diff --git a/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml b/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml index 940131f91..43b14722c 100644 --- a/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml +++ b/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml @@ -102,6 +102,7 @@ spec: description: |- Priority defines the router's priority. More info: https://doc.traefik.io/traefik/v3.3/routing/routers/#priority + maximum: 9223372036854775000 type: integer services: description: |- @@ -276,6 +277,10 @@ spec: description: |- SameSite defines the same site policy. More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite + enum: + - none + - lax + - strict type: string secure: description: Secure defines whether the cookie @@ -288,11 +293,14 @@ spec: description: |- Strategy defines the load balancing strategy between the servers. RoundRobin is the only supported value at the moment. + enum: + - RoundRobin type: string weight: description: |- Weight defines the weight and should only be specified when Name references a TraefikService object (and to be precise, one that embeds a Weighted Round Robin). + minimum: 0 type: integer required: - name @@ -470,6 +478,7 @@ spec: description: |- Priority defines the router's priority. More info: https://doc.traefik.io/traefik/v3.3/routing/routers/#priority_1 + maximum: 9223372036854775000 type: integer services: description: Services defines the list of TCP services. @@ -515,6 +524,8 @@ spec: version: description: Version defines the PROXY Protocol version to use. + maximum: 2 + minimum: 1 type: integer type: object serversTransport: @@ -539,6 +550,7 @@ spec: weight: description: Weight defines the weight used when balancing requests between multiple Kubernetes Service. + minimum: 0 type: integer required: - name @@ -549,6 +561,9 @@ spec: description: |- Syntax defines the router's rule syntax. More info: https://doc.traefik.io/traefik/v3.3/routing/routers/#rulesyntax_1 + enum: + - v3 + - v2 type: string required: - match @@ -728,6 +743,7 @@ spec: weight: description: Weight defines the weight used when balancing requests between multiple Kubernetes Service. + minimum: 0 type: integer required: - name @@ -799,6 +815,9 @@ spec: Prefix is the string to add before the current path in the requested URL. It should include a leading slash (/). type: string + x-kubernetes-validations: + - message: must start with a '/' + rule: self.startsWith('/') type: object basicAuth: description: |- @@ -899,6 +918,7 @@ spec: - type: string description: CheckPeriod is the interval between successive checks of the circuit breaker condition (when in standby state). + pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$ x-kubernetes-int-or-string: true expression: description: Expression is the condition that triggers the tripped @@ -918,10 +938,13 @@ spec: description: RecoveryDuration is the duration for which the circuit breaker will try to recover (as soon as it is in recovering state). + pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$ x-kubernetes-int-or-string: true responseCode: description: ResponseCode is the status code that the circuit breaker will return while it is in the open state. + maximum: 599 + minimum: 100 type: integer type: object compress: @@ -959,6 +982,7 @@ spec: description: |- MinResponseBodyBytes defines the minimum amount of bytes a response body must have to be compressed. Default: 1024. + minimum: 0 type: integer type: object contentType: @@ -1180,6 +1204,10 @@ spec: description: |- SameSite defines the same site policy. More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite + enum: + - none + - lax + - strict type: string secure: description: Secure defines whether the cookie can @@ -1192,11 +1220,14 @@ spec: description: |- Strategy defines the load balancing strategy between the servers. RoundRobin is the only supported value at the moment. + enum: + - RoundRobin type: string weight: description: |- Weight defines the weight and should only be specified when Name references a TraefikService object (and to be precise, one that embeds a Weighted Round Robin). + minimum: 0 type: integer required: - name @@ -1209,6 +1240,7 @@ spec: as ranges by separating two codes with a dash (500-599), or a combination of the two (404,418,500-599). items: + pattern: ^([0-5][0-9]{2}[,-]?)+$ type: string type: array statusRewrites: @@ -1487,6 +1519,7 @@ spec: STSSeconds defines the max-age of the Strict-Transport-Security header. If set to 0, the header is not set. format: int64 + minimum: 0 type: integer type: object inFlightReq: @@ -1500,6 +1533,7 @@ spec: Amount defines the maximum amount of allowed simultaneous in-flight request. The middleware responds with HTTP 429 Too Many Requests if there are already amount requests in progress (based on the same sourceCriterion strategy). format: int64 + minimum: 0 type: integer sourceCriterion: description: |- @@ -1517,6 +1551,7 @@ spec: description: Depth tells Traefik to use the X-Forwarded-For header and take the IP located at the depth position (starting from the right). + minimum: 0 type: integer excludedIPs: description: ExcludedIPs configures Traefik to scan the @@ -1557,6 +1592,7 @@ spec: description: Depth tells Traefik to use the X-Forwarded-For header and take the IP located at the depth position (starting from the right). + minimum: 0 type: integer excludedIPs: description: ExcludedIPs configures Traefik to scan the X-Forwarded-For @@ -1594,6 +1630,7 @@ spec: description: Depth tells Traefik to use the X-Forwarded-For header and take the IP located at the depth position (starting from the right). + minimum: 0 type: integer excludedIPs: description: ExcludedIPs configures Traefik to scan the X-Forwarded-For @@ -1736,12 +1773,14 @@ spec: The rate is actually defined by dividing Average by Period. So for a rate below 1req/s, one needs to define a Period larger than a second. format: int64 + minimum: 0 type: integer burst: description: |- Burst is the maximum number of requests allowed to arrive in the same arbitrarily small period of time. It defaults to 1. format: int64 + minimum: 0 type: integer period: anyOf: @@ -1766,6 +1805,7 @@ spec: description: Depth tells Traefik to use the X-Forwarded-For header and take the IP located at the depth position (starting from the right). + minimum: 0 type: integer excludedIPs: description: ExcludedIPs configures Traefik to scan the @@ -1863,6 +1903,7 @@ spec: attempts: description: Attempts defines how many times the request should be retried. + minimum: 0 type: integer initialInterval: anyOf: @@ -1874,6 +1915,7 @@ spec: If unspecified, requests will be retried immediately. The value of initialInterval should be provided in seconds or as a valid duration format, see https://pkg.go.dev/time#ParseDuration. + pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$ x-kubernetes-int-or-string: true type: object stripPrefix: @@ -1966,6 +2008,7 @@ spec: Amount defines the maximum amount of allowed simultaneous connections. The middleware closes the connection if there are already amount connections opened. format: int64 + minimum: 0 type: integer type: object ipAllowList: @@ -2067,6 +2110,7 @@ spec: - type: string description: DialTimeout is the