mirror of
https://github.com/traefik/traefik.git
synced 2025-05-05 15:33:01 +00:00
Compare commits
5 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
dddb68cd5f | ||
|
8f37c8f0c5 | ||
|
a092c4f535 | ||
|
d7d0017545 | ||
|
6c3b099c25 |
@ -250,6 +250,34 @@ when using the `HTTP-01` challenge, `certificatesresolvers.myresolver.acme.httpc
|
||||
!!! info ""
|
||||
Redirection is fully compatible with the `HTTP-01` challenge.
|
||||
|
||||
#### `Delay`
|
||||
|
||||
The delay between the creation of the challenge and the validation.
|
||||
A value lower than or equal to zero means no delay.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
certificatesResolvers:
|
||||
myresolver:
|
||||
acme:
|
||||
# ...
|
||||
httpChallenge:
|
||||
# ...
|
||||
delay: 12
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
[certificatesResolvers.myresolver.acme]
|
||||
# ...
|
||||
[certificatesResolvers.myresolver.acme.httpChallenge]
|
||||
# ...
|
||||
delay = 12
|
||||
```
|
||||
|
||||
```bash tab="CLI"
|
||||
# ...
|
||||
--certificatesresolvers.myresolver.acme.httpchallenge.delay=12
|
||||
```
|
||||
|
||||
### `dnsChallenge`
|
||||
|
||||
Use the `DNS-01` challenge to generate and renew ACME certificates by provisioning a DNS record.
|
||||
@ -807,6 +835,71 @@ certificatesResolvers:
|
||||
# ...
|
||||
```
|
||||
|
||||
### `clientTimeout`
|
||||
|
||||
_Optional, Default=2m_
|
||||
|
||||
`clientTimeout` is the total timeout for a complete HTTP transaction (including TCP connection, sending request and receiving response) with the ACME server.
|
||||
It defaults to 2 minutes.
|
||||
|
||||
!!! warning "This timeout encompasses the entire request-response cycle, including the response headers timeout. It must be at least `clientResponseHeaderTimeout`, otherwise the certificate resolver will fail to start."
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
certificatesResolvers:
|
||||
myresolver:
|
||||
acme:
|
||||
# ...
|
||||
clientTimeout: 1m
|
||||
# ...
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
[certificatesResolvers.myresolver.acme]
|
||||
# ...
|
||||
clientTimeout=1m
|
||||
# ...
|
||||
```
|
||||
|
||||
```bash tab="CLI"
|
||||
# ...
|
||||
--certificatesresolvers.myresolver.acme.clientTimeout=1m
|
||||
# ...
|
||||
```
|
||||
|
||||
!!! warning
|
||||
This should not be confused with any timeouts used for validating challenges.
|
||||
|
||||
### `clientResponseHeaderTimeout`
|
||||
|
||||
_Optional, Default=30s_
|
||||
|
||||
`clientResponseHeaderTimeout` defines how long the HTTP client waits for response headers when communicating with the `caServer`.
|
||||
It defaults to 30 seconds.
|
||||
|
||||
!!! warning "It must be lower than `clientTimeout`, otherwise the certificate resolver will fail to start."
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
certificatesResolvers:
|
||||
myresolver:
|
||||
acme:
|
||||
# ...
|
||||
clientResponseHeaderTimeout: 1m
|
||||
# ...
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
[certificatesResolvers.myresolver.acme]
|
||||
# ...
|
||||
clientResponseHeaderTimeout=1m
|
||||
# ...
|
||||
```
|
||||
|
||||
```bash tab="CLI"
