diff --git a/traefik/crds/traefik.io_ingressroutes.yaml b/traefik/crds/traefik.io_ingressroutes.yaml index 9031689c0..7b23dba43 100644 --- a/traefik/crds/traefik.io_ingressroutes.yaml +++ b/traefik/crds/traefik.io_ingressroutes.yaml @@ -98,6 +98,67 @@ spec: description: Service defines an upstream HTTP service to proxy traffic to. properties: + healthCheck: + description: Healthcheck defines health checks for ExternalName + services. + properties: + followRedirects: + description: |- + FollowRedirects defines whether redirects should be followed during the health check calls. + Default: true + type: boolean + headers: + additionalProperties: + type: string + description: Headers defines custom headers to be + sent to the health check endpoint. + type: object + hostname: + description: Hostname defines the value of hostname + in the Host header of the health check request. + type: string + interval: + anyOf: + - type: integer + - type: string + description: |- + Interval defines the frequency of the health check calls. + Default: 30s + x-kubernetes-int-or-string: true + method: + description: Method defines the healthcheck method. + type: string + mode: + description: |- + Mode defines the health check mode. + If defined to grpc, will use the gRPC health check protocol to probe the server. + Default: http + type: string + path: + description: Path defines the server URL path for + the health check endpoint. + type: string + port: + description: Port defines the server URL port for + the health check endpoint. + type: integer + scheme: + description: Scheme replaces the server URL scheme + for the health check endpoint. + type: string + status: + description: Status defines the expected HTTP status + code of the response to the health check request. + type: integer + timeout: + anyOf: + - type: integer + - type: string + description: |- + Timeout defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy. + Default: 5s + x-kubernetes-int-or-string: true + type: object kind: description: Kind defines the kind of the Service. enum: @@ -120,6 +181,13 @@ spec: The Kubernetes Service itself does load-balance to the pods. By default, NativeLB is false. type: boolean + nodePortLB: + description: |- + NodePortLB controls, when creating the load-balancer, + whether the LB's children are directly the nodes internal IPs using the nodePort when the service type is NodePort. + It allows services to be reachable when Traefik runs externally from the Kubernetes cluster but within the same network of the nodes. + By default, NodePortLB is false. + type: boolean passHostHeader: description: |- PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service. diff --git a/traefik/crds/traefik.io_ingressroutetcps.yaml b/traefik/crds/traefik.io_ingressroutetcps.yaml index 930b06c04..f3eea5e74 100644 --- a/traefik/crds/traefik.io_ingressroutetcps.yaml +++ b/traefik/crds/traefik.io_ingressroutetcps.yaml @@ -103,6 +103,13 @@ spec: The Kubernetes Service itself does load-balance to the pods. By default, NativeLB is false. type: boolean + nodePortLB: + description: |- + NodePortLB controls, when creating the load-balancer, + whether the LB's children are directly the nodes internal IPs using the nodePort when the service type is NodePort. + It allows services to be reachable when Traefik runs externally from the Kubernetes cluster but within the same network of the nodes. + By default, NodePortLB is false. + type: boolean port: anyOf: - type: integer diff --git a/traefik/crds/traefik.io_ingressrouteudps.yaml b/traefik/crds/traefik.io_ingressrouteudps.yaml index 245194c62..19bbfe62e 100644 --- a/traefik/crds/traefik.io_ingressrouteudps.yaml +++ b/traefik/crds/traefik.io_ingressrouteudps.yaml @@ -74,6 +74,13 @@ spec: The Kubernetes Service itself does load-balance to the pods. By default, NativeLB is false. type: boolean + nodePortLB: + description: |- + NodePortLB controls, when creating the load-balancer, + whether the LB's children are directly the nodes internal IPs using the nodePort when the service type is NodePort. + It allows services to be reachable when Traefik runs externally from the Kubernetes cluster but within the same network of the nodes. + By default, NodePortLB is false. + type: boolean port: anyOf: - type: integer diff --git a/traefik/crds/traefik.io_middlewares.yaml b/traefik/crds/traefik.io_middlewares.yaml index 4ef178a57..0d005e64d 100644 --- a/traefik/crds/traefik.io_middlewares.yaml +++ b/traefik/crds/traefik.io_middlewares.yaml @@ -172,6 +172,10 @@ spec: breaker will try to recover (as soon as it is in recovering state). x-kubernetes-int-or-string: true + responseCode: + description: ResponseCode is the status code that the circuit + breaker will return while it is in the open state. + type: integer type: object compress: description: |- @@ -179,6 +183,11 @@ spec: This middleware compresses responses before sending them to the client, using gzip compression. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/compress/ properties: + defaultEncoding: + description: DefaultEncoding specifies the default encoding if + the `Accept-Encoding` header is not in the request or contains + a wildcard (`*`). + type: string excludedContentTypes: description: |- ExcludedContentTypes defines the list of content types to compare the Content-Type header of the incoming requests and responses before compressing. @@ -252,6 +261,67 @@ spec: Service defines the reference to a Kubernetes Service that will serve the error page. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/errorpages/#service properties: + healthCheck: + description: Healthcheck defines health checks for ExternalName + services. + properties: + followRedirects: + description: |- + FollowRedirects defines whether redirects should be followed during the health check calls. + Default: true + type: boolean + headers: + additionalProperties: + type: string + description: Headers defines custom headers to be sent + to the health check endpoint. + type: object + hostname: + description: Hostname defines the value of hostname in + the Host header of the health check request. + type: string + interval: + anyOf: + - type: integer + - type: string + description: |- + Interval defines the frequency of the health check calls. + Default: 30s + x-kubernetes-int-or-string: true + method: + description: Method defines the healthcheck method. + type: string + mode: + description: |- + Mode defines the health check mode. + If defined to grpc, will use the gRPC health check protocol to probe the server. + Default: http + type: string + path: + description: Path defines the server URL path for the + health check endpoint. + type: string + port: + description: Port defines the server URL port for the + health check endpoint. + type: integer + scheme: + description: Scheme replaces the server URL scheme for + the health check endpoint. + type: string + status: + description: Status defines the expected HTTP status code + of the response to the health check request. + type: integer + timeout: + anyOf: + - type: integer + - type: string + description: |- + Timeout defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy. + Default: 5s + x-kubernetes-int-or-string: true + type: object kind: description: Kind defines the kind of the Service. enum: @@ -274,6 +344,13 @@ spec: The Kubernetes Service itself does load-balance to the pods. By default, NativeLB is false. type: boolean + nodePortLB: + description: |- + NodePortLB controls, when creating the load-balancer, + whether the LB's children are directly the nodes internal IPs using the nodePort when the service type is NodePort. + It allows services to be reachable when Traefik runs externally from the Kubernetes cluster but within the same network of the nodes. + By default, NodePortLB is false. + type: boolean passHostHeader: description: |- PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service. @@ -508,6 +585,10 @@ spec: description: ContentSecurityPolicy defines the Content-Security-Policy header value. type: string + contentSecurityPolicyReportOnly: + description: ContentSecurityPolicyReportOnly defines the Content-Security-Policy-Report-Only + header value. + type: string contentTypeNosniff: description: ContentTypeNosniff defines whether to add the X-Content-Type-Options header with the nosniff value. @@ -661,7 +742,7 @@ spec: ipAllowList: description: |- IPAllowList holds the IP allowlist middleware configuration. - This middleware accepts / refuses requests based on the client IP. + This middleware limits allowed requests based on the client IP. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/ properties: ipStrategy: @@ -715,7 +796,7 @@ spec: type: object sourceRange: description: SourceRange defines the set of allowed IPs (or ranges - of allowed IPs by using CIDR notation). + of allowed IPs by using CIDR notation). Required. items: type: string type: array diff --git a/traefik/crds/traefik.io_traefikservices.yaml b/traefik/crds/traefik.io_traefikservices.yaml index 7c8f58a3e..7a0f7daf3 100644 --- a/traefik/crds/traefik.io_traefikservices.yaml +++ b/traefik/crds/traefik.io_traefikservices.yaml @@ -47,6 +47,67 @@ spec: mirroring: description: Mirroring defines the Mirroring service configuration. properties: + healthCheck: + description: Healthcheck defines health checks for ExternalName + services. + properties: + followRedirects: + description: |- + FollowRedirects defines whether redirects should be followed during the health check calls. + Default: true + type: boolean + headers: + additionalProperties: + type: string + description: Headers defines custom headers to be sent to + the health check endpoint. + type: object + hostname: + description: Hostname defines the value of hostname in the + Host header of the health check request. + type: string + interval: + anyOf: + - type: integer + - type: string + description: |- + Interval defines the frequency of the health check calls. + Default: 30s + x-kubernetes-int-or-string: true + method: + description: Method defines the healthcheck method. + type: string + mode: + description: |- + Mode defines the health check mode. + If defined to grpc, will use the gRPC health check protocol to probe the server. + Default: http + type: string + path: + description: Path defines the server URL path for the health + check endpoint. + type: string + port: + description: Port defines the server URL port for the health + check endpoint. + type: integer + scheme: + description: Scheme replaces the server URL scheme for the + health check endpoint. + type: string + status: + description: Status defines the expected HTTP status code + of the response to the health check request. + type: integer + timeout: + anyOf: + - type: integer + - type: string + description: |- + Timeout defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy. + Default: 5s + x-kubernetes-int-or-string: true + type: object kind: description: Kind defines the kind of the Service. enum: @@ -66,6 +127,67 @@ spec: items: description: MirrorService holds the mirror configuration. properties: + healthCheck: + description: Healthcheck defines health checks for ExternalName + services. + properties: + followRedirects: + description: |- + FollowRedirects defines whether redirects should be followed during the health check calls. + Default: true + type: boolean + headers: + additionalProperties: + type: string + description: Headers defines custom headers to be sent + to the health check endpoint. + type: object + hostname: + description: Hostname defines the value of hostname + in the Host header of the health check request. + type: string + interval: + anyOf: + - type: integer + - type: string + description: |- + Interval defines the frequency of the health check calls. + Default: 30s + x-kubernetes-int-or-string: true + method: + description: Method defines the healthcheck method. + type: string + mode: + description: |- + Mode defines the health check mode. + If defined to grpc, will use the gRPC health check protocol to probe the server. + Default: http + type: string + path: + description: Path defines the server URL path for the + health check endpoint. + type: string + port: + description: Port defines the server URL port for the + health check endpoint. + type: integer + scheme: + description: Scheme replaces the server URL scheme for + the health check endpoint. + type: string + status: + description: Status defines the expected HTTP status + code of the response to the health check request. + type: integer + timeout: + anyOf: + - type: integer + - type: string + description: |- + Timeout defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy. + Default: 5s + x-kubernetes-int-or-string: true + type: object kind: description: Kind defines the kind of the Service. enum: @@ -88,6 +210,13 @@ spec: The Kubernetes Service itself does load-balance to the pods. By default, NativeLB is false. type: boolean + nodePortLB: + description: |- + NodePortLB controls, when creating the load-balancer, + whether the LB's children are directly the nodes internal IPs using the nodePort when the service type is NodePort. + It allows services to be reachable when Traefik runs externally from the Kubernetes cluster but within the same network of the nodes. + By default, NodePortLB is false. + type: boolean passHostHeader: description: |- PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service. @@ -194,6 +323,13 @@ spec: The Kubernetes Service itself does load-balance to the pods. By default, NativeLB is false. type: boolean + nodePortLB: + description: |- + NodePortLB controls, when creating the load-balancer, + whether the LB's children are directly the nodes internal IPs using the nodePort when the service type is NodePort. + It allows services to be reachable when Traefik runs externally from the Kubernetes cluster but within the same network of the nodes. + By default, NodePortLB is false. + type: boolean passHostHeader: description: |- PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service. @@ -286,6 +422,67 @@ spec: description: Service defines an upstream HTTP service to proxy traffic to. properties: + healthCheck: + description: Healthcheck defines health checks for ExternalName + services. + properties: + followRedirects: + description: |- + FollowRedirects defines whether redirects should be followed during the health check calls. + Default: true + type: boolean + headers: + additionalProperties: + type: string + description: Headers defines custom headers to be sent + to the health check endpoint. + type: object + hostname: + description: Hostname defines the value of hostname + in the Host header of the health check request. + type: string + interval: + anyOf: + - type: integer + - type: string + description: |- + Interval defines the frequency of the health check calls. + Default: 30s + x-kubernetes-int-or-string: true + method: + description: Method defines the healthcheck method. + type: string + mode: + description: |- + Mode defines the health check mode. + If defined to grpc, will use the gRPC health check protocol to probe the server. + Default: http + type: string + path: + description: Path defines the server URL path for the + health check endpoint. + type: string + port: + description: Port defines the server URL port for the + health check endpoint. + type: integer + scheme: + description: Scheme replaces the server URL scheme for + the health check endpoint. + type: string + status: + description: Status defines the expected HTTP status + code of the response to the health check request. + type: integer + timeout: + anyOf: + - type: integer + - type: string + description: |- + Timeout defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy. + Default: 5s + x-kubernetes-int-or-string: true + type: object kind: description: Kind defines the kind of the Service. enum: @@ -308,6 +505,13 @@ spec: The Kubernetes Service itself does load-balance to the pods. By default, NativeLB is false. type: boolean + nodePortLB: + description: |- + NodePortLB controls, when creating the load-balancer, + whether the LB's children are directly the nodes internal IPs using the nodePort when the service type is NodePort. + It allows services to be reachable when Traefik runs externally from the Kubernetes cluster but within the same network of the nodes. + By default, NodePortLB is false. + type: boolean passHostHeader: description: |- PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service. diff --git a/traefik/templates/rbac/clusterrole.yaml b/traefik/templates/rbac/clusterrole.yaml index 0765192a4..a851363b4 100644 --- a/traefik/templates/rbac/clusterrole.yaml +++ b/traefik/templates/rbac/clusterrole.yaml @@ -28,8 +28,8 @@ rules: - apiGroups: - "" resources: - - services - endpoints + - services verbs: - get - list @@ -38,6 +38,7 @@ rules: - apiGroups: - "" resources: + - nodes - services verbs: - get diff --git a/traefik/templates/rbac/role.yaml b/traefik/templates/rbac/role.yaml index b845b3bae..fd9d8b197 100644 --- a/traefik/templates/rbac/role.yaml +++ b/traefik/templates/rbac/role.yaml @@ -17,8 +17,8 @@ rules: - apiGroups: - "" resources: - - services - endpoints + - services verbs: - get - list @@ -27,6 +27,7 @@ rules: - apiGroups: - "" resources: + - nodes - services verbs: - get diff --git a/traefik/tests/rbac-config_test.yaml b/traefik/tests/rbac-config_test.yaml index d574043f4..cf4f8a837 100644 --- a/traefik/tests/rbac-config_test.yaml +++ b/traefik/tests/rbac-config_test.yaml @@ -695,6 +695,7 @@ tests: apiGroups: - "" resources: + - nodes - services verbs: - get @@ -795,6 +796,7 @@ tests: apiGroups: - "" resources: + - nodes - services verbs: - get @@ -1097,8 +1099,8 @@ tests: apiGroups: - "" resources: - - services - endpoints + - services verbs: - get - list @@ -1127,8 +1129,8 @@ tests: apiGroups: - "" resources: - - services - endpoints + - services verbs: - get - list