amount of time to wait until a connection to a backend server can be established. + pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$ x-kubernetes-int-or-string: true idleConnTimeout: anyOf: @@ -2075,6 +2119,7 @@ spec: description: IdleConnTimeout is the maximum period for which an idle HTTP keep-alive connection will remain open before closing itself. + pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$ x-kubernetes-int-or-string: true pingTimeout: anyOf: @@ -2082,6 +2127,7 @@ spec: - type: string description: PingTimeout is the timeout after which the HTTP/2 connection will be closed if a response to ping is not received. + pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$ x-kubernetes-int-or-string: true readIdleTimeout: anyOf: @@ -2090,6 +2136,7 @@ spec: description: ReadIdleTimeout is the timeout after which a health check using ping frame will be carried out if no frame is received on the HTTP/2 connection. + pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$ x-kubernetes-int-or-string: true responseHeaderTimeout: anyOf: @@ -2098,6 +2145,7 @@ spec: description: ResponseHeaderTimeout is the amount of time to wait for a server's response headers after fully writing the request (including its body, if any). + pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$ x-kubernetes-int-or-string: true type: object insecureSkipVerify: @@ -2106,6 +2154,7 @@ spec: maxIdleConnsPerHost: description: MaxIdleConnsPerHost controls the maximum idle (keep-alive) to keep per-host. + minimum: 0 type: integer peerCertURI: description: PeerCertURI defines the peer cert URI used to match against @@ -2196,6 +2245,7 @@ spec: the protocol and operating system. Network protocols or operating systems that do not support keep-alives ignore this field. If negative, keep-alive probes are disabled. + pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$ x-kubernetes-int-or-string: true dialTimeout: anyOf: @@ -2203,6 +2253,7 @@ spec: - type: string description: DialTimeout is the amount of time to wait until a connection to a backend server can be established. + pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$ x-kubernetes-int-or-string: true terminationDelay: anyOf: @@ -2211,6 +2262,7 @@ spec: description: TerminationDelay defines the delay to wait before fully terminating the connection, after one connected peer has closed its writing capability. + pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$ x-kubernetes-int-or-string: true tls: description: TLS defines the TLS configuration @@ -2775,6 +2827,10 @@ spec: description: |- SameSite defines the same site policy. More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite + enum: + - none + - lax + - strict type: string secure: description: Secure defines whether the cookie can @@ -2787,11 +2843,14 @@ spec: description: |- Strategy defines the load balancing strategy between the servers. RoundRobin is the only supported value at the moment. + enum: + - RoundRobin type: string weight: description: |- Weight defines the weight and should only be specified when Name references a TraefikService object (and to be precise, one that embeds a Weighted Round Robin). + minimum: 0 type: integer required: - name @@ -2893,6 +2952,10 @@ spec: description: |- SameSite defines the same site policy. More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite + enum: + - none + - lax + - strict type: string secure: description: Secure defines whether the cookie can only @@ -2904,11 +2967,14 @@ spec: description: |- Strategy defines the load balancing strategy between the servers. RoundRobin is the only supported value at the moment. + enum: + - RoundRobin type: string weight: description: |- Weight defines the weight and should only be specified when Name references a TraefikService object (and to be precise, one that embeds a Weighted Round Robin). + minimum: 0 type: integer required: - name @@ -3087,6 +3153,10 @@ spec: description: |- SameSite defines the same site policy. More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite + enum: + - none + - lax + - strict type: string secure: description: Secure defines whether the cookie can @@ -3099,11 +3169,14 @@ spec: description: |- Strategy defines the load balancing strategy between the servers. RoundRobin is the only supported value at the moment. + enum: + - RoundRobin type: string weight: description: |- Weight defines the weight and should only be specified when Name references a TraefikService object (and to be precise, one that embeds a Weighted Round Robin). + minimum: 0 type: integer required: - name @@ -3145,6 +3218,10 @@ spec: description: |- SameSite defines the same site policy. More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite + enum: + - none + - lax + - strict type: string secure: description: Secure defines whether the cookie can only diff --git a/docs/content/reference/dynamic-configuration/traefik.containo.us_middlewares.yaml b/docs/content/reference/dynamic-configuration/traefik.containo.us_middlewares.yaml index e69de29bb..8b1378917 100644 --- a/docs/content/reference/dynamic-configuration/traefik.containo.us_middlewares.yaml +++ b/docs/content/reference/dynamic-configuration/traefik.containo.us_middlewares.yaml @@ -0,0 +1 @@ + diff --git a/docs/content/reference/dynamic-configuration/traefik.io_ingressroutes.yaml b/docs/content/reference/dynamic-configuration/traefik.io_ingressroutes.yaml index f682dba72..c1cb4024d 100644 --- a/docs/content/reference/dynamic-configuration/traefik.io_ingressroutes.yaml +++ b/docs/content/reference/dynamic-configuration/traefik.io_ingressroutes.yaml @@ -102,6 +102,7 @@ spec: description: |- Priority defines the router's priority. More info: https://doc.traefik.io/traefik/v3.3/routing/routers/#priority + maximum: 9223372036854775000 type: integer services: description: |- @@ -276,6 +277,10 @@ spec: description: |- SameSite defines the same site policy. More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite + enum: + - none + - lax + - strict type: string secure: description: Secure defines whether the cookie @@ -288,11 +293,14 @@ spec: description: |- Strategy defines the load balancing strategy between the servers. RoundRobin is the only supported value at the moment. + enum: + - RoundRobin type: string weight: description: |- Weight defines the weight and should only be specified when Name references a TraefikService object (and to be precise, one that embeds a Weighted Round Robin). + minimum: 0 type: integer required: - name diff --git a/docs/content/reference/dynamic-configuration/traefik.io_ingressroutetcps.yaml b/docs/content/reference/dynamic-configuration/traefik.io_ingressroutetcps.yaml index 7f46fee0b..da5b8725c 100644 --- a/docs/content/reference/dynamic-configuration/traefik.io_ingressroutetcps.yaml +++ b/docs/content/reference/dynamic-configuration/traefik.io_ingressroutetcps.yaml @@ -81,6 +81,7 @@ spec: description: |- Priority defines the router's priority. More info: https://doc.traefik.io/traefik/v3.3/routing/routers/#priority_1 + maximum: 9223372036854775000 type: integer services: description: Services defines the list of TCP services. @@ -126,6 +127,8 @@ spec: version: description: Version defines the PROXY