog.Logger) bool { incompatible = true logger.Error().Msg("Redis provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." + "Please remove all occurrences from the static configuration for Traefik to start." + - "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tlscaoptional_4") + "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#tlscaoptional_4") } return incompatible @@ -365,14 +365,14 @@ func (c *consul) deprecationNotice(logger zerolog.Logger) bool { if c.Namespace != nil { incompatible = true logger.Error().Msg("Consul provider `namespace` option has been removed, please use the `namespaces` option instead." + - "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#consul-provider") + "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#consul-provider") } if c.TLS != nil && c.TLS.CAOptional != nil { incompatible = true logger.Error().Msg("Consul provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." + "Please remove all occurrences from the static configuration for Traefik to start." + - "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tlscaoptional_1") + "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#tlscaoptional_1") } return incompatible @@ -397,14 +397,14 @@ func (c *consulCatalog) deprecationNotice(logger zerolog.Logger) bool { if c.Namespace != nil { incompatible = true logger.Error().Msg("ConsulCatalog provider `namespace` option has been removed, please use the `namespaces` option instead." + - "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#consulcatalog-provider") + "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#consulcatalog-provider") } if c.Endpoint != nil && c.Endpoint.TLS != nil && c.Endpoint.TLS.CAOptional != nil { incompatible = true logger.Error().Msg("ConsulCatalog provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." + "Please remove all occurrences from the static configuration for Traefik to start." + - "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#endpointtlscaoptional") + "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#endpointtlscaoptional") } return incompatible @@ -425,14 +425,14 @@ func (n *nomad) deprecationNotice(logger zerolog.Logger) bool { if n.Namespace != nil { incompatible = true logger.Error().Msg("Nomad provider `namespace` option has been removed, please use the `namespaces` option instead." + - "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#nomad-provider") + "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#nomad-provider") } if n.Endpoint != nil && n.Endpoint.TLS != nil && n.Endpoint.TLS.CAOptional != nil { incompatible = true logger.Error().Msg("Nomad provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." + "Please remove all occurrences from the static configuration for Traefik to start." + - "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#endpointtlscaoptional_1") + "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#endpointtlscaoptional_1") } return incompatible @@ -453,7 +453,7 @@ func (h *http) deprecationNotice(logger zerolog.Logger) bool { incompatible = true logger.Error().Msg("HTTP provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." + "Please remove all occurrences from the static configuration for Traefik to start." + - "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tlscaoptional_2") + "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#tlscaoptional_2") } return incompatible @@ -471,7 +471,7 @@ func (i *ingress) deprecationNotice(logger zerolog.Logger) { if i.DisableIngressClassLookup != nil { logger.Error().Msg("Kubernetes Ingress provider `disableIngressClassLookup` option has been deprecated in v3.1, and will be removed in the next major version." + "Please use the `disableClusterScopeResources` option instead." + - "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v3/#ingressclasslookup") + "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v3/#ingressclasslookup") } } @@ -488,7 +488,7 @@ func (e *experimental) deprecationNotice(logger zerolog.Logger) bool { if e.HTTP3 != nil { logger.Error().Msg("HTTP3 is not an experimental feature in v3 and the associated enablement has been removed." + "Please remove its usage from the static configuration for Traefik to start." + - "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3-details/#http3") + "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3-details/#http3") return true } @@ -496,7 +496,7 @@ func (e *experimental) deprecationNotice(logger zerolog.Logger) bool { if e.KubernetesGateway != nil { logger.Error().Msg("KubernetesGateway provider is not an experimental feature starting with v3.1." + "Please remove its usage from the static configuration." + - "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v3/#gateway-api-kubernetesgateway-provider") + "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v3/#gateway-api-kubernetesgateway-provider") } return false @@ -520,49 +520,49 @@ func (t *tracing) deprecationNotice(logger zerolog.Logger) bool { if t.SpanNameLimit != nil { incompatible = true logger.Error().Msg("SpanNameLimit option for Tracing has been removed in v3, as Span names are now of a fixed length." + - "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tracing") + "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#tracing") } if t.Jaeger != nil { incompatible = true logger.Error().Msg("Jaeger Tracing backend has been removed in v3, please remove all Jaeger-related Tracing static configuration for Traefik to start." + "In v3, Open Telemetry replaces specific tracing backend implementations, and an collector/exporter can be used to export metrics in a vendor specific format." + - "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tracing") + "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#tracing") } if t.Zipkin != nil { incompatible = true logger.Error().Msg("Zipkin Tracing backend has been removed in v3, please remove all Zipkin-related Tracing static configuration for Traefik to start." + "In v3, Open Telemetry replaces specific tracing backend implementations, and an collector/exporter can be used to export metrics in a vendor specific format." + - "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tracing") + "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#tracing") } if