597 lines
24 KiB
YAML
597 lines
24 KiB
YAML
|
|
||
|
---
|
||
|
apiVersion: apiextensions.k8s.io/v1
|
||
|
kind: CustomResourceDefinition
|
||
|
metadata:
|
||
|
annotations:
|
||
|
controller-gen.kubebuilder.io/version: v0.6.2
|
||
|
creationTimestamp: null
|
||
|
name: middlewares.traefik.containo.us
|
||
|
spec:
|
||
|
group: traefik.containo.us
|
||
|
names:
|
||
|
kind: Middleware
|
||
|
listKind: MiddlewareList
|
||
|
plural: middlewares
|
||
|
singular: middleware
|
||
|
scope: Namespaced
|
||
|
versions:
|
||
|
- name: v1alpha1
|
||
|
schema:
|
||
|
openAPIV3Schema:
|
||
|
description: Middleware is a specification for a Middleware resource.
|
||
|
properties:
|
||
|
apiVersion:
|
||
|
description: 'APIVersion defines the versioned schema of this representation
|
||
|
of an object. Servers should convert recognized schemas to the latest
|
||
|
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||
|
type: string
|
||
|
kind:
|
||
|
description: 'Kind is a string value representing the REST resource this
|
||
|
object represents. Servers may infer this from the endpoint the client
|
||
|
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||
|
type: string
|
||
|
metadata:
|
||
|
type: object
|
||
|
spec:
|
||
|
description: MiddlewareSpec holds the Middleware configuration.
|
||
|
properties:
|
||
|
addPrefix:
|
||
|
description: AddPrefix holds the AddPrefix configuration.
|
||
|
properties:
|
||
|
prefix:
|
||
|
type: string
|
||
|
type: object
|
||
|
basicAuth:
|
||
|
description: BasicAuth holds the HTTP basic authentication configuration.
|
||
|
properties:
|
||
|
headerField:
|
||
|
type: string
|
||
|
realm:
|
||
|
type: string
|
||
|
removeHeader:
|
||
|
type: boolean
|
||
|
secret:
|
||
|
type: string
|
||
|
type: object
|
||
|
buffering:
|
||
|
description: Buffering holds the request/response buffering configuration.
|
||
|
properties:
|
||
|
maxRequestBodyBytes:
|
||
|
format: int64
|
||
|
type: integer
|
||
|
maxResponseBodyBytes:
|
||
|
format: int64
|
||
|
type: integer
|
||
|
memRequestBodyBytes:
|
||
|
format: int64
|
||
|
type: integer
|
||
|
memResponseBodyBytes:
|
||
|
format: int64
|
||
|
type: integer
|
||
|
retryExpression:
|
||
|
type: string
|
||
|
type: object
|
||
|
chain:
|
||
|
description: Chain holds a chain of middlewares.
|
||
|
properties:
|
||
|
middlewares:
|
||
|
items:
|
||
|
description: MiddlewareRef is a ref to the Middleware resources.
|
||
|
properties:
|
||
|
name:
|
||
|
type: string
|
||
|
namespace:
|
||
|
type: string
|
||
|
required:
|
||
|
- name
|
||
|
type: object
|
||
|
type: array
|
||
|
type: object
|
||
|
circuitBreaker:
|
||
|
description: CircuitBreaker holds the circuit breaker configuration.
|
||
|
properties:
|
||
|
checkPeriod:
|
||
|
anyOf:
|
||
|
- type: integer
|
||
|
- type: string
|
||
|
description: CheckPeriod is the interval between successive checks
|
||
|
of the circuit breaker condition (when in standby state).
|
||
|
x-kubernetes-int-or-string: true
|
||
|
expression:
|
||
|
description: Expression is the condition that triggers the tripped
|
||
|
state.
|
||
|
type: string
|
||
|
fallbackDuration:
|
||
|
anyOf:
|
||
|
- type: integer
|
||
|
- type: string
|
||
|
description: FallbackDuration is the duration for which the circuit
|
||
|
breaker will wait before trying to recover (from a tripped state).
|
||
|
x-kubernetes-int-or-string: true
|
||
|
recoveryDuration:
|
||
|
anyOf:
|
||
|
- type: integer
|
||
|
- type: string
|
||
|
description: RecoveryDuration is the duration for which the circuit
|
||
|
breaker will try to recover (as soon as it is in recovering
|
||
|
state).