Protocol version to use. + maximum: 2 + minimum: 1 type: integer type: object serversTransport: @@ -150,6 +153,7 @@ spec: weight: description: Weight defines the weight used when balancing requests between multiple Kubernetes Service. + minimum: 0 type: integer required: - name @@ -160,6 +164,9 @@ spec: description: |- Syntax defines the router's rule syntax. More info: https://doc.traefik.io/traefik/v3.3/routing/routers/#rulesyntax_1 + enum: + - v3 + - v2 type: string required: - match diff --git a/docs/content/reference/dynamic-configuration/traefik.io_ingressrouteudps.yaml b/docs/content/reference/dynamic-configuration/traefik.io_ingressrouteudps.yaml index 74c0ec158..9a988590e 100644 --- a/docs/content/reference/dynamic-configuration/traefik.io_ingressrouteudps.yaml +++ b/docs/content/reference/dynamic-configuration/traefik.io_ingressrouteudps.yaml @@ -92,6 +92,7 @@ spec: weight: description: Weight defines the weight used when balancing requests between multiple Kubernetes Service. + minimum: 0 type: integer required: - name diff --git a/docs/content/reference/dynamic-configuration/traefik.io_middlewares.yaml b/docs/content/reference/dynamic-configuration/traefik.io_middlewares.yaml index a2dec5131..c5fe517a9 100644 --- a/docs/content/reference/dynamic-configuration/traefik.io_middlewares.yaml +++ b/docs/content/reference/dynamic-configuration/traefik.io_middlewares.yaml @@ -52,6 +52,9 @@ spec: Prefix is the string to add before the current path in the requested URL. It should include a leading slash (/). type: string + x-kubernetes-validations: + - message: must start with a '/' + rule: self.startsWith('/') type: object basicAuth: description: |- @@ -152,6 +155,7 @@ spec: - type: string description: CheckPeriod is the interval between successive checks of the circuit breaker condition (when in standby state). + pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$ x-kubernetes-int-or-string: true expression: description: Expression is the condition that triggers the tripped @@ -171,10 +175,13 @@ spec: description: RecoveryDuration is the duration for which the circuit breaker will try to recover (as soon as it is in recovering state). + pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$ x-kubernetes-int-or-string: true responseCode: description: ResponseCode is the status code that the circuit breaker will return while it is in the open state. + maximum: 599 + minimum: 100 type: integer type: object compress: @@ -212,6 +219,7 @@ spec: description: |- MinResponseBodyBytes defines the minimum amount of bytes a response body must have to be compressed. Default: 1024. + minimum: 0 type: integer type: object contentType: @@ -433,6 +441,10 @@ spec: description: |- SameSite defines the same site policy. More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite + enum: + - none + - lax + - strict type: string secure: description: Secure defines whether the cookie can @@ -445,11 +457,14 @@ spec: description: |- Strategy defines the load balancing strategy between the servers. RoundRobin is the only supported value at the moment. + enum: + - RoundRobin type: string weight: description: |- Weight defines the weight and should only be specified when Name references a TraefikService object (and to be precise, one that embeds a Weighted Round Robin). + minimum: 0 type: integer required: - name @@ -462,6 +477,7 @@ spec: as ranges by separating two codes with a dash (500-599), or a combination of the two (404,418,500-599). items: + pattern: ^([0-5][0-9]{2}[,-]?)+$ type: string type: array statusRewrites: @@ -740,6 +756,7 @@ spec: STSSeconds defines the max-age of the Strict-Transport-Security header. If set to 0, the header is not set. format: int64 + minimum: 0 type: integer type: object inFlightReq: @@ -753,6 +770,7 @@ spec: Amount defines the maximum amount of allowed simultaneous in-flight request. The middleware responds with HTTP 429 Too Many Requests if there are already amount requests in progress (based on the same sourceCriterion strategy). format: int64 + minimum: 0 type: integer sourceCriterion: description: |- @@ -770,6 +788,7 @@ spec: description: Depth tells Traefik to use the X-Forwarded-For header and take the IP located at the depth position (starting from the right). + minimum: 0 type: integer excludedIPs: description: ExcludedIPs configures Traefik to scan the @@ -810,6 +829,7 @@ spec: description: Depth tells Traefik to use the X-Forwarded-For header and take the IP located at the depth position (starting from the right). + minimum: 0 type: integer excludedIPs: description: ExcludedIPs configures Traefik to scan the X-Forwarded-For @@ -847,6 +867,7 @@ spec: description: Depth tells Traefik to use the X-Forwarded-For header and take the IP located at the depth position (starting from the right). + minimum: 0 type: integer excludedIPs: description: ExcludedIPs configures Traefik to scan the X-Forwarded-For @@ -989,12 +1010,14 @@ spec: The rate is actually defined by dividing Average by Period. So for a rate below 1req/s, one needs to define a Period larger than a second. format: int64 + minimum: 0 type: integer burst: description: |- Burst is the maximum number of requests allowed to arrive in the same arbitrarily small period of time. It defaults to 1. format: int64 + minimum: 0 type: integer period: anyOf: @@ -1019,6 +1042,7 @@ spec: description: Depth tells Traefik to use the X-Forwarded-For header and take the IP located at the depth position (starting from the right). + minimum: 0 type: integer excludedIPs: description: ExcludedIPs configures Traefik to scan the @@ -1116,6 +1140,7 @@ spec: attempts: description: Attempts defines how many times the request should be retried. + minimum: 0 type: integer initialInterval: anyOf: @@ -1127,6 +1152,7 @@ spec: If unspecified, requests will be retried immediately. The value of initialInterval should be provided in seconds or as a valid duration format, see https://pkg.go.dev/time#ParseDuration. + pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$ x-kubernetes-int-or-string: true type: object stripPrefix: diff --git a/docs/content/reference/dynamic-configuration/traefik.io_middlewaretcps.yaml b/docs/content/reference/dynamic-configuration/traefik.io_middlewaretcps.yaml index 39888cd01..f44b63691 100644 --- a/docs/content/reference/dynamic-configuration/traefik.io_middlewaretcps.yaml +++ b/docs/content/reference/dynamic-configuration/traefik.io_middlewaretcps.yaml @@ -49,6 +49,7 @@ spec: Amount defines the maximum amount of allowed simultaneous connections. The middleware closes the connection if there are already amount connections opened. format: int64 + minimum: 0 type: integer type: object ipAllowList: diff --git a/docs/content/reference/dynamic-configuration/traefik.io_serverstransports.yaml b/docs/content/reference/dynamic-configuration/traefik.io_serverstransports.yaml index e881e68bb..3226cc9c7 100644 --- a/docs/content/reference/dynamic-configuration/traefik.io_serverstransports.yaml +++ b/docs/content/reference/dynamic-configuration/traefik.io_serverstransports.yaml @@ -63,6 +63,7 @@ spec: - type: string description: DialTimeout is the amount of time to wait until a connection to a backend server can be established. + pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$ x-kubernetes-int-or-string: true idleConnTimeout: anyOf: @@ -71,6 +72,7 @@ spec: description: IdleConnTimeout is the maximum period for which an idle HTTP keep-alive connection will remain open before closing itself. + pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$ x-kubernetes-int-or-string: true pingTimeout: anyOf: @@ -78,6 +80,7 @@ spec: - type: string description: PingTimeout is the timeout after which the HTTP/2 connection will be closed if a response to ping is not received. + pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$ x-kubernetes-int-or-string: true readIdleTimeout: anyOf: @@ -86,6 +89,7 @@ spec: description: ReadIdleTimeout is the timeout after which a health check using ping frame will be carried out if no frame is received on the HTTP/2 connection. + pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$ x-kubernetes-int-or-string: true responseHeaderTimeout: anyOf: @@ -94,6 +98,7 @@ spec: description: ResponseHeaderTimeout is the amount of time to wait for a server's response headers after fully writing the request (including its body, if any). + pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$ x-kubernetes-int-or-string: true type: object insecureSkipVerify: @@ -102,6 +107,7 @@ spec: maxIdleConnsPerHost: description: MaxIdleConnsPerHost controls the maximum idle (keep-alive) to keep per-host. + minimum: 0 type: integer peerCertURI: description: PeerCertURI defines the peer cert URI used to match against diff --git a/docs/content/reference/dynamic-configuration/traefik.io_serverstransporttcps.yaml b/docs/content/reference/dynamic-configuration/traefik.io_serverstransporttcps.yaml index 19c615459..21df38773 100644 --- a/docs/content/reference/dynamic-configuration/traefik.io_serverstransporttcps.yaml +++ b/docs/content/reference/dynamic-configuration/traefik.io_serverstransporttcps.yaml @@ -53,6 +53,7 @@ spec: the protocol and operating system. Network protocols or operating systems that do not support keep-alives ignore this field. If negative, keep-alive probes are disabled. + pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$ x-kubernetes-int-or-string: true dialTimeout: anyOf: @@ -60,6 +61,7 @@ spec: - type: string description: DialTimeout is the amount of time to wait until a connection to a backend server can be established. + pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$ x-kubernetes-int-or-string: true terminationDelay: anyOf: @@ -68,6 +70,7 @@ spec: description: TerminationDelay defines the delay to wait before fully terminating the connection, after one connected peer has closed its writing capability. + pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$ x-kubernetes-int-or-string: true tls: description: TLS defines the TLS configuration diff --git a/docs/content/reference/dynamic-configuration/traefik.io_traefikservices.yaml b/docs/content/reference/dynamic-configuration/traefik.io_traefikservices.yaml index 5885bdf22..1e87f2f25 100644 --- a/docs/content/reference/dynamic-configuration/traefik.io_traefikservices.yaml +++ b/docs/content/reference/dynamic-configuration/traefik.io_traefikservices.yaml @@ -301,6 +301,10 @@ spec: description: |- SameSite defines the same site policy. More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite + enum: + - none + - lax + - strict type: string secure: description: Secure defines whether the cookie can @@ -313,11 +317,14 @@ spec: description: |- Strategy defines the load balancing strategy between the servers. RoundRobin is the only supported value at the moment. + enum: + - RoundRobin type: string weight: description: |- Weight defines the weight and should only be specified when Name references a TraefikService object (and to be precise, one that embeds a Weighted Round Robin). + minimum: 0 type: integer required: - name @@ -419,6 +426,10 @@ spec: description: |- SameSite defines the same site policy. More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite + enum: + - none + - lax + - strict type: string secure: description: Secure defines whether the cookie can only @@ -430,11 +441,14 @@ spec: description: |- Strategy defines the load balancing strategy between the servers. RoundRobin is the only supported value at the moment. + enum: + - RoundRobin type: string weight: description: |- Weight defines the weight and should only be specified when Name references a TraefikService object (and to be precise, one that embeds a Weighted Round Robin). + minimum: 0 type: integer required: - name @@ -613,6 +627,10 @@ spec: description: |- SameSite defines the same site policy. More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite + enum: + - none + - lax + - strict type: string secure: description: Secure defines whether the cookie can @@ -625,11 +643,14 @@ spec: description: |- Strategy defines the load balancing strategy between the servers. RoundRobin is the only supported value at the moment. + enum: + - RoundRobin type: string weight: description: |- Weight defines the weight and should only be specified when Name references a TraefikService object (and to be precise, one that embeds a Weighted Round Robin). + minimum: 0 type: integer required: - name @@ -671,6 +692,10 @@ spec: description: |- SameSite defines the same site policy. More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite + enum: + - none + - lax + - strict type: string secure: description: Secure defines whether the cookie can only diff --git a/integration/fixtures/k8s/01-traefik-crd.yml b/integration/fixtures/k8s/01-traefik-crd.yml index 940131f91..43b14722c 100644 --- a/integration/fixtures/k8s/01-traefik-crd.yml +++ b/integration/fixtures/k8s/01-traefik-crd.yml @@ -102,6 +102,7 @@ spec: description: |- Priority defines the router's priority. More info: https://doc.traefik.io/traefik/v3.3/routing/routers/#priority + maximum: 9223372036854775000 type: integer services: description: |- @@ -276,6 +277,10 @@ spec: description: |- SameSite defines the same site policy. More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite + enum: + - none + - lax + - strict type: string secure: description: Secure defines whether the cookie @@ -288,11 +293,14 @@ spec: description: |- Strategy defines the load balancing strategy between the servers. RoundRobin is the only supported value at the moment. + enum: + - RoundRobin type: string weight: description: |- Weight defines the weight and should only be specified when Name references a TraefikService object (and to be precise, one that embeds a Weighted Round Robin). + minimum: 0 type: integer required: - name @@ -470,6 +478,7 @@ spec: description: |- Priority defines the router's priority. More info: https://doc.traefik.io/traefik/v3.3/routing/routers/#priority_1 + maximum: 9223372036854775000 type: integer services: description: Services defines the list of TCP services. @@ -515,6 +524,8 @@ spec: version: description: Version defines the PROXY Protocol version to use. + maximum: 2 + minimum: 1 type: integer type: object serversTransport: @@ -539,6 +550,7 @@ spec: weight: description: Weight defines the weight used when balancing requests between multiple Kubernetes Service. + minimum: 0 type: integer required: - name @@ -549,6 +561,9 @@ spec: description: |- Syntax defines the router's rule syntax. More info: https://doc.traefik.io/traefik/v3.3/routing/routers/#rulesyntax_1 + enum: + - v3 + - v2 type: string required: - match @@ -728,6 +743,7 @@ spec: weight: description: Weight defines the weight used when balancing requests between multiple Kubernetes Service. + minimum: 0 type: integer required: - name @@ -799,6 +815,9 @@ spec: Prefix is the string to add before the current path in the requested URL. It should include a leading slash (/). type: string + x-kubernetes-validations: + - message: must start with a '/' + rule: self.startsWith('/') type: object basicAuth: description: |- @@ -899,6 +918,7 @@ spec: - type: string description: CheckPeriod is the interval between successive checks of the circuit breaker condition (when in standby state). + pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$ x-kubernetes-int-or-string: true expression: description: Expression is the condition that triggers the tripped @@ -918,10 +938,13 @@ spec: description: RecoveryDuration is the duration for which the circuit breaker will try to recover (as soon as it is in recovering state). + pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$ x-kubernetes-int-or-string: true responseCode: description: ResponseCode is the status code that the circuit breaker will return while it is in the open state. + maximum: 599 + minimum: 100 type: integer type: object compress: @@ -959,6 +982,7 @@ spec: description: |- MinResponseBodyBytes defines the minimum amount of bytes a response body must have to be compressed. Default: 1024. + minimum: 0 type: integer type: object contentType: @@ -1180,6 +1204,10 @@ spec: description: |- SameSite defines the same site policy. More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite + enum: + - none + - lax + - strict type: string secure: description: Secure defines whether the cookie can @@ -1192,11 +1220,14 @@ spec: description: |- Strategy defines the load balancing strategy between the servers. RoundRobin is the only supported value at the moment. + enum: + - RoundRobin type: string weight: description: |- Weight defines the weight and should only be specified when Name references a TraefikService object (and to be precise, one that embeds a Weighted Round Robin). + minimum: 0 type: integer required: - name @@ -1209,6 +1240,7 @@ spec: as ranges by separating two codes with a dash (500-599), or a combination of the two (404,418,500-599). items: + pattern: ^([0-5][0-9]{2}[,-]?)+$ type: string type: array statusRewrites: @@ -1487,6 +1519,7 @@ spec: STSSeconds defines the max-age of the Strict-Transport-Security header. If set to 0, the header is not set. format: int64 + minimum: 0 type: integer type: object inFlightReq: @@ -1500,6 +1533,7 @@ spec: Amount defines the maximum amount of allowed simultaneous in-flight request. The middleware responds with HTTP 429 Too Many Requests if there are already amount requests in progress (based on the same sourceCriterion strategy). format: int64 + minimum: 0 type: integer sourceCriterion: description: |- @@ -1517,6 +1551,7 @@ spec: description: Depth tells Traefik to use the X-Forwarded-For header and take the IP located at the depth position (starting from the right). + minimum: 0 type: integer excludedIPs: description: ExcludedIPs configures Traefik to scan the @@ -1557,6 +1592,7 @@ spec: description: Depth tells Traefik to use the X-Forwarded-For header and take the IP located at the depth position (starting from the right). + minimum: 0 type: integer excludedIPs: description: ExcludedIPs configures Traefik to scan the X-Forwarded-For @@ -1594,6 +1630,7 @@ spec: description: Depth tells Traefik to use the X-Forwarded-For header and take the IP located at the depth position (starting from the right). + minimum: 0 type: integer excludedIPs: description: ExcludedIPs configures Traefik to scan the X-Forwarded-For @@ -1736,12 +1773,14 @@ spec: The rate is actually defined by dividing Average by Period. So for a rate below 1req/s, one needs to define a Period larger than a second. format: int64 + minimum: 0 type: integer burst: description: |- Burst is the maximum number of requests allowed to arrive in the same arbitrarily small period of time. It defaults to 1. format: int64 + minimum: 0 type: integer period: anyOf: @@ -1766,6 +1805,7 @@ spec: description: Depth tells Traefik to use the X-Forwarded-For header and take the IP located at the depth position (starting from the right). + minimum: 0 type: integer excludedIPs: description: ExcludedIPs configures Traefik to scan the @@ -1863,6 +1903,7 @@ spec: attempts: description: Attempts defines how many times the request should be retried. + minimum: 0 type: integer initialInterval: anyOf: @@ -1874,6 +1915,7 @@ spec: If unspecified, requests will be retried immediately. The value of initialInterval should be provided in seconds or as a valid duration format, see https://pkg.go.dev/time#ParseDuration. + pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$ x-kubernetes-int-or-string: true type: object stripPrefix: @@ -1966,6 +2008,7 @@ spec: Amount defines the maximum amount of allowed simultaneous connections. The middleware closes the connection if there are already amount connections opened. format: int64 + minimum: 0 type: integer type: object ipAllowList: @@ -2067,6 +2110,7 @@ spec: - type: string description: DialTimeout is the amount of time to wait until a connection to a backend server can be established. + pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$ x-kubernetes-int-or-string: true idleConnTimeout: anyOf: @@ -2075,6 +2119,7 @@ spec: description: IdleConnTimeout is the maximum period for which an idle HTTP keep-alive connection will remain open before closing itself. + pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$ x-kubernetes-int-or-string: true pingTimeout: anyOf: @@ -2082,6 +2127,7 @@ spec: - type: string description: PingTimeout is the timeout after which the HTTP/2 connection will be closed if a response to ping is not received. + pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$ x-kubernetes-int-or-string: true readIdleTimeout: anyOf: @@ -2090,6 +2136,7 @@ spec: description: ReadIdleTimeout is the timeout after which a health check using ping frame will be carried out if no frame is received on the HTTP/2 connection. + pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$ x-kubernetes-int-or-string: true responseHeaderTimeout: anyOf: @@ -2098,6 +2145,7 @@ spec: description: ResponseHeaderTimeout is the amount of time to wait for a server's response headers after fully writing the request (including its body, if any). + pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$ x-kubernetes-int-or-string: true type: object insecureSkipVerify: @@ -2106,6 +2154,7 @@ spec: maxIdleConnsPerHost: description: MaxIdleConnsPerHost controls the maximum idle (keep-alive) to keep per-host. + minimum: 0 type: integer peerCertURI: description: PeerCertURI defines the peer cert URI used to match against @@ -2196,6 +2245,7 @@ spec: the protocol and operating system. Network protocols or operating systems that do not support keep-alives ignore this field. If negative, keep-alive