Kubernetes Configuration Reference

Dynamic configuration with Kubernetes Custom Resource

Definitions

  1. apiVersion: apiextensions.k8s.io/v1beta1
  2. kind: CustomResourceDefinition
  3. metadata:
  4.   name: ingressroutes.traefik.containo.us
  6. spec:
  7.   group: traefik.containo.us
  8.   version: v1alpha1
  9.   names:
  10.     kind: IngressRoute
  11.     plural: ingressroutes
  12.     singular: ingressroute
  13.   scope: Namespaced
  15. ---
  16. apiVersion: apiextensions.k8s.io/v1beta1
  17. kind: CustomResourceDefinition
  18. metadata:
  19.   name: middlewares.traefik.containo.us
  21. spec:
  22.   group: traefik.containo.us
  23.   version: v1alpha1
  24.   names:
  25.     kind: Middleware
  26.     plural: middlewares
  27.     singular: middleware
  28.   scope: Namespaced
  30. ---
  31. apiVersion: apiextensions.k8s.io/v1beta1
  32. kind: CustomResourceDefinition
  33. metadata:
  34.   name: ingressroutetcps.traefik.containo.us
  36. spec:
  37.   group: traefik.containo.us
  38.   version: v1alpha1
  39.   names:
  40.     kind: IngressRouteTCP
  41.     plural: ingressroutetcps
  42.     singular: ingressroutetcp
  43.   scope: Namespaced
  45. ---
  46. apiVersion: apiextensions.k8s.io/v1beta1
  47. kind: CustomResourceDefinition
  48. metadata:
  49.   name: ingressrouteudps.traefik.containo.us
  51. spec:
  52.   group: traefik.containo.us
  53.   version: v1alpha1
  54.   names:
  55.     kind: IngressRouteUDP
  56.     plural: ingressrouteudps
  57.     singular: ingressrouteudp
  58.   scope: Namespaced
  60. ---
  61. apiVersion: apiextensions.k8s.io/v1beta1
  62. kind: CustomResourceDefinition
  63. metadata:
  64.   name: tlsoptions.traefik.containo.us
  66. spec:
  67.   group: traefik.containo.us
  68.   version: v1alpha1
  69.   names:
  70.     kind: TLSOption
  71.     plural: tlsoptions
  72.     singular: tlsoption
  73.   scope: Namespaced
  75. ---
  76. apiVersion: apiextensions.k8s.io/v1beta1
  77. kind: CustomResourceDefinition
  78. metadata:
  79.   name: tlsstores.traefik.containo.us
  81. spec:
  82.   group: traefik.containo.us
  83.   version: v1alpha1
  84.   names:
  85.     kind: TLSStore
  86.     plural: tlsstores
  87.     singular: tlsstore
  88.   scope: Namespaced
  90. ---
  91. apiVersion: apiextensions.k8s.io/v1beta1
  92. kind: CustomResourceDefinition
  93. metadata:
  94.   name: traefikservices.traefik.containo.us
  96. spec:
  97.   group: traefik.containo.us
  98.   version: v1alpha1
  99.   names:
  100.     kind: TraefikService
  101.     plural: traefikservices
  102.     singular: traefikservice
  103.   scope: Namespaced
  105. ---
  106. apiVersion: apiextensions.k8s.io/v1beta1
  107. kind: CustomResourceDefinition
  108. metadata:
  109.   name: serverstransports.traefik.containo.us
  111. spec:
  112.   group: traefik.containo.us
  113.   version: v1alpha1
  114.   names:
  115.     kind: ServersTransport
  116.     plural: serverstransports
  117.     singular: serverstransport
  118.   scope: Namespaced