|
||
|
x-kubernetes-int-or-string: true
|
||
|
type: object
|
||
|
compress:
|
||
|
description: Compress holds the compress configuration.
|
||
|
properties:
|
||
|
excludedContentTypes:
|
||
|
items:
|
||
|
type: string
|
||
|
type: array
|
||
|
minResponseBodyBytes:
|
||
|
type: integer
|
||
|
type: object
|
||
|
contentType:
|
||
|
description: ContentType middleware - or rather its unique `autoDetect`
|
||
|
option - specifies whether to let the `Content-Type` header, if
|
||
|
it has not been set by the backend, be automatically set to a value
|
||
|
derived from the contents of the response. As a proxy, the default
|
||
|
behavior should be to leave the header alone, regardless of what
|
||
|
the backend did with it. However, the historic default was to always
|
||
|
auto-detect and set the header if it was nil, and it is going to
|
||
|
be kept that way in order to support users currently relying on
|
||
|
it. This middleware exists to enable the correct behavior until
|
||
|
at least the default one can be changed in a future version.
|
||
|
properties:
|
||
|
autoDetect:
|
||
|
type: boolean
|
||
|
type: object
|
||
|
digestAuth:
|
||
|
description: DigestAuth holds the Digest HTTP authentication configuration.
|
||
|
properties:
|
||
|
headerField:
|
||
|
type: string
|
||
|
realm:
|
||
|
type: string
|
||
|
removeHeader:
|
||
|
type: boolean
|
||
|
secret:
|
||
|
type: string
|
||
|
type: object
|
||
|
errors:
|
||
|
description: ErrorPage holds the custom error page configuration.
|
||
|
properties:
|
||
|
query:
|
||
|
type: string
|
||
|
service:
|
||
|
description: Service defines an upstream to proxy traffic.
|
||
|
properties:
|
||
|
kind:
|
||
|
enum:
|
||
|
- Service
|
||
|
- TraefikService
|
||
|
type: string
|
||
|
name:
|
||
|
description: Name is a reference to a Kubernetes Service object
|
||
|
(for a load-balancer of servers), or to a TraefikService
|
||
|
object (service load-balancer, mirroring, etc). The differentiation
|
||
|
between the two is specified in the Kind field.
|
||
|
type: string
|
||
|
namespace:
|
||
|
type: string
|
||
|
passHostHeader:
|
||
|
type: boolean
|
||
|
port:
|
||
|
anyOf:
|
||
|
- type: integer
|
||
|
- type: string
|
||
|
x-kubernetes-int-or-string: true
|
||
|
responseForwarding:
|
||
|
description: ResponseForwarding holds configuration for the
|
||
|
forward of the response.
|
||
|
properties:
|
||
|
flushInterval:
|
||
|
type: string
|
||
|
type: object
|
||
|
scheme:
|
||
|
type: string
|
||
|
serversTransport:
|
||
|
type: string
|
||
|
sticky:
|
||
|
description: Sticky holds the sticky configuration.
|
||
|
properties:
|
||
|
cookie:
|
||
|
description: Cookie holds the sticky configuration based
|
||
|
on cookie.
|
||
|
properties:
|
||
|
httpOnly:
|
||
|
type: boolean
|
||
|
name:
|
||
|
type: string
|
||
|
sameSite:
|
||
|
type: string
|
||
|
secure:
|
||
|
type: boolean
|
||
|
type: object
|
||
|
type: object
|
||
|
strategy:
|
||
|
type: string
|
||
|
weight:
|
||
|
description: Weight should only be specified when Name references
|
||
|
a TraefikService object (and to be precise, one that embeds
|
||
|
a Weighted Round Robin).
|
||
|
type: integer
|
||
|
required:
|
||
|
- name
|
||
|
type: object
|
||
|
status:
|
||
|
items:
|
||
|
type: string
|
||
|
type: array
|
||
|
type: object
|
||
|
forwardAuth:
|
||
|
description: ForwardAuth holds the http forward authentication configuration.
