Kubernetes Configuration Reference

Dynamic configuration with Kubernetes Custom Resource

Definitions

  1. apiVersion: apiextensions.k8s.io/v1beta1
  2. kind: CustomResourceDefinition
  3. metadata:
  4. name: ingressroutes.traefik.containo.us
  5. spec:
  6. group: traefik.containo.us
  7. version: v1alpha1
  8. names:
  9. kind: IngressRoute
  10. plural: ingressroutes
  11. singular: ingressroute
  12. scope: Namespaced
  13. ---
  14. apiVersion: apiextensions.k8s.io/v1beta1
  15. kind: CustomResourceDefinition
  16. metadata:
  17. name: middlewares.traefik.containo.us
  18. spec:
  19. group: traefik.containo.us
  20. version: v1alpha1
  21. names:
  22. kind: Middleware
  23. plural: middlewares
  24. singular: middleware
  25. scope: Namespaced
  26. ---
  27. apiVersion: apiextensions.k8s.io/v1beta1
  28. kind: CustomResourceDefinition
  29. metadata:
  30. name: ingressroutetcps.traefik.containo.us
  31. spec:
  32. group: traefik.containo.us
  33. version: v1alpha1
  34. names:
  35. kind: IngressRouteTCP
  36. plural: ingressroutetcps
  37. singular: ingressroutetcp
  38. scope: Namespaced
  39. ---
  40. apiVersion: apiextensions.k8s.io/v1beta1
  41. kind: CustomResourceDefinition
  42. metadata:
  43. name: ingressrouteudps.traefik.containo.us
  44. spec:
  45. group: traefik.containo.us
  46. version: v1alpha1
  47. names:
  48. kind: IngressRouteUDP
  49. plural: ingressrouteudps
  50. singular: ingressrouteudp
  51. scope: Namespaced
  52. ---
  53. apiVersion: apiextensions.k8s.io/v1beta1
  54. kind: CustomResourceDefinition
  55. metadata:
  56. name: tlsoptions.traefik.containo.us
  57. spec:
  58. group: traefik.containo.us
  59. version: v1alpha1
  60. names:
  61. kind: TLSOption
  62. plural: tlsoptions
  63. singular: tlsoption
  64. scope: Namespaced
  65. ---
  66. apiVersion: apiextensions.k8s.io/v1beta1
  67. kind: CustomResourceDefinition
  68. metadata:
  69. name: tlsstores.traefik.containo.us
  70. spec:
  71. group: traefik.containo.us
  72. version: v1alpha1
  73. names:
  74. kind: TLSStore
  75. plural: tlsstores
  76. singular: tlsstore
  77. scope: Namespaced
  78. ---
  79. apiVersion: apiextensions.k8s.io/v1beta1
  80. kind: CustomResourceDefinition
  81. metadata:
  82. name: traefikservices.traefik.containo.us
  83. spec:
  84. group: traefik.containo.us
  85. version: v1alpha1
  86. names:
  87. kind: TraefikService
  88. plural: traefikservices
  89. singular: traefikservice
  90. scope: Namespaced