t.Datadog != nil { incompatible = true logger.Error().Msg("Datadog Tracing backend has been removed in v3, please remove all Datadog-related Tracing static configuration for Traefik to start." + "In v3, Open Telemetry replaces specific tracing backend implementations, and an collector/exporter can be used to export metrics in a vendor specific format." + - "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tracing") + "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#tracing") } if t.Instana != nil { incompatible = true logger.Error().Msg("Instana Tracing backend has been removed in v3, please remove all Instana-related Tracing static configuration for Traefik to start." + "In v3, Open Telemetry replaces specific tracing backend implementations, and an collector/exporter can be used to export metrics in a vendor specific format." + - "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tracing") + "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#tracing") } if t.Haystack != nil { incompatible = true logger.Error().Msg("Haystack Tracing backend has been removed in v3, please remove all Haystack-related Tracing static configuration for Traefik to start." + "In v3, Open Telemetry replaces specific tracing backend implementations, and an collector/exporter can be used to export metrics in a vendor specific format." + - "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tracing") + "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#tracing") } if t.Elastic != nil { incompatible = true logger.Error().Msg("Elastic Tracing backend has been removed in v3, please remove all Elastic-related Tracing static configuration for Traefik to start." + "In v3, Open Telemetry replaces specific tracing backend implementations, and an collector/exporter can be used to export metrics in a vendor specific format." + - "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tracing") + "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#tracing") } return incompatible diff --git a/pkg/config/dynamic/middlewares.go b/pkg/config/dynamic/middlewares.go index b2dcb084fb..bf364543e4 100644 --- a/pkg/config/dynamic/middlewares.go +++ b/pkg/config/dynamic/middlewares.go @@ -73,7 +73,7 @@ type ContentType struct { // AddPrefix holds the add prefix middleware configuration. // This middleware updates the path of a request before forwarding it. -// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/addprefix/ +// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/addprefix/ type AddPrefix struct { // Prefix is the string to add before the current path in the requested URL. // It should include a leading slash (/). @@ -84,7 +84,7 @@ type AddPrefix struct { // BasicAuth holds the basic auth middleware configuration. // This middleware restricts access to your services to known users. -// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/ +// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/ type BasicAuth struct { // Users is an array of authorized users. // Each user must be declared using the name:hashed-password format. @@ -99,7 +99,7 @@ type BasicAuth struct { // Default: false. RemoveHeader bool `json:"removeHeader,omitempty" toml:"removeHeader,omitempty" yaml:"removeHeader,omitempty" export:"true"` // HeaderField defines a header field to store the authenticated user. - // More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/#headerfield + // More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/#headerfield HeaderField string `json:"headerField,omitempty" toml:"headerField,omitempty" yaml:"headerField,omitempty" export:"true"` } @@ -107,7 +107,7 @@ type BasicAuth struct { // Buffering holds the buffering middleware configuration. // This middleware retries or limits the size of requests that can be forwarded to backends. -// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/buffering/#maxrequestbodybytes +// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/buffering/#maxrequestbodybytes type Buffering struct { // MaxRequestBodyBytes defines the maximum allowed body size for the request (in bytes). // If the request exceeds the allowed size, it is not forwarded to the service, and the client gets a 413 (Request Entity Too Large) response. @@ -125,7 +125,7 @@ type Buffering struct { MemResponseBodyBytes int64 `json:"memResponseBodyBytes,omitempty" toml:"memResponseBodyBytes,omitempty" yaml:"memResponseBodyBytes,omitempty" export:"true"` // RetryExpression defines the retry conditions. // It is a logical combination of functions with operators AND (&&) and OR (||). - // More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/buffering/#retryexpression + // More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/buffering/#retryexpression RetryExpression string `json:"retryExpression,omitempty" toml:"retryExpression,omitempty" yaml:"retryExpression,omitempty" export:"true"` } @@ -142,7 +142,7 @@ type Chain struct { // CircuitBreaker holds the circuit breaker middleware configuration. // This middleware protects the system from stacking requests to unhealthy services, resulting in cascading failures. -// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/circuitbreaker/ +// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/circuitbreaker/ type CircuitBreaker struct { // Expression defines the expression that, once matched, opens the circuit breaker and applies the fallback mechanism instead of calling the services. Expression string `json:"expression,omitempty" toml:"expression,omitempty" yaml:"expression,omitempty" export:"true"` @@ -191,7 +191,7 @@ func (c *Compress) SetDefaults() { // DigestAuth holds the digest auth middleware configuration. // This middleware restricts access to your services to known users. -// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/digestauth/ +// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/digestauth/ type DigestAuth struct { // Users defines the authorized users. // Each user should be declared using the name:realm:encoded-password format. @@ -204,7 +204,7 @@ type DigestAuth struct { // Default: traefik. Realm string `json:"realm,omitempty" toml:"realm,omitempty" yaml:"realm,omitempty"` // HeaderField