|
||
|
properties:
|
||
|
address:
|
||
|
type: string
|
||
|
authRequestHeaders:
|
||
|
items:
|
||
|
type: string
|
||
|
type: array
|
||
|
authResponseHeaders:
|
||
|
items:
|
||
|
type: string
|
||
|
type: array
|
||
|
authResponseHeadersRegex:
|
||
|
type: string
|
||
|
tls:
|
||
|
description: ClientTLS holds TLS specific configurations as client.
|
||
|
properties:
|
||
|
caOptional:
|
||
|
type: boolean
|
||
|
caSecret:
|
||
|
type: string
|
||
|
certSecret:
|
||
|
type: string
|
||
|
insecureSkipVerify:
|
||
|
type: boolean
|
||
|
type: object
|
||
|
trustForwardHeader:
|
||
|
type: boolean
|
||
|
type: object
|
||
|
headers:
|
||
|
description: Headers holds the custom header configuration.
|
||
|
properties:
|
||
|
accessControlAllowCredentials:
|
||
|
description: AccessControlAllowCredentials is only valid if true.
|
||
|
false is ignored.
|
||
|
type: boolean
|
||
|
accessControlAllowHeaders:
|
||
|
description: AccessControlAllowHeaders must be used in response
|
||
|
to a preflight request with Access-Control-Request-Headers set.
|
||
|
items:
|
||
|
type: string
|
||
|
type: array
|
||
|
accessControlAllowMethods:
|
||
|
description: AccessControlAllowMethods must be used in response
|
||
|
to a preflight request with Access-Control-Request-Method set.
|
||
|
items:
|
||
|
type: string
|
||
|
type: array
|
||
|
accessControlAllowOriginList:
|
||
|
description: AccessControlAllowOriginList is a list of allowable
|
||
|
origins. Can also be a wildcard origin "*".
|
||
|
items:
|
||
|
type: string
|
||
|
type: array
|
||
|
accessControlAllowOriginListRegex:
|
||
|
description: AccessControlAllowOriginListRegex is a list of allowable
|
||
|
origins written following the Regular Expression syntax (https://golang.org/pkg/regexp/).
|
||
|
items:
|
||
|
type: string
|
||
|
type: array
|
||
|
accessControlExposeHeaders:
|
||
|
description: AccessControlExposeHeaders sets valid headers for
|
||
|
the response.
|
||
|
items:
|
||
|
type: string
|
||
|
type: array
|
||
|
accessControlMaxAge:
|
||
|
description: AccessControlMaxAge sets the time that a preflight
|
||
|
request may be cached.
|
||
|
format: int64
|
||
|
type: integer
|
||
|
addVaryHeader:
|
||
|
description: AddVaryHeader controls if the Vary header is automatically
|
||
|
added/updated when the AccessControlAllowOriginList is set.
|
||
|
type: boolean
|
||
|
allowedHosts:
|
||
|
items:
|
||
|
type: string
|
||
|
type: array
|
||
|
browserXssFilter:
|
||
|
type: boolean
|
||
|
contentSecurityPolicy:
|
||
|
type: string
|
||
|
contentTypeNosniff:
|
||
|
type: boolean
|
||
|
customBrowserXSSValue:
|
||
|
type: string
|
||
|
customFrameOptionsValue:
|
||
|
type: string
|
||
|
customRequestHeaders:
|
||
|
additionalProperties:
|
||
|
type: string
|
||
|
type: object
|
||
|
customResponseHeaders:
|
||
|
additionalProperties:
|
||
|
type: string
|
||
|
type: object
|
||
|
featurePolicy:
|
||
|
description: 'Deprecated: use PermissionsPolicy instead.'
|
||
|
type: string
|
||
|
forceSTSHeader:
|
||
|
type: boolean
|
||
|
frameDeny:
|
||
|
type: boolean
|
||
|
hostsProxyHeaders:
|
||
|
items:
|
||
|
type: string
|
||
|
type: array
|
||
|
isDevelopment:
|
||
|
type: boolean
|
||
|
permissionsPolicy:
|
||
|
type: string
|
||
|
publicKey:
|
||
|
type: string
|
||
|
referrerPolicy:
|
||
|
type: string
|
||
|
sslForceHost:
|
||
|
description: 'Deprecated: use RedirectRegex instead.'