probes are disabled. + pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$ x-kubernetes-int-or-string: true dialTimeout: anyOf: @@ -2203,6 +2253,7 @@ spec: - type: string description: DialTimeout is the amount of time to wait until a connection to a backend server can be established. + pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$ x-kubernetes-int-or-string: true terminationDelay: anyOf: @@ -2211,6 +2262,7 @@ spec: description: TerminationDelay defines the delay to wait before fully terminating the connection, after one connected peer has closed its writing capability. + pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$ x-kubernetes-int-or-string: true tls: description: TLS defines the TLS configuration @@ -2775,6 +2827,10 @@ spec: description: |- SameSite defines the same site policy. More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite + enum: + - none + - lax + - strict type: string secure: description: Secure defines whether the cookie can @@ -2787,11 +2843,14 @@ spec: description: |- Strategy defines the load balancing strategy between the servers. RoundRobin is the only supported value at the moment. + enum: + - RoundRobin type: string weight: description: |- Weight defines the weight and should only be specified when Name references a TraefikService object (and to be precise, one that embeds a Weighted Round Robin). + minimum: 0 type: integer required: - name @@ -2893,6 +2952,10 @@ spec: description: |- SameSite defines the same site policy. More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite + enum: + - none + - lax + - strict type: string secure: description: Secure defines whether the cookie can only @@ -2904,11 +2967,14 @@ spec: description: |- Strategy defines the load balancing strategy between the servers. RoundRobin is the only supported value at the moment. + enum: + - RoundRobin type: string weight: description: |- Weight defines the weight and should only be specified when Name references a TraefikService object (and to be precise, one that embeds a Weighted Round Robin). + minimum: 0 type: integer required: - name @@ -3087,6 +3153,10 @@ spec: description: |- SameSite defines the same site policy. More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite + enum: + - none + - lax + - strict type: string secure: description: Secure defines whether the cookie can @@ -3099,11 +3169,14 @@ spec: description: |- Strategy defines the load balancing strategy between the servers. RoundRobin is the only supported value at the moment. + enum: + - RoundRobin type: string weight: description: |- Weight defines the weight and should only be specified when Name references a TraefikService object (and to be precise, one that embeds a Weighted Round Robin). + minimum: 0 type: integer required: - name @@ -3145,6 +3218,10 @@ spec: description: |- SameSite defines the same site policy. More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite + enum: + - none + - lax + - strict type: string secure: description: Secure defines whether the cookie can only diff --git a/pkg/config/dynamic/http_config.go b/pkg/config/dynamic/http_config.go index b49fa82e9..571fe501f 100644 --- a/pkg/config/dynamic/http_config.go +++ b/pkg/config/dynamic/http_config.go @@ -190,6 +190,7 @@ type Cookie struct { HTTPOnly bool `json:"httpOnly,omitempty" toml:"httpOnly,omitempty" yaml:"httpOnly,omitempty" export:"true"` // SameSite defines the same site policy. // More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite + // +kubebuilder:validation:Enum=none;lax;strict SameSite string `json:"sameSite,omitempty" toml:"sameSite,omitempty" yaml:"sameSite,omitempty" export:"true"` // MaxAge defines the number of seconds until the cookie expires. // When set to a negative number, the cookie expires immediately. diff --git a/pkg/config/dynamic/middlewares.go b/pkg/config/dynamic/middlewares.go index 0eed91a19..e1fc3a73b 100644 --- a/pkg/config/dynamic/middlewares.go +++ b/pkg/config/dynamic/middlewares.go @@ -80,6 +80,7 @@ type ContentType struct { type AddPrefix struct { // Prefix is the string to add before the current path in the requested URL. // It should include a leading slash (/). + // +kubebuilder:validation:XValidation:message="must start with a '/'",rule="self.startsWith('/')" Prefix string `json:"prefix,omitempty" toml:"prefix,omitempty" yaml:"prefix,omitempty" export:"true"` } @@ -179,6 +180,7 @@ type Compress struct { IncludedContentTypes []string `json:"includedContentTypes,omitempty" toml:"includedContentTypes,omitempty" yaml:"includedContentTypes,omitempty" export:"true"` // MinResponseBodyBytes defines the minimum amount of bytes a response body must have to be compressed. // Default: 1024. + // +kubebuilder:validation:Minimum=0 MinResponseBodyBytes int `json:"minResponseBodyBytes,omitempty" toml:"minResponseBodyBytes,omitempty" yaml:"minResponseBodyBytes,omitempty" export:"true"` // Encodings defines the list of supported compression algorithms. Encodings []string `json:"encodings,omitempty" toml:"encodings,omitempty" yaml:"encodings,omitempty" export:"true"` @@ -324,6 +326,7 @@ type Headers struct { SSLProxyHeaders map[string]string `json:"sslProxyHeaders,omitempty" toml:"sslProxyHeaders,omitempty" yaml:"sslProxyHeaders,omitempty"` // STSSeconds defines the max-age of the Strict-Transport-Security header. // If set to 0, the header is not set. + // +kubebuilder:validation:Minimum=0 STSSeconds int64 `json:"stsSeconds,omitempty" toml:"stsSeconds,omitempty" yaml:"stsSeconds,omitempty" export:"true"` // STSIncludeSubdomains defines whether the includeSubDomains directive is appended to the Strict-Transport-Security header. STSIncludeSubdomains bool `json:"stsIncludeSubdomains,omitempty" toml:"stsIncludeSubdomains,omitempty" yaml:"stsIncludeSubdomains,omitempty" export:"true"` @@ -424,6 +427,7 @@ func (h *Headers) HasSecureHeadersDefined() bool { // More info: https://doc.traefik.io/traefik/v3.3/middlewares/http/ipallowlist/#ipstrategy type IPStrategy struct { // Depth tells Traefik to use the X-Forwarded-For header and take the IP located at the depth position (starting from the right). + // +kubebuilder:validation:Minimum=0 Depth int `json:"depth,omitempty" toml:"depth,omitempty" yaml:"depth,omitempty" export:"true"` // ExcludedIPs configures Traefik to scan the X-Forwarded-For header and select the first IP not in the list. ExcludedIPs []string `json:"excludedIPs,omitempty" toml:"excludedIPs,omitempty" yaml:"excludedIPs,omitempty"` @@ -505,6 +509,7 @@ type IPAllowList struct { type InFlightReq struct { // Amount defines the maximum amount of allowed simultaneous in-flight request. // The middleware responds with HTTP 429 Too Many Requests if there are already amount requests in progress (based on the same sourceCriterion strategy). + // +kubebuilder:validation:Minimum=0 Amount int64 `json:"amount,omitempty" toml:"amount,omitempty" yaml:"amount,omitempty" export:"true"` // SourceCriterion defines what criterion is used to group requests as originating from a common source. // If several strategies are defined at the same time, an error will be raised. diff --git a/pkg/config/dynamic/tcp_config.go b/pkg/config/dynamic/tcp_config.go index 3c33e7b20..e0f607d84 100644 --- a/pkg/config/dynamic/tcp_config.go +++ b/pkg/config/dynamic/tcp_config.go @@ -128,6 +128,8 @@ type TCPServer struct { // More info: https://doc.traefik.io/traefik/v3.3/routing/services/#proxy-protocol type ProxyProtocol struct { // Version defines the PROXY Protocol version to use. + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=2 Version int `json:"version,omitempty" toml:"version,omitempty" yaml:"version,omitempty" export:"true"` } diff --git a/pkg/config/dynamic/tcp_middlewares.go b/pkg/config/dynamic/tcp_middlewares.go index a92bf0db9..81f3b1d76 100644 --- a/pkg/config/dynamic/tcp_middlewares.go +++ b/pkg/config/dynamic/tcp_middlewares.go @@ -19,6 +19,7 @@ type TCPMiddleware struct { type TCPInFlightConn struct { // Amount defines the maximum amount of allowed simultaneous connections. // The middleware closes the connection if there are already amount connections opened. + // +kubebuilder:validation:Minimum=0 Amount int64 `json:"amount,omitempty" toml:"amount,omitempty" yaml:"amount,omitempty" export:"true"` } diff --git a/pkg/provider/kubernetes/crd/traefikio/v1alpha1/ingressroute.go b/pkg/provider/kubernetes/crd/traefikio/v1alpha1/ingressroute.go index 14bae9634..164d1d39d 100644 --- a/pkg/provider/kubernetes/crd/traefikio/v1alpha1/ingressroute.go +++ b/pkg/provider/kubernetes/crd/traefikio/v1alpha1/ingressroute.go @@ -33,6 +33,7 @@ type Route struct { Kind string `json:"kind,omitempty"` // Priority defines the router's priority. // More info: https://doc.traefik.io/traefik/v3.3/routing/routers/#priority + // +kubebuilder:validation:Maximum=9223372036854774807 Priority int `json:"priority,omitempty"` // Syntax defines the router's rule syntax. // More info: https://doc.traefik.io/traefik/v3.3/routing/routers/#rulesyntax @@ -106,12 +107,14 @@ type LoadBalancerSpec struct { Sticky *dynamic.Sticky `json:"sticky,omitempty"` // Port defines the port of a Kubernetes Service. // This can be a reference to a named port. + // +kubebuilder:validation:XIntOrString Port intstr.IntOrString `json:"port,omitempty"` // Scheme defines the scheme to use for the request to the upstream Kubernetes Service. // It defaults to https when Kubernetes Service port is 443, http otherwise. Scheme string `json:"scheme,omitempty"` // Strategy defines the load balancing strategy between the servers. // RoundRobin is the only supported value at the moment. + // +kubebuilder:validation:Enum=RoundRobin Strategy string `json:"strategy,omitempty"` // PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service. // By default, passHostHeader is true. @@ -124,6 +127,7 @@ type LoadBalancerSpec struct { ServersTransport string `json:"serversTransport,omitempty"` // Weight defines the weight and should only be specified when Name references a TraefikService object // (and to be precise, one that embeds a Weighted Round Robin). + // +kubebuilder:validation:Minimum=0 Weight *int `json:"weight,omitempty"` // NativeLB controls, when creating the load-balancer, // whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. diff --git a/pkg/provider/kubernetes/crd/traefikio/v1alpha1/ingressroutetcp.go b/pkg/provider/kubernetes/crd/traefikio/v1alpha1/ingressroutetcp.go index 06b7bf2dd..40d5ac633 100644 --- a/pkg/provider/kubernetes/crd/traefikio/v1alpha1/ingressroutetcp.go +++ b/pkg/provider/kubernetes/crd/traefikio/v1alpha1/ingressroutetcp.go @@ -28,9 +28,11 @@ type RouteTCP struct { Match string `json:"match"` // Priority defines the router's priority. // More info: https://doc.traefik.io/traefik/v3.3/routing/routers/#priority_1 + // +kubebuilder:validation:Maximum=9223372036854774807 Priority int `json:"priority,omitempty"` // Syntax defines the router's rule syntax. // More info: https://doc.traefik.io/traefik/v3.3/routing/routers/#rulesyntax_1 + // +kubebuilder:validation:Enum=v3;v2 Syntax string `json:"syntax,omitempty"` // Services defines the list of TCP services. Services []ServiceTCP `json:"services,omitempty"` @@ -69,8 +71,10 @@ type ServiceTCP struct { Namespace string `json:"namespace,omitempty"` // Port defines the port of a Kubernetes Service. // This can be a reference to a named port. + // +kubebuilder:validation:XIntOrString Port intstr.IntOrString `json:"port"` // Weight defines the weight used when balancing requests between multiple Kubernetes Service. + // +kubebuilder:validation:Minimum=0 Weight *int `json:"weight,omitempty"` // TerminationDelay defines the deadline that the proxy sets, after one of its connected peers indicates // it has closed the writing capability of its connection, to close the reading capability as well, diff --git a/pkg/provider/kubernetes/crd/traefikio/v1alpha1/ingressrouteudp.go b/pkg/provider/kubernetes/crd/traefikio/v1alpha1/ingressrouteudp.go index 40b0800e9..1c9287d2a 100644 --- a/pkg/provider/kubernetes/crd/traefikio/v1alpha1/ingressrouteudp.go +++ b/pkg/provider/kubernetes/crd/traefikio/v1alpha1/ingressrouteudp.go @@ -30,8 +30,10 @@ type ServiceUDP struct { Namespace string `json:"namespace,omitempty"` // Port defines the port of a Kubernetes Service. // This can be a reference to a named port. + // +kubebuilder:validation:XIntOrString Port intstr.IntOrString `json:"port"` // Weight defines the weight used when balancing requests between multiple Kubernetes Service. + // +kubebuilder:validation:Minimum=0 Weight *int `json:"weight,omitempty"` // NativeLB controls, when creating the load-balancer, // whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. diff --git a/pkg/provider/kubernetes/crd/traefikio/v1alpha1/middleware.go b/pkg/provider/kubernetes/crd/traefikio/v1alpha1/middleware.go index 891c78aa2..29810587f 100644 --- a/pkg/provider/kubernetes/crd/traefikio/v1alpha1/middleware.go +++ b/pkg/provider/kubernetes/crd/traefikio/v1alpha1/middleware.go @@ -67,6 +67,7 @@ type ErrorPage struct { // as multiple comma-separated numbers (500,502), // as ranges by separating two codes with a dash (500-599), // or a combination of the two (404,418,500-599). + // +kubebuilder:validation:items:Pattern=`^([0-5][0-9]{2}[,-]?)+$` Status []string `json:"status,omitempty"` // StatusRewrites defines a mapping of status codes that should be returned instead of the original error status codes. // For example: "418": 404 or "410-418": 404 @@ -88,12 +89,18 @@ type CircuitBreaker struct { // Expression is the condition that triggers the tripped state. Expression string `json:"expression,omitempty" toml:"expression,omitempty" yaml:"expression,omitempty" export:"true"` // CheckPeriod is the interval between successive checks of the circuit breaker condition (when in standby state). + // +kubebuilder:validation:Pattern="^([0-9]+(ns|us|µs|ms|s|m|h)?)+$" + // +kubebuilder:validation:XIntOrString CheckPeriod *intstr.IntOrString `json:"checkPeriod,omitempty" toml:"checkPeriod,omitempty" yaml:"checkPeriod,omitempty" export:"true"` // FallbackDuration is the duration for which the circuit breaker will wait before trying to recover (from a tripped state). FallbackDuration *intstr.IntOrString `json:"fallbackDuration,omitempty" toml:"fallbackDuration,omitempty" yaml:"fallbackDuration,omitempty" export:"true"` // RecoveryDuration is the duration for which the circuit breaker will try to recover (as soon as it is in recovering state). + // +kubebuilder:validation:Pattern="^([0-9]+(ns|us|µs|ms|s|m|h)?)