defines a header field to store the authenticated user. - // More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/#headerfield + // More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/#headerfield HeaderField string `json:"headerField,omitempty" toml:"headerField,omitempty" yaml:"headerField,omitempty" export:"true"` } @@ -230,7 +230,7 @@ type ErrorPage struct { // ForwardAuth holds the forward auth middleware configuration. // This middleware delegates the request authentication to a Service. -// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/forwardauth/ +// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/forwardauth/ type ForwardAuth struct { // Address defines the authentication server address. Address string `json:"address,omitempty" toml:"address,omitempty" yaml:"address,omitempty"` @@ -241,7 +241,7 @@ type ForwardAuth struct { // AuthResponseHeaders defines the list of headers to copy from the authentication server response and set on forwarded request, replacing any existing conflicting headers. AuthResponseHeaders []string `json:"authResponseHeaders,omitempty" toml:"authResponseHeaders,omitempty" yaml:"authResponseHeaders,omitempty" export:"true"` // AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex. - // More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/forwardauth/#authresponseheadersregex + // More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/forwardauth/#authresponseheadersregex AuthResponseHeadersRegex string `json:"authResponseHeadersRegex,omitempty" toml:"authResponseHeadersRegex,omitempty" yaml:"authResponseHeadersRegex,omitempty" export:"true"` // AuthRequestHeaders defines the list of the headers to copy from the request to the authentication server. // If not set or empty then all request headers are passed. @@ -271,7 +271,7 @@ type ClientTLS struct { // Headers holds the headers middleware configuration. // This middleware manages the requests and responses headers. -// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/headers/#customrequestheaders +// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/headers/#customrequestheaders type Headers struct { // CustomRequestHeaders defines the header names and values to apply to the request. CustomRequestHeaders map[string]string `json:"customRequestHeaders,omitempty" toml:"customRequestHeaders,omitempty" yaml:"customRequestHeaders,omitempty" export:"true"` @@ -400,7 +400,7 @@ func (h *Headers) HasSecureHeadersDefined() bool { // +k8s:deepcopy-gen=true // IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. -// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy +// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/#ipstrategy type IPStrategy struct { // Depth tells Traefik to use the X-Forwarded-For header and take the IP located at the depth position (starting from the right). Depth int `json:"depth,omitempty" toml:"depth,omitempty" yaml:"depth,omitempty" export:"true"` @@ -454,7 +454,7 @@ func (s *IPStrategy) Get() (ip.Strategy, error) { // IPWhiteList holds the IP whitelist middleware configuration. // This middleware limits allowed requests based on the client IP. -// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipwhitelist/ +// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipwhitelist/ // Deprecated: please use IPAllowList instead. type IPWhiteList struct { // SourceRange defines the set of allowed IPs (or ranges of allowed IPs by using CIDR notation). Required. @@ -466,7 +466,7 @@ type IPWhiteList struct { // IPAllowList holds the IP allowlist middleware configuration. // This middleware limits allowed requests based on the client IP. -// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/ +// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/ type IPAllowList struct { // SourceRange defines the set of allowed IPs (or ranges of allowed IPs by using CIDR notation). SourceRange []string `json:"sourceRange,omitempty" toml:"sourceRange,omitempty" yaml:"sourceRange,omitempty"` @@ -480,7 +480,7 @@ type IPAllowList struct { // InFlightReq holds the in-flight request middleware configuration. // This middleware limits the number of requests being processed and served concurrently. -// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/inflightreq/ +// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/inflightreq/ type InFlightReq struct { // Amount defines the maximum amount of allowed simultaneous in-flight request. // The middleware responds with HTTP 429 Too Many Requests if there are already amount requests in progress (based on the same sourceCriterion strategy). @@ -488,7 +488,7 @@ type InFlightReq struct { // SourceCriterion defines what criterion is used to group requests as originating from a common source. // If several strategies are defined at the same time, an error will be raised. // If none are set, the default is to use the requestHost. - // More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/inflightreq/#sourcecriterion + // More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/inflightreq/#sourcecriterion SourceCriterion *SourceCriterion `json:"sourceCriterion,omitempty" toml:"sourceCriterion,omitempty" yaml:"sourceCriterion,omitempty" export:"true"` } @@ -496,7 +496,7 @@ type InFlightReq struct { // PassTLSClientCert holds the pass TLS client cert middleware configuration. // This middleware adds the selected data from the passed client TLS certificate to a header. -// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/passtlsclientcert/ +// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/passtlsclientcert/ type PassTLSClientCert struct { // PEM sets the X-Forwarded-Tls-Client-Cert header with the certificate. PEM bool `json:"pem,omitempty" toml:"pem,omitempty" yaml:"pem,omitempty" export:"true"` @@ -552,7 +552,7 @@ func (r *RateLimit) SetDefaults() { // RedirectRegex holds the redirect regex middleware configuration. // This middleware redirects a request using regex matching and replacement. -// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/redirectregex/#regex +// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/redirectregex/#regex type RedirectRegex struct { // Regex defines the regex