|
||
|
type: boolean
|
||
|
sslHost:
|
||
|
description: 'Deprecated: use RedirectRegex instead.'
|
||
|
type: string
|
||
|
sslProxyHeaders:
|
||
|
additionalProperties:
|
||
|
type: string
|
||
|
type: object
|
||
|
sslRedirect:
|
||
|
description: 'Deprecated: use EntryPoint redirection or RedirectScheme
|
||
|
instead.'
|
||
|
type: boolean
|
||
|
sslTemporaryRedirect:
|
||
|
description: 'Deprecated: use EntryPoint redirection or RedirectScheme
|
||
|
instead.'
|
||
|
type: boolean
|
||
|
stsIncludeSubdomains:
|
||
|
type: boolean
|
||
|
stsPreload:
|
||
|
type: boolean
|
||
|
stsSeconds:
|
||
|
format: int64
|
||
|
type: integer
|
||
|
type: object
|
||
|
inFlightReq:
|
||
|
description: InFlightReq limits the number of requests being processed
|
||
|
and served concurrently.
|
||
|
properties:
|
||
|
amount:
|
||
|
format: int64
|
||
|
type: integer
|
||
|
sourceCriterion:
|
||
|
description: SourceCriterion defines what criterion is used to
|
||
|
group requests as originating from a common source. If none
|
||
|
are set, the default is to use the request's remote address
|
||
|
field. All fields are mutually exclusive.
|
||
|
properties:
|
||
|
ipStrategy:
|
||
|
description: IPStrategy holds the ip strategy configuration.
|
||
|
properties:
|
||
|
depth:
|
||
|
type: integer
|
||
|
excludedIPs:
|
||
|
items:
|
||
|
type: string
|
||
|
type: array
|
||
|
type: object
|
||
|
requestHeaderName:
|
||
|
type: string
|
||
|
requestHost:
|
||
|
type: boolean
|
||
|
type: object
|
||
|
type: object
|
||
|
ipWhiteList:
|
||
|
description: IPWhiteList holds the ip white list configuration.
|
||
|
properties:
|
||
|
ipStrategy:
|
||
|
description: IPStrategy holds the ip strategy configuration.
|
||
|
properties:
|
||
|
depth:
|
||
|
type: integer
|
||
|
excludedIPs:
|
||
|
items:
|
||
|
type: string
|
||
|
type: array
|
||
|
type: object
|
||
|
sourceRange:
|
||
|
items:
|
||
|
type: string
|
||
|
type: array
|
||
|
type: object
|
||
|
passTLSClientCert:
|
||
|
description: PassTLSClientCert holds the TLS client cert headers configuration.
|
||
|
properties:
|
||
|
info:
|
||
|
description: TLSClientCertificateInfo holds the client TLS certificate
|
||
|
info configuration.
|
||
|
properties:
|
||
|
issuer:
|
||
|
description: TLSClientCertificateIssuerDNInfo holds the client
|
||
|
TLS certificate distinguished name info configuration. cf
|
||
|
https://tools.ietf.org/html/rfc3739
|
||
|
properties:
|
||
|
commonName:
|
||
|
type: boolean
|
||
|
country:
|
||
|
type: boolean
|
||
|
domainComponent:
|
||
|
type: boolean
|
||
|
locality:
|
||
|
type: boolean
|
||
|
organization:
|
||
|
type: boolean
|
||
|
province:
|
||
|
type: boolean
|
||
|
serialNumber:
|
||
|
type: boolean
|
||
|
type: object
|
||
|
notAfter:
|
||
|
type: boolean
|
||
|
notBefore:
|
||
|
type: boolean
|
||
|
sans:
|
||
|
type: boolean
|
||
|
serialNumber:
|
||
|
type: boolean
|
||
|
subject:
|
||
|
description: TLSClientCertificateSubjectDNInfo holds the client
|
||
|
TLS certificate distinguished name info configuration. cf
|
||
|
https://tools.ietf.org/html/rfc3739
|
||
|
properties:
|
||
|
commonName:
|
||
|
type: boolean
|
||
|
country:
|
||
|
type: boolean
|
||
|
domainComponent:
|
||
|
type: boolean
|
||
|
locality:
|
||
|
type: boolean
|
||
|
organization:
|
||
|
type: boolean
|
||
|
organizationalUnit:
|
||
|
type: boolean
|
||
|
province:
|
||
|
type: boolean
|
||
|
serialNumber:
|
||
|
type: boolean
|
||
|
type: object
|
||
|
type: object
|
||
|
pem:
|
||
|
type: boolean
|
||
|
type: object
|
||
|
plugin:
|
||
|
additionalProperties:
|
||
|
x-kubernetes-preserve-unknown-fields: true
|
||
|
type: object
|
||
|
rateLimit:
|
||
|
description: RateLimit holds the rate limiting configuration for a
|
||
|
given router.