Resources

  1. apiVersion: traefik.containo.us/v1alpha1
  2. kind: TraefikService
  3. metadata:
  4. name: wrr2
  5. namespace: default
  6. spec:
  7. weighted:
  8. services:
  9. - name: s1
  10. weight: 1
  11. port: 80
  12. # Optional, as it is the default value
  13. kind: Service
  14. - name: s3
  15. weight: 1
  16. port: 80
  17. ---
  18. apiVersion: traefik.containo.us/v1alpha1
  19. kind: TraefikService
  20. metadata:
  21. name: wrr1
  22. namespace: default
  23. spec:
  24. weighted:
  25. services:
  26. - name: wrr2
  27. kind: TraefikService
  28. weight: 1
  29. - name: s3
  30. weight: 1
  31. port: 80
  32. ---
  33. apiVersion: traefik.containo.us/v1alpha1
  34. kind: TraefikService
  35. metadata:
  36. name: mirror1
  37. namespace: default
  38. spec:
  39. mirroring:
  40. name: s1
  41. port: 80
  42. mirrors:
  43. - name: s3
  44. percent: 20
  45. port: 80
  46. - name: mirror2
  47. kind: TraefikService
  48. percent: 20
  49. ---
  50. apiVersion: traefik.containo.us/v1alpha1
  51. kind: TraefikService
  52. metadata:
  53. name: mirror2
  54. namespace: default
  55. spec:
  56. mirroring:
  57. name: wrr2
  58. kind: TraefikService
  59. mirrors:
  60. - name: s2
  61. # Optional
  62. maxBodySize: 2000000000
  63. # Optional, as it is the default value
  64. kind: Service
  65. percent: 20
  66. port: 80
  67. ---
  68. apiVersion: traefik.containo.us/v1alpha1
  69. kind: IngressRoute
  70. metadata:
  71. name: ingressroute
  72. spec:
  73. entryPoints:
  74. - web
  75. - websecure
  76. routes:
  77. - match: Host(`example.net`) && PathPrefix(`/bar`)
  78. kind: Rule
  79. priority: 12
  80. # defining several services is possible and allowed, but for now the servers of
  81. # all the services (for a given route) get merged altogether under the same
  82. # load-balancing strategy.
  83. services:
  84. - name: s1
  85. port: 80
  86. # strategy defines the load balancing strategy between the servers. It defaults
  87. # to Round Robin, and for now only Round Robin is supported anyway.
  88. strategy: RoundRobin
  89. - name: s2
  90. port: 433
  91. - match: PathPrefix(`/misc`)
  92. services:
  93. - name: s3
  94. port: 80
  95. middlewares:
  96. - name: stripprefix
  97. - name: addprefix
  98. - match: PathPrefix(`/misc`)
  99. services:
  100. - name: s3
  101. # Optional, as it is the default value
  102. kind: Service
  103. port: 8443
  104. # scheme allow to override the scheme for the service. (ex: https or h2c)
  105. scheme: https
  106. - match: PathPrefix(`/lb`)
  107. services:
  108. - name: wrr1
  109. kind: TraefikService
  110. - match: PathPrefix(`/mirrored`)
  111. services:
  112. - name: mirror1
  113. kind: TraefikService
  114. # use an empty tls object for TLS with Let's Encrypt
  115. tls:
  116. secretName: supersecret
  117. options:
  118. name: myTLSOption
  119. namespace: default
  120. ---
  121. apiVersion: traefik.containo.us/v1alpha1
  122. kind: IngressRouteTCP
  123. metadata:
  124. name: ingressroutetcp.crd
  125. namespace: default
  126. spec:
  127. entryPoints:
  128. - footcp
  129. routes:
  130. - match: HostSNI(`example.com`)
  131. services:
  132. - name: whoamitcp
  133. port: 8080
  134. tls:
  135. secretName: foosecret
  136. passthrough: false
  137. options:
  138. name: myTLSOption
  139. namespace: default
  140. ---
  141. apiVersion: traefik.containo.us/v1alpha1
  142. kind: IngressRouteUDP
  143. metadata:
  144. name: ingressrouteudp.crd
  145. namespace: default
  146. spec:
  147. entryPoints:
  148. - footcp
  149. routes:
  150. - services:
  151. - name: whoamiudp
  152. port: 8080
  153. ---
  154. apiVersion: traefik.containo.us/v1alpha1
  155. kind: TLSOption
  156. metadata:
  157. name: tlsoption
  158. namespace: default
  159. spec:
  160. minVersion: foobar
  161. maxVersion: foobar
  162. cipherSuites:
  163. - foobar
  164. - foobar
  165. curvePreferences:
  166. - foobar
  167. - foobar
  168. clientAuth:
  169. caFiles:
  170. - foobar
  171. - foobar
  172. clientAuthType: foobar
  173. sniStrict: true
  174. preferServerCipherSuites: true

RBAC

  1. kind: ClusterRole
  2. apiVersion: rbac.authorization.k8s.io/v1beta1
  3. metadata:
  4. name: traefik-ingress-controller
  5. rules:
  6. - apiGroups:
  7. - ""
  8. resources:
  9. - services
  10. - endpoints
  11. - secrets
  12. verbs:
  13. - get
  14. - list
  15. - watch
  16. - apiGroups:
  17. - extensions
  18. resources:
  19. - ingresses
  20. verbs:
  21. - get
  22. - list
  23. - watch
  24. - apiGroups:
  25. - extensions
  26. resources:
  27. - ingresses/status
  28. verbs:
  29. - update
  30. - apiGroups:
  31. - traefik.containo.us
  32. resources:
  33. - middlewares
  34. - ingressroutes
  35. - traefikservices
  36. - ingressroutetcps
  37. - ingressrouteudps
  38. - tlsoptions
  39. - tlsstores
  40. verbs:
  41. - get
  42. - list
  43. - watch
  44. ---
  45. kind: ClusterRoleBinding
  46. apiVersion: rbac.authorization.k8s.io/v1beta1
  47. metadata:
  48. name: traefik-ingress-controller
  49. roleRef:
  50. apiGroup: rbac.authorization.k8s.io
  51. kind: ClusterRole
  52. name: traefik-ingress-controller
  53. subjects:
  54. - kind: ServiceAccount
  55. name: traefik-ingress-controller
  56. namespace: default