used to match and capture elements from the request URL. Regex string `json:"regex,omitempty" toml:"regex,omitempty" yaml:"regex,omitempty"` @@ -566,7 +566,7 @@ type RedirectRegex struct { // RedirectScheme holds the redirect scheme middleware configuration. // This middleware redirects requests from a scheme/port to another. -// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/redirectscheme/ +// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/redirectscheme/ type RedirectScheme struct { // Scheme defines the scheme of the new URL. Scheme string `json:"scheme,omitempty" toml:"scheme,omitempty" yaml:"scheme,omitempty" export:"true"` @@ -580,7 +580,7 @@ type RedirectScheme struct { // ReplacePath holds the replace path middleware configuration. // This middleware replaces the path of the request URL and store the original path in an X-Replaced-Path header. -// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/replacepath/ +// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/replacepath/ type ReplacePath struct { // Path defines the path to use as replacement in the request URL. Path string `json:"path,omitempty" toml:"path,omitempty" yaml:"path,omitempty" export:"true"` @@ -590,7 +590,7 @@ type ReplacePath struct { // ReplacePathRegex holds the replace path regex middleware configuration. // This middleware replaces the path of a URL using regex matching and replacement. -// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/replacepathregex/ +// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/replacepathregex/ type ReplacePathRegex struct { // Regex defines the regular expression used to match and capture the path from the request URL. Regex string `json:"regex,omitempty" toml:"regex,omitempty" yaml:"regex,omitempty" export:"true"` @@ -603,7 +603,7 @@ type ReplacePathRegex struct { // Retry holds the retry middleware configuration. // This middleware reissues requests a given number of times to a backend server if that server does not reply. // As soon as the server answers, the middleware stops retrying, regardless of the response status. -// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/retry/ +// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/retry/ type Retry struct { // Attempts defines how many times the request should be retried. Attempts int `json:"attempts,omitempty" toml:"attempts,omitempty" yaml:"attempts,omitempty" export:"true"` @@ -619,7 +619,7 @@ type Retry struct { // StripPrefix holds the strip prefix middleware configuration. // This middleware removes the specified prefixes from the URL path. -// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/stripprefix/ +// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/stripprefix/ type StripPrefix struct { // Prefixes defines the prefixes to strip from the request URL. Prefixes []string `json:"prefixes,omitempty" toml:"prefixes,omitempty" yaml:"prefixes,omitempty" export:"true"` @@ -634,7 +634,7 @@ type StripPrefix struct { // StripPrefixRegex holds the strip prefix regex middleware configuration. // This middleware removes the matching prefixes from the URL path. -// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/stripprefixregex/ +// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/stripprefixregex/ type StripPrefixRegex struct { // Regex defines the regular expression to match the path prefix from the request URL. Regex []string `json:"regex,omitempty" toml:"regex,omitempty" yaml:"regex,omitempty" export:"true"` diff --git a/pkg/config/dynamic/tcp_config.go b/pkg/config/dynamic/tcp_config.go index 316da9e8e3..0d16b004a7 100644 --- a/pkg/config/dynamic/tcp_config.go +++ b/pkg/config/dynamic/tcp_config.go @@ -125,7 +125,7 @@ type TCPServer struct { // +k8s:deepcopy-gen=true // ProxyProtocol holds the PROXY Protocol configuration. -// More info: https://doc.traefik.io/traefik/v3.1/routing/services/#proxy-protocol +// More info: https://doc.traefik.io/traefik/v3.2/routing/services/#proxy-protocol type ProxyProtocol struct { // Version defines the PROXY Protocol version to use. Version int `json:"version,omitempty" toml:"version,omitempty" yaml:"version,omitempty" export:"true"` diff --git a/pkg/config/dynamic/tcp_middlewares.go b/pkg/config/dynamic/tcp_middlewares.go index 6bd9b459fa..0acb04acbc 100644 --- a/pkg/config/dynamic/tcp_middlewares.go +++ b/pkg/config/dynamic/tcp_middlewares.go @@ -15,7 +15,7 @@ type TCPMiddleware struct { // TCPInFlightConn holds the TCP InFlightConn middleware configuration. // This middleware prevents services from being overwhelmed with high load, // by limiting the number of allowed simultaneous connections for one IP. -// More info: https://doc.traefik.io/traefik/v3.1/middlewares/tcp/inflightconn/ +// More info: https://doc.traefik.io/traefik/v3.2/middlewares/tcp/inflightconn/ type TCPInFlightConn struct { // Amount defines the maximum amount of allowed simultaneous connections. // The middleware closes the connection if there are already amount connections opened. @@ -35,7 +35,7 @@ type TCPIPWhiteList struct { // TCPIPAllowList holds the TCP IPAllowList middleware configuration. // This middleware limits allowed requests based on the client IP. -// More info: https://doc.traefik.io/traefik/v3.1/middlewares/tcp/ipallowlist/ +// More info: https://doc.traefik.io/traefik/v3.2/middlewares/tcp/ipallowlist/ type TCPIPAllowList struct { // SourceRange defines the allowed IPs (or ranges of allowed IPs by using CIDR notation). SourceRange []string `json:"sourceRange,omitempty" toml:"sourceRange,omitempty" yaml:"sourceRange,omitempty"` diff --git a/pkg/provider/kubernetes/crd/traefikio/v1alpha1/ingressroute.go b/pkg/provider/kubernetes/crd/traefikio/v1alpha1/ingressroute.go index c0a218703c..1eef3a6eb9 100644 --- a/pkg/provider/kubernetes/crd/traefikio/v1alpha1/ingressroute.go +++ b/pkg/provider/kubernetes/crd/traefikio/v1alpha1/ingressroute.go @@ -13,75 +13,75 @@ type IngressRouteSpec struct { Routes []Route `json:"routes"` // EntryPoints defines the list of entry point names to bind to. // Entry points have to be configured in the static configuration. - // More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/ + // More info: https://doc.traefik.io/traefik/v3.2/routing/entrypoints/ // Default: all. EntryPoints []string `json:"entryPoints,omitempty"` // TLS defines the TLS configuration. - // More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#tls + // More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#tls TLS *TLS `json:"tls,omitempty"` } // Route holds the HTTP route configuration. type Route struct { // Match defines the router's rule. - // More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rule + // More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rule Match string `json:"match"` // Kind defines the kind of the route. // Rule is the only supported kind. // +kubebuilder:validation:Enum=Rule Kind string `json:"kind"` // Priority defines the router's priority. - // More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#priority + // More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#priority Priority int `json:"priority,omitempty"` // Syntax defines the router's rule syntax. - // More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rulesyntax + // More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rulesyntax Syntax string `json:"syntax,omitempty"` // Services defines the list of Service. // It can contain any combination of TraefikService and/or reference to a Kubernetes Service. Services []Service `json:"services,omitempty"` // Middlewares defines the list of references to Middleware resources. - // More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-middleware + // More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-middleware Middlewares []MiddlewareRef `json:"middlewares,omitempty"` } // TLS holds the TLS configuration. -// More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#tls +// More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#tls type TLS struct { // SecretName is the name of the referenced Kubernetes Secret to specify the certificate details. SecretName string `json:"secretName,omitempty"` // Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection. // If not defined, the `default` TLSOption is used. - // More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options + // More info: https://doc.traefik.io/traefik/v3.2/https/tls/#tls-options Options *TLSOptionRef `json:"options,omitempty"` // Store defines the reference to the TLSStore, that will be used to store certificates. // Please note that only `default` TLSStore can be used. Store *TLSStoreRef `json:"store,omitempty"` // CertResolver defines the name of the certificate resolver to use. // Cert resolvers have to be configured in the static configuration. - // More info: https://doc.traefik.io/traefik/v3.1/https/acme/#certificate-resolvers + // More info: https://doc.traefik.io/traefik/v3.2/https/acme/#certificate-resolvers CertResolver string `json:"certResolver,omitempty"` // Domains defines the list of domains that will be used to issue certificates. - // More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#domains + // More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#domains Domains []types.Domain `json:"domains,omitempty"` } // TLSOptionRef is a reference to a TLSOption resource. type TLSOptionRef struct { // Name defines the name of the referenced TLSOption. - // More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsoption + // More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsoption Name string `json:"name"` // Namespace defines the namespace of the referenced TLSOption. - // More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsoption + // More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsoption Namespace string `json:"namespace,omitempty"` } // TLSStoreRef is a reference to a TLSStore resource. type TLSStoreRef struct { // Name defines the name of the referenced TLSStore. - // More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsstore + // More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsstore Name string `json:"name"` // Namespace defines the namespace of the referenced TLSStore. - // More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsstore + // More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsstore Namespace string `json:"namespace,omitempty"` } @@ -98,7 +98,7 @@ type LoadBalancerSpec struct { // Namespace defines the namespace of the referenced Kubernetes Service or TraefikService. Namespace string `json:"namespace,omitempty"` // Sticky defines the sticky sessions configuration. - // More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions + // More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions Sticky *dynamic.Sticky `json:"sticky,omitempty"` // Port defines the port of a Kubernetes Service. // This can be a reference to a named port. diff --git a/pkg/provider/kubernetes/crd/traefikio/v1alpha1/ingressroutetcp.go b/pkg/provider/kubernetes/crd/traefikio/v1alpha1/ingressroutetcp.go index 3d90b0e676..cb1e0293ef 100644 --- a/pkg/provider/kubernetes/crd/traefikio/v1alpha1/ingressroutetcp.go +++ b/pkg/provider/kubernetes/crd/traefikio/v1alpha1/ingressroutetcp.go @@ -13,24 +13,24 @@ type IngressRouteTCPSpec struct { Routes []RouteTCP `json:"routes"` // EntryPoints defines the list of entry point names to bind to. // Entry points have to be configured in the static configuration. - // More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/ + // More info: https://doc.traefik.io/traefik/v3.2/routing/entrypoints/ // Default: all. EntryPoints []string `json:"entryPoints,omitempty"` // TLS defines the TLS configuration on a layer 4 / TCP Route. - // More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#tls_1 + // More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#tls_1 TLS *TLSTCP `json:"tls,omitempty"` } // RouteTCP holds the TCP route configuration. type RouteTCP struct { // Match defines the router's rule. - // More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rule_1 + // More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rule_1 Match string `json:"match"` // Priority defines the router's priority. - // More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#priority_1 + // More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#priority_1 Priority int `json:"priority,omitempty"` // Syntax defines the