|
||
|
properties:
|
||
|
average:
|
||
|
format: int64
|
||
|
type: integer
|
||
|
burst:
|
||
|
format: int64
|
||
|
type: integer
|
||
|
period:
|
||
|
anyOf:
|
||
|
- type: integer
|
||
|
- type: string
|
||
|
x-kubernetes-int-or-string: true
|
||
|
sourceCriterion:
|
||
|
description: SourceCriterion defines what criterion is used to
|
||
|
group requests as originating from a common source. If none
|
||
|
are set, the default is to use the request's remote address
|
||
|
field. All fields are mutually exclusive.
|
||
|
properties:
|
||
|
ipStrategy:
|
||
|
description: IPStrategy holds the ip strategy configuration.
|
||
|
properties:
|
||
|
depth:
|
||
|
type: integer
|
||
|
excludedIPs:
|
||
|
items:
|
||
|
type: string
|
||
|
type: array
|
||
|
type: object
|
||
|
requestHeaderName:
|
||
|
type: string
|
||
|
requestHost:
|
||
|
type: boolean
|
||
|
type: object
|
||
|
type: object
|
||
|
redirectRegex:
|
||
|
description: RedirectRegex holds the redirection configuration.
|
||
|
properties:
|
||
|
permanent:
|
||
|
type: boolean
|
||
|
regex:
|
||
|
type: string
|
||
|
replacement:
|
||
|
type: string
|
||
|
type: object
|
||
|
redirectScheme:
|
||
|
description: RedirectScheme holds the scheme redirection configuration.
|
||
|
properties:
|
||
|
permanent:
|
||
|
type: boolean
|
||
|
port:
|
||
|
type: string
|
||
|
scheme:
|
||
|
type: string
|
||
|
type: object
|
||
|
replacePath:
|
||
|
description: ReplacePath holds the ReplacePath configuration.
|
||
|
properties:
|
||
|
path:
|
||
|
type: string
|
||
|
type: object
|
||
|
replacePathRegex:
|
||
|
description: ReplacePathRegex holds the ReplacePathRegex configuration.
|
||
|
properties:
|
||
|
regex:
|
||
|
type: string
|
||
|
replacement:
|
||
|
type: string
|
||
|
type: object
|
||
|
retry:
|
||
|
description: Retry holds the retry configuration.
|
||
|
properties:
|
||
|
attempts:
|
||
|
type: integer
|
||
|
initialInterval:
|
||
|
anyOf:
|
||
|
- type: integer
|
||
|
- type: string
|
||
|
x-kubernetes-int-or-string: true
|
||
|
type: object
|
||
|
stripPrefix:
|
||
|
description: StripPrefix holds the StripPrefix configuration.
|
||
|
properties:
|
||
|
forceSlash:
|
||
|
type: boolean
|
||
|
prefixes:
|
||
|
items:
|
||
|
type: string
|
||
|
type: array
|
||
|
type: object
|
||
|
stripPrefixRegex:
|
||
|
description: StripPrefixRegex holds the StripPrefixRegex configuration.
|
||
|
properties:
|
||
|
regex:
|
||
|
items:
|
||
|
type: string
|
||
|
type: array
|
||
|
type: object
|
||
|
type: object
|
||
|
required:
|
||
|
- metadata
|
||
|
- spec
|
||
|
type: object
|
||
|
served: true
|
||
|
storage: true
|
||
|
status:
|
||
|
acceptedNames:
|
||
|
kind: ""
|
||
|
plural: ""
|
||
|
conditions: []
|
||
|
storedVersions: []
|