Resources

  1. apiVersion: traefik.containo.us/v1alpha1
  2. kind: TraefikService
  3. metadata:
  4.   name: wrr2
  5.   namespace: default
  7. spec:
  8.   weighted:
  9.     services:
  10.       - name: s1
  11.         weight: 1
  12.         port: 80
  13.         # Optional, as it is the default value
  14.         kind: Service
  15.       - name: s3
  16.         weight: 1
  17.         port: 80
  19. ---
  20. apiVersion: traefik.containo.us/v1alpha1
  21. kind: TraefikService
  22. metadata:
  23.   name: wrr1
  24.   namespace: default
  26. spec:
  27.   weighted:
  28.     services:
  29.       - name: wrr2
  30.         kind: TraefikService
  31.         weight: 1
  32.       - name: s3
  33.         weight: 1
  34.         port: 80
  36. ---
  37. apiVersion: traefik.containo.us/v1alpha1
  38. kind: TraefikService
  39. metadata:
  40.   name: mirror1
  41.   namespace: default
  43. spec:
  44.   mirroring:
  45.     name: s1
  46.     port: 80
  47.     mirrors:
  48.       - name: s3
  49.         percent: 20
  50.         port: 80
  51.       - name: mirror2
  52.         kind: TraefikService
  53.         percent: 20
  55. ---
  56. apiVersion: traefik.containo.us/v1alpha1
  57. kind: TraefikService
  58. metadata:
  59.   name: mirror2
  60.   namespace: default
  62. spec:
  63.   mirroring:
  64.     name: wrr2
  65.     kind: TraefikService
  66.     mirrors:
  67.       - name: s2
  68.         # Optional
  69.         maxBodySize: 2000000000
  70.         # Optional, as it is the default value
  71.         kind: Service
  72.         percent: 20
  73.         port: 80
  75. ---
  76. apiVersion: traefik.containo.us/v1alpha1
  77. kind: IngressRoute
  78. metadata:
  79.   name: ingressroute
  80. spec:
  81.   entryPoints:
  82.     - web
  83.     - websecure
  84.   routes:
  85.     - match: Host(`example.net`) && PathPrefix(`/bar`)
  86.       kind: Rule
  87.       priority: 12
  88.       # defining several services is possible and allowed, but for now the servers of
  89.       # all the services (for a given route) get merged altogether under the same
  90.       # load-balancing strategy.
  91.       services:
  92.         - name: s1
  93.           port: 80
  94.           # strategy defines the load balancing strategy between the servers. It defaults
  95.           # to Round Robin, and for now only Round Robin is supported anyway.
  96.           strategy: RoundRobin
  97.         - name: s2
  98.           port: 433
  99.           serversTransport: mytransport
  100.     - match: PathPrefix(`/misc`)
  101.       services:
  102.         - name: s3
  103.           port: 80
  104.       middlewares:
  105.         - name: stripprefix
  106.         - name: addprefix
  107.     - match: PathPrefix(`/misc`)
  108.       services:
  109.         - name: s3
  110.           # Optional, as it is the default value
  111.           kind: Service
  112.           port: 8443
  113.           # scheme allow to override the scheme for the service. (ex: https or h2c)
  114.           scheme: https
  115.     - match: PathPrefix(`/lb`)
  116.       services:
  117.         - name: wrr1
  118.           kind: TraefikService
  119.     - match: PathPrefix(`/mirrored`)
  120.       services:
  121.         - name: mirror1
  122.           kind: TraefikService
  123.   # use an empty tls object for TLS with Let's Encrypt
  124.   tls:
  125.     secretName: supersecret
  126.     options:
  127.       name: my-tls-option
  128.       namespace: default
  130. ---
  131. apiVersion: traefik.containo.us/v1alpha1
  132. kind: IngressRouteTCP
  133. metadata:
  134.   name: ingressroutetcp.crd
  135.   namespace: default
  137. spec:
  138.   entryPoints:
  139.     - footcp
  140.   routes:
  141.     - match: HostSNI(`example.com`)
  142.       services:
  143.         - name: whoamitcp
  144.           port: 8080
  145.   tls:
  146.     secretName: foosecret
  147.     passthrough: false
  148.     options:
  149.       name: my-tls-option
  150.       namespace: default
  152. ---
  153. apiVersion: traefik.containo.us/v1alpha1
  154. kind: IngressRouteUDP
  155. metadata:
  156.   name: ingressrouteudp.crd
  157.   namespace: default
  159. spec:
  160.   entryPoints:
  161.     - footcp
  162.   routes:
  163.     - services:
  164.         - name: whoamiudp
  165.           port: 8080
  167. ---
  168. apiVersion: traefik.containo.us/v1alpha1
  169. kind: TLSOption
  170. metadata:
  171.   name: tlsoption
  172.   namespace: default
  174. spec:
  175.   minVersion: foobar
  176.   maxVersion: foobar
  177.   cipherSuites:
  178.     - foobar
  179.     - foobar
  180.   curvePreferences:
  181.     - foobar
  182.     - foobar
  183.   clientAuth:
  184.     caFiles:
  185.       - foobar
  186.       - foobar
  187.     clientAuthType: foobar
  188.   sniStrict: true
  189.   preferServerCipherSuites: true
  191. ---
  192. apiVersion: traefik.containo.us/v1alpha1
  193. kind: ServersTransport
  194. metadata:
  195.   name: mytransport
  196.   namespace: default
  198. spec:
  199.   serverName: foobar
  200.   insecureSkipVerify: true
  201.   rootCAsSecrets:
  202.     - foobar
  203.     - foobar
  204.   certificatesSecrets:
  205.     - foobar
  206.     - foobar
  207.   maxIdleConnsPerHost: 1
  208.   forwardingTimeouts:
  209.     dialTimeout: 42s
  210.     responseHeaderTimeout: 42s
  211.     idleConnTimeout: 42s

RBAC

  1. kind: ClusterRole
  2. apiVersion: rbac.authorization.k8s.io/v1beta1
  3. metadata:
  4.   name: traefik-ingress-controller
  6. rules:
  7.   - apiGroups:
  8.       - ""
  9.     resources:
  10.       - services
  11.       - endpoints
  12.       - secrets
  13.     verbs:
  14.       - get
  15.       - list
  16.       - watch
  17.   - apiGroups:
  18.       - extensions
  19.       - networking.k8s.io
  20.     resources:
  21.       - ingresses
  22.       - ingressclasses
  23.     verbs:
  24.       - get
  25.       - list
  26.       - watch
  27.   - apiGroups:
  28.       - extensions
  29.     resources:
  30.       - ingresses/status
  31.     verbs:
  32.       - update
  33.   - apiGroups:
  34.       - traefik.containo.us
  35.     resources:
  36.       - middlewares
  37.       - ingressroutes
  38.       - traefikservices
  39.       - ingressroutetcps
  40.       - ingressrouteudps
  41.       - tlsoptions
  42.       - tlsstores
  43.       - serverstransports
  44.     verbs:
  45.       - get
  46.       - list
  47.       - watch
  49. ---
  50. kind: ClusterRoleBinding
  51. apiVersion: rbac.authorization.k8s.io/v1beta1
  52. metadata:
  53.   name: traefik-ingress-controller
  55. roleRef:
  56.   apiGroup: rbac.authorization.k8s.io
  57.   kind: ClusterRole
  58.   name: traefik-ingress-controller
  59. subjects:
  60.   - kind: ServiceAccount
  61.     name: traefik-ingress-controller
  62.     namespace: default