router's rule syntax. - // More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rulesyntax_1 + // More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rulesyntax_1 Syntax string `json:"syntax,omitempty"` // Services defines the list of TCP services. Services []ServiceTCP `json:"services,omitempty"` @@ -39,7 +39,7 @@ type RouteTCP struct { } // TLSTCP holds the TLS configuration for an IngressRouteTCP. -// More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#tls_1 +// More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#tls_1 type TLSTCP struct { // SecretName is the name of the referenced Kubernetes Secret to specify the certificate details. SecretName string `json:"secretName,omitempty"` @@ -47,17 +47,17 @@ type TLSTCP struct { Passthrough bool `json:"passthrough,omitempty"` // Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection. // If not defined, the `default` TLSOption is used. - // More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options + // More info: https://doc.traefik.io/traefik/v3.2/https/tls/#tls-options Options *ObjectReference `json:"options,omitempty"` // Store defines the reference to the TLSStore, that will be used to store certificates. // Please note that only `default` TLSStore can be used. Store *ObjectReference `json:"store,omitempty"` // CertResolver defines the name of the certificate resolver to use. // Cert resolvers have to be configured in the static configuration. - // More info: https://doc.traefik.io/traefik/v3.1/https/acme/#certificate-resolvers + // More info: https://doc.traefik.io/traefik/v3.2/https/acme/#certificate-resolvers CertResolver string `json:"certResolver,omitempty"` // Domains defines the list of domains that will be used to issue certificates. - // More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#domains + // More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#domains Domains []types.Domain `json:"domains,omitempty"` } @@ -80,7 +80,7 @@ type ServiceTCP struct { // Deprecated: TerminationDelay will not be supported in future APIVersions, please use ServersTransport to configure the TerminationDelay instead. TerminationDelay *int `json:"terminationDelay,omitempty"` // ProxyProtocol defines the PROXY protocol configuration. - // More info: https://doc.traefik.io/traefik/v3.1/routing/services/#proxy-protocol + // More info: https://doc.traefik.io/traefik/v3.2/routing/services/#proxy-protocol ProxyProtocol *dynamic.ProxyProtocol `json:"proxyProtocol,omitempty"` // ServersTransport defines the name of ServersTransportTCP resource to use. // It allows to configure the transport between Traefik and your servers. diff --git a/pkg/provider/kubernetes/crd/traefikio/v1alpha1/ingressrouteudp.go b/pkg/provider/kubernetes/crd/traefikio/v1alpha1/ingressrouteudp.go index 32ec82804b..969b00fb50 100644 --- a/pkg/provider/kubernetes/crd/traefikio/v1alpha1/ingressrouteudp.go +++ b/pkg/provider/kubernetes/crd/traefikio/v1alpha1/ingressrouteudp.go @@ -11,7 +11,7 @@ type IngressRouteUDPSpec struct { Routes []RouteUDP `json:"routes"` // EntryPoints defines the list of entry point names to bind to. // Entry points have to be configured in the static configuration. - // More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/ + // More info: https://doc.traefik.io/traefik/v3.2/routing/entrypoints/ // Default: all. EntryPoints []string `json:"entryPoints,omitempty"` } diff --git a/pkg/provider/kubernetes/crd/traefikio/v1alpha1/middleware.go b/pkg/provider/kubernetes/crd/traefikio/v1alpha1/middleware.go index 92c0b370d4..fe102fab10 100644 --- a/pkg/provider/kubernetes/crd/traefikio/v1alpha1/middleware.go +++ b/pkg/provider/kubernetes/crd/traefikio/v1alpha1/middleware.go @@ -12,7 +12,7 @@ import ( // +kubebuilder:storageversion // Middleware is the CRD implementation of a Traefik Middleware. -// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/overview/ +// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/overview/ type Middleware struct { metav1.TypeMeta `json:",inline"` // Standard object's metadata. @@ -60,7 +60,7 @@ type MiddlewareSpec struct { // ErrorPage holds the custom error middleware configuration. // This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes. -// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/errorpages/ +// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/errorpages/ type ErrorPage struct { // Status defines which status or range of statuses should result in an error page. // It can be either a status code as a number (500), @@ -69,7 +69,7 @@ type ErrorPage struct { // or a combination of the two (404,418,500-599). Status []string `json:"status,omitempty"` // Service defines the reference to a Kubernetes Service that will serve the error page. - // More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/errorpages/#service + // More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/errorpages/#service Service Service `json:"service,omitempty"` // Query defines the URL for the error page (hosted by service). // The {status} variable can be used in order to insert the status code in the URL. @@ -96,7 +96,7 @@ type CircuitBreaker struct { // Chain holds the configuration of the chain middleware. // This middleware enables to define reusable combinations of other pieces of middleware. -// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/chain/ +// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/chain/ type Chain struct { // Middlewares is the list of MiddlewareRef which composes the chain. Middlewares []MiddlewareRef `json:"middlewares,omitempty"` @@ -106,7 +106,7 @@ type Chain struct { // BasicAuth holds the basic auth middleware configuration. // This middleware restricts access to your services to known users. -// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/ +// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/ type BasicAuth struct { // Secret is the name of the referenced Kubernetes Secret containing user credentials. Secret string `json:"secret,omitempty"` @@ -117,7 +117,7 @@ type BasicAuth struct { // Default: false. RemoveHeader bool `json:"removeHeader,omitempty"` // HeaderField defines a header field to store the authenticated