+$" + // +kubebuilder:validation:XIntOrString RecoveryDuration *intstr.IntOrString `json:"recoveryDuration,omitempty" toml:"recoveryDuration,omitempty" yaml:"recoveryDuration,omitempty" export:"true"` // ResponseCode is the status code that the circuit breaker will return while it is in the open state. + // +kubebuilder:validation:Minimum=100 + // +kubebuilder:validation:Maximum=599 ResponseCode int `json:"responseCode,omitempty" toml:"responseCode,omitempty" yaml:"responseCode,omitempty" export:"true"` } @@ -204,12 +211,15 @@ type RateLimit struct { // It defaults to 0, which means no rate limiting. // The rate is actually defined by dividing Average by Period. So for a rate below 1req/s, // one needs to define a Period larger than a second. + // +kubebuilder:validation:Minimum=0 Average *int64 `json:"average,omitempty"` // Period, in combination with Average, defines the actual maximum rate, such as: // r = Average / Period. It defaults to a second. + // +kubebuilder:validation:XIntOrString Period *intstr.IntOrString `json:"period,omitempty"` // Burst is the maximum number of requests allowed to arrive in the same arbitrarily small period of time. // It defaults to 1. + // +kubebuilder:validation:Minimum=0 Burst *int64 `json:"burst,omitempty"` // SourceCriterion defines what criterion is used to group requests as originating from a common source. // If several strategies are defined at the same time, an error will be raised. @@ -230,6 +240,7 @@ type Compress struct { IncludedContentTypes []string `json:"includedContentTypes,omitempty"` // MinResponseBodyBytes defines the minimum amount of bytes a response body must have to be compressed. // Default: 1024. + // +kubebuilder:validation:Minimum=0 MinResponseBodyBytes *int `json:"minResponseBodyBytes,omitempty"` // Encodings defines the list of supported compression algorithms. Encodings []string `json:"encodings,omitempty"` @@ -245,12 +256,15 @@ type Compress struct { // More info: https://doc.traefik.io/traefik/v3.3/middlewares/http/retry/ type Retry struct { // Attempts defines how many times the request should be retried. + // +kubebuilder:validation:Minimum=0 Attempts int `json:"attempts,omitempty"` // InitialInterval defines the first wait time in the exponential backoff series. // The maximum interval is calculated as twice the initialInterval. // If unspecified, requests will be retried immediately. // The value of initialInterval should be provided in seconds or as a valid duration format, // see https://pkg.go.dev/time#ParseDuration. + // +kubebuilder:validation:Pattern="^([0-9]+(ns|us|µs|ms|s|m|h)?)+$" + // +kubebuilder:validation:XIntOrString InitialInterval intstr.IntOrString `json:"initialInterval,omitempty"` } diff --git a/pkg/provider/kubernetes/crd/traefikio/v1alpha1/serverstransport.go b/pkg/provider/kubernetes/crd/traefikio/v1alpha1/serverstransport.go index c67fad368..3b13986fd 100644 --- a/pkg/provider/kubernetes/crd/traefikio/v1alpha1/serverstransport.go +++ b/pkg/provider/kubernetes/crd/traefikio/v1alpha1/serverstransport.go @@ -36,6 +36,7 @@ type ServersTransportSpec struct { // CertificatesSecrets defines a list of secret storing client certificates for mTLS. CertificatesSecrets []string `json:"certificatesSecrets,omitempty"` // MaxIdleConnsPerHost controls the maximum idle (keep-alive) to keep per-host. + // +kubebuilder:validation:Minimum=0 MaxIdleConnsPerHost int `json:"maxIdleConnsPerHost,omitempty"` // ForwardingTimeouts defines the timeouts for requests forwarded to the backend servers. ForwardingTimeouts *ForwardingTimeouts `json:"forwardingTimeouts,omitempty"` @@ -52,14 +53,24 @@ type ServersTransportSpec struct { // ForwardingTimeouts holds the timeout configurations for forwarding requests to the backend servers. type ForwardingTimeouts struct { // DialTimeout is the amount of time to wait until a connection to a backend server can be established. + // +kubebuilder:validation:Pattern="^([0-9]+(ns|us|µs|ms|s|m|h)?)+$" + // +kubebuilder:validation:XIntOrString DialTimeout *intstr.IntOrString `json:"dialTimeout,omitempty"` // ResponseHeaderTimeout is the amount of time to wait for a server's response headers after fully writing the request (including its body, if any). + // +kubebuilder:validation:Pattern="^([0-9]+(ns|us|µs|ms|s|m|h)?)+$" + // +kubebuilder:validation:XIntOrString ResponseHeaderTimeout *intstr.IntOrString `json:"responseHeaderTimeout,omitempty"` // IdleConnTimeout is the maximum period for which an idle HTTP keep-alive connection will remain open before closing itself. + // +kubebuilder:validation:Pattern="^([0-9]+(ns|us|µs|ms|s|m|h)?)+$" + // +kubebuilder:validation:XIntOrString IdleConnTimeout *intstr.IntOrString `json:"idleConnTimeout,omitempty"` // ReadIdleTimeout is the timeout after which a health check using ping frame will be carried out if no frame is received on the HTTP/2 connection. + // +kubebuilder:validation:Pattern="^([0-9]+(ns|us|µs|ms|s|m|h)?)+$" + // +kubebuilder:validation:XIntOrString ReadIdleTimeout *intstr.IntOrString `json:"readIdleTimeout,omitempty"` // PingTimeout is the timeout after which the HTTP/2 connection will be closed if a response to ping is not received. + // +kubebuilder:validation:Pattern="^([0-9]+(ns|us|µs|ms|s|m|h)?)+$" + // +kubebuilder:validation:XIntOrString PingTimeout *intstr.IntOrString `json:"pingTimeout,omitempty"` } diff --git a/pkg/provider/kubernetes/crd/traefikio/v1alpha1/serverstransporttcp.go b/pkg/provider/kubernetes/crd/traefikio/v1alpha1/serverstransporttcp.go index 6cd6126e8..46ba8694e 100644 --- a/pkg/provider/kubernetes/crd/traefikio/v1alpha1/serverstransporttcp.go +++ b/pkg/provider/kubernetes/crd/traefikio/v1alpha1/serverstransporttcp.go @@ -28,10 +28,16 @@ type ServersTransportTCP struct { // ServersTransportTCPSpec defines the desired state of a ServersTransportTCP. type ServersTransportTCPSpec struct { // DialTimeout is the amount of time to wait until a connection to a backend server can be established. + // +kubebuilder:validation:Pattern="^([0-9]+(ns|us|µs|ms|s|m|h)?)+$" + // +kubebuilder:validation:XIntOrString DialTimeout *intstr.IntOrString `json:"dialTimeout,omitempty"` // DialKeepAlive is the interval between keep-alive probes for an active network connection. If zero, keep-alive probes are sent with a default value (currently 15 seconds), if supported by the protocol and operating system. Network protocols or operating systems that do not support keep-alives ignore this field. If negative, keep-alive probes are disabled. + // +kubebuilder:validation:Pattern="^([0-9]+(ns|us|µs|ms|s|m|h)?)+$" + // +kubebuilder:validation:XIntOrString DialKeepAlive *intstr.IntOrString `json:"dialKeepAlive,omitempty"` // TerminationDelay defines the delay to wait before fully terminating the connection, after one connected peer has closed its writing capability. + // +kubebuilder:validation:Pattern="^([0-9]+(ns|us|µs|ms|s|m|h)?)+$" + // +kubebuilder:validation:XIntOrString TerminationDelay *intstr.IntOrString `json:"terminationDelay,omitempty"` // TLS defines the TLS configuration TLS *TLSClientConfig `description:"Defines the TLS configuration." json:"tls,omitempty"`