user. - // More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/#headerfield + // More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/#headerfield HeaderField string `json:"headerField,omitempty"` } @@ -125,7 +125,7 @@ type BasicAuth struct { // DigestAuth holds the digest auth middleware configuration. // This middleware restricts access to your services to known users. -// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/digestauth/ +// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/digestauth/ type DigestAuth struct { // Secret is the name of the referenced Kubernetes Secret containing user credentials. Secret string `json:"secret,omitempty"` @@ -135,7 +135,7 @@ type DigestAuth struct { // Default: traefik. Realm string `json:"realm,omitempty"` // HeaderField defines a header field to store the authenticated user. - // More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/#headerfield + // More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/#headerfield HeaderField string `json:"headerField,omitempty"` } @@ -143,7 +143,7 @@ type DigestAuth struct { // ForwardAuth holds the forward auth middleware configuration. // This middleware delegates the request authentication to a Service. -// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/forwardauth/ +// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/forwardauth/ type ForwardAuth struct { // Address defines the authentication server address. Address string `json:"address,omitempty"` @@ -152,7 +152,7 @@ type ForwardAuth struct { // AuthResponseHeaders defines the list of headers to copy from the authentication server response and set on forwarded request, replacing any existing conflicting headers. AuthResponseHeaders []string `json:"authResponseHeaders,omitempty"` // AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex. - // More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/forwardauth/#authresponseheadersregex + // More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/forwardauth/#authresponseheadersregex AuthResponseHeadersRegex string `json:"authResponseHeadersRegex,omitempty"` // AuthRequestHeaders defines the list of the headers to copy from the request to the authentication server. // If not set or empty then all request headers are passed. @@ -182,7 +182,7 @@ type ClientTLS struct { // RateLimit holds the rate limit configuration. // This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is. -// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ratelimit/ +// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ratelimit/ type RateLimit struct { // Average is the maximum rate, by default in requests/s, allowed for the given source. // It defaults to 0, which means no rate limiting. @@ -205,7 +205,7 @@ type RateLimit struct { // Compress holds the compress middleware configuration. // This middleware compresses responses before sending them to the client, using gzip, brotli, or zstd compression. -// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/compress/ +// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/compress/ type Compress struct { // ExcludedContentTypes defines the list of content types to compare the Content-Type header of the incoming requests and responses before compressing. // `application/grpc` is always excluded. @@ -226,7 +226,7 @@ type Compress struct { // Retry holds the retry middleware configuration. // This middleware reissues requests a given number of times to a backend server if that server does not reply. // As soon as the server answers, the middleware stops retrying, regardless of the response status. -// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/retry/ +// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/retry/ type Retry struct { // Attempts defines how many times the request should be retried. Attempts int `json:"attempts,omitempty"` diff --git a/pkg/provider/kubernetes/crd/traefikio/v1alpha1/middlewaretcp.go b/pkg/provider/kubernetes/crd/traefikio/v1alpha1/middlewaretcp.go index d3e4511f7f..975043bf89 100644 --- a/pkg/provider/kubernetes/crd/traefikio/v1alpha1/middlewaretcp.go +++ b/pkg/provider/kubernetes/crd/traefikio/v1alpha1/middlewaretcp.go @@ -9,7 +9,7 @@ import ( // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // MiddlewareTCP is the CRD implementation of a Traefik TCP middleware. -// More info: https://doc.traefik.io/traefik/v3.1/middlewares/overview/ +// More info: https://doc.traefik.io/traefik/v3.2/middlewares/overview/ type MiddlewareTCP struct { metav1.TypeMeta `json:",inline"` // Standard object's metadata. @@ -28,11 +28,11 @@ type MiddlewareTCPSpec struct { // IPWhiteList defines the IPWhiteList middleware configuration. // This middleware accepts/refuses connections based on the client IP. // Deprecated: please use IPAllowList instead. - // More info: https://doc.traefik.io/traefik/v3.1/middlewares/tcp/ipwhitelist/ + // More info: https://doc.traefik.io/traefik/v3.2/middlewares/tcp/ipwhitelist/ IPWhiteList *dynamic.TCPIPWhiteList `json:"ipWhiteList,omitempty"` // IPAllowList defines the IPAllowList middleware configuration. // This middleware accepts/refuses connections based on the client IP. - // More info: https://doc.traefik.io/traefik/v3.1/middlewares/tcp/ipallowlist/ + // More info: https://doc.traefik.io/traefik/v3.2/middlewares/tcp/ipallowlist/ IPAllowList *dynamic.TCPIPAllowList `json:"ipAllowList,omitempty"` } diff --git a/pkg/provider/kubernetes/crd/traefikio/v1alpha1/serverstransport.go b/pkg/provider/kubernetes/crd/traefikio/v1alpha1/serverstransport.go index d577edaeac..4796fcf79b 100644 --- a/pkg/provider/kubernetes/crd/traefikio/v1alpha1/serverstransport.go +++ b/pkg/provider/kubernetes/crd/traefikio/v1alpha1/serverstransport.go @@ -13,7 +13,7 @@ import ( // ServersTransport is the CRD implementation of a ServersTransport. // If no serversTransport is specified, the default@internal will be used. // The default@internal serversTransport is created from the static configuration. -// More info: https://doc.traefik.io/traefik/v3.1/routing/services/#serverstransport_1 +// More info: https://doc.traefik.io/traefik/v3.2/routing/services/#serverstransport_1 type ServersTransport struct { metav1.TypeMeta `json:",inline"` // Standard object's metadata. diff --git a/pkg/provider/kubernetes/crd/traefikio/v1alpha1/serverstransporttcp.go b/pkg/provider/kubernetes/crd/traefikio/v1alpha1/serverstransporttcp.go index a1fcc10d85..8eda232594 100644 --- a/pkg/provider/kubernetes/crd/traefikio/v1alpha1/serverstransporttcp.go +++ b/pkg/provider/kubernetes/crd/traefikio/v1alpha1/serverstransporttcp.go @@ -13,7 +13,7 @@ import ( // ServersTransportTCP is the CRD implementation of a TCPServersTransport. // If no tcpServersTransport is specified, a default one named default@internal will be used. // The default@internal tcpServersTransport can be configured in the static configuration. -// More info: https://doc.traefik.io/traefik/v3.1/routing/services/#serverstransport_3 +// More info: https://doc.traefik.io/traefik/v3.2/routing/services/#serverstransport_3 type ServersTransportTCP struct { metav1.TypeMeta `json:",inline"` // Standard object's metadata. diff --git a/pkg/provider/kubernetes/crd/traefikio/v1alpha1/service.go b/pkg/provider/kubernetes/crd/traefikio/v1alpha1/service.go index cdbd95b0ef..a6dcc7492f 100644 --- a/pkg/provider/kubernetes/crd/traefikio/v1alpha1/service.go +++ b/pkg/provider/kubernetes/crd/traefikio/v1alpha1/service.go @@ -13,7 +13,7 @@ import ( // TraefikService object allows to: // - Apply weight to Services on load-balancing // - Mirror traffic on services -// More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-traefikservice +// More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-traefikservice type TraefikService struct { metav1.TypeMeta `json:",inline"` // Standard object's metadata. @@ -49,7 +49,7 @@ type TraefikServiceSpec struct { // +k8s:deepcopy-gen=true // Mirroring holds the mirroring service configuration. -// More info: https://doc.traefik.io/traefik/v3.1/routing/services/#mirroring-service +// More info: https://doc.traefik.io/traefik/v3.2/routing/services/#mirroring-service type Mirroring struct { LoadBalancerSpec `json:",inline"` @@ -78,11 +78,11 @@ type MirrorService struct { // +k8s:deepcopy-gen=true // WeightedRoundRobin holds the weighted round-robin configuration. -// More info: https://doc.traefik.io/traefik/v3.1/routing/services/#weighted-round-robin-service +// More info: https://doc.traefik.io/traefik/v3.2/routing/services/#weighted-round-robin-service type WeightedRoundRobin struct { // Services defines the list of Kubernetes Service and/or TraefikService to load-balance, with weight. Services []Service `json:"services,omitempty"` // Sticky defines whether sticky sessions are enabled. - // More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#stickiness-and-load-balancing + // More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#stickiness-and-load-balancing Sticky *dynamic.Sticky `json:"sticky,omitempty"` } diff --git a/pkg/provider/kubernetes/crd/traefikio/v1alpha1/tlsoption.go b/pkg/provider/kubernetes/crd/traefikio/v1alpha1/tlsoption.go index e57380f299..aeb32e8bb0 100644 --- a/pkg/provider/kubernetes/crd/traefikio/v1alpha1/tlsoption.go +++ b/pkg/provider/kubernetes/crd/traefikio/v1alpha1/tlsoption.go @@ -9,7 +9,7 @@ import ( // +kubebuilder:storageversion // TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection. -// More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options +// More info: https://doc.traefik.io/traefik/v3.2/https/tls/#tls-options type TLSOption struct { metav1.TypeMeta `json:",inline"` // Standard object's metadata. @@ -32,17 +32,17 @@ type TLSOptionSpec struct { // Default: None. MaxVersion string `json:"maxVersion,omitempty"` // CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2. - // More info: https://doc.traefik.io/traefik/v3.1/https/tls/#cipher-suites + // More info: https://doc.traefik.io/traefik/v3.2/https/tls/#cipher-suites CipherSuites []string `json:"cipherSuites,omitempty"` // CurvePreferences defines the preferred elliptic curves in a specific order. - // More info: https://doc.traefik.io/traefik/v3.1/https/tls/#curve-preferences + // More info: https://doc.traefik.io/traefik/v3.2/https/tls/#curve-preferences CurvePreferences []string `json:"curvePreferences,omitempty"` // ClientAuth defines the server's policy for TLS Client Authentication. ClientAuth ClientAuth `json:"clientAuth,omitempty"` // SniStrict defines whether Traefik allows connections from clients connections that do not specify a server_name extension. SniStrict bool `json:"sniStrict,omitempty"` // ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference. - // More info: https://doc.traefik.io/traefik/v3.1/https/tls/#alpn-protocols + // More info: https://doc.traefik.io/traefik/v3.2/https/tls/#alpn-protocols ALPNProtocols []string `json:"alpnProtocols,omitempty"` // PreferServerCipherSuites defines whether the server chooses a cipher suite among his own instead of among the client's. diff --git a/pkg/provider/kubernetes/crd/traefikio/v1alpha1/tlsstore.go b/pkg/provider/kubernetes/crd/traefikio/v1alpha1/tlsstore.go index bb6a2941aa..8165cedb3f 100644 --- a/pkg/provider/kubernetes/crd/traefikio/v1alpha1/tlsstore.go +++ b/pkg/provider/kubernetes/crd/traefikio/v1alpha1/tlsstore.go @@ -12,7 +12,7 @@ import ( // TLSStore is the CRD implementation of a Traefik TLS Store. // For the time being, only the TLSStore named default is supported. // This means that you cannot have two stores that are named default in different Kubernetes namespaces. -// More info: https://doc.traefik.io/traefik/v3.1/https/tls/#certificates-stores +// More info: https://doc.traefik.io/traefik/v3.2/https/tls/#certificates-stores type TLSStore struct { metav1.TypeMeta `json:",inline"` // Standard object's metadata. diff --git a/script/gcg/traefik-rc-first.toml b/script/gcg/traefik-rc-first.toml index 5971c7854f..8fa407c18f 100644 --- a/script/gcg/traefik-rc-first.toml +++ b/script/gcg/traefik-rc-first.toml @@ -4,11 +4,11 @@ RepositoryName = "traefik" OutputType = "file" FileName = "traefik_changelog.md" -# example RC1 of v3.1.0-rc1 +# example RC1 of v3.2.0-rc1 CurrentRef = "master" -PreviousRef = "v3.0.0-beta3" +PreviousRef = "v3.1.0-rc1" BaseBranch = "master" -FutureCurrentRefName = "v3.1.0-rc1" +FutureCurrentRefName = "v3.2.0-rc1" ThresholdPreviousRef = 10000 ThresholdCurrentRef = 10000