|
||||
# ...
|
||||
--certificatesresolvers.myresolver.acme.clientResponseHeaderTimeout=1m
|
||||
# ...
|
||||
```
|
||||
|
||||
### `preferredChain`
|
||||
|
||||
_Optional, Default=""_
|
||||
|
||||
@ -30,6 +30,20 @@
|
||||
#
|
||||
# certificatesDuration=2160
|
||||
|
||||
# Timeout for a complete HTTP transaction with the ACME server.
|
||||
#
|
||||
# Optional
|
||||
# Default: 2m
|
||||
#
|
||||
# clientTimeout="2m"
|
||||
|
||||
# Timeout for receiving the response headers when communicating with the ACME server.
|
||||
#
|
||||
# Optional
|
||||
# Default: 30s
|
||||
#
|
||||
# clientResponseHeaderTimeout="30s"
|
||||
|
||||
# Preferred chain to use.
|
||||
#
|
||||
# If the CA offers multiple certificate chains, prefer the chain with an issuer matching this Subject Common Name.
|
||||
|
||||
@ -29,6 +29,20 @@
|
||||
#
|
||||
--certificatesresolvers.myresolver.acme.certificatesDuration=2160
|
||||
|
||||
# Timeout for a complete HTTP transaction with the ACME server.
|
||||
#
|
||||
# Optional
|
||||
# Default: 2m
|
||||
#
|
||||
--certificatesresolvers.myresolver.acme.clientTimeout=2m
|
||||
|
||||
# Timeout for receiving the response headers when communicating with the ACME server.
|
||||
#
|
||||
# Optional
|
||||
# Default: 30s
|
||||
#
|
||||
--certificatesresolvers.myresolver.acme.clientResponseHeaderTimeout=30s
|
||||
|
||||
# Preferred chain to use.
|
||||
#
|
||||
# If the CA offers multiple certificate chains, prefer the chain with an issuer matching this Subject Common Name.
|
||||
|
||||
@ -32,6 +32,20 @@ certificatesResolvers:
|
||||
#
|
||||
# certificatesDuration: 2160
|
||||
|
||||
# Timeout for a complete HTTP transaction with the ACME server.
|
||||
#
|
||||
# Optional
|
||||
# Default: 2m
|
||||
#
|
||||
# clientTimeout: "2m"
|
||||
|
||||
# Timeout for receiving the response headers when communicating with the ACME server.
|
||||
#
|
||||
# Optional
|
||||
# Default: 30s
|
||||
#
|
||||
# clientResponseHeaderTimeout: "30s"
|
||||
|
||||
# Preferred chain to use.
|
||||
#
|
||||
# If the CA offers multiple certificate chains, prefer the chain with an issuer matching this Subject Common Name.
|
||||
|
||||
@ -209,6 +209,7 @@
|
||||
- "traefik.http.services.service02.loadbalancer.healthcheck.scheme=foobar"
|
||||
- "traefik.http.services.service02.loadbalancer.healthcheck.status=42"
|
||||
- "traefik.http.services.service02.loadbalancer.healthcheck.timeout=42s"
|
||||
- "traefik.http.services.service02.loadbalancer.healthcheck.unhealthyinterval=42s"
|
||||
- "traefik.http.services.service02.loadbalancer.passhostheader=true"
|
||||
- "traefik.http.services.service02.loadbalancer.responseforwarding.flushinterval=42s"
|
||||
- "traefik.http.services.service02.loadbalancer.serverstransport=foobar"
|
||||
|
||||
@ -84,6 +84,7 @@
|
||||
status = 42
|
||||
port = 42
|
||||
interval = "42s"
|
||||
unhealthyInterval = "42s"
|
||||
timeout = "42s"
|
||||
hostname = "foobar"
|
||||
followRedirects = true
|
||||
|
||||
@ -89,6 +89,7 @@ http:
|
||||
status: 42
|
||||
port: 42
|
||||
interval: 42s
|
||||
unhealthyInterval: 42s
|
||||
timeout: 42s
|
||||
hostname: foobar
|
||||
followRedirects: true
|
||||
|
||||
@ -136,7 +136,7 @@ spec:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: |-
|
||||
Interval defines the frequency of the health check calls.
|
||||
Interval defines the frequency of the health check calls for healthy targets.
|
||||
Default: 30s
|
||||
x-kubernetes-int-or-string: true
|
||||
method:
|
||||
@ -172,6 +172,15 @@ spec:
|
||||
Timeout defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy.
|
||||
Default: 5s
|
||||
x-kubernetes-int-or-string: true
|
||||
unhealthyInterval:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: |-
|
||||
UnhealthyInterval defines the frequency of the health check calls for unhealthy targets.
|
||||
When UnhealthyInterval is not defined, it defaults to the Interval value.
|
||||
Default: 30s
|
||||
x-kubernetes-int-or-string: true
|
||||
type: object
|
||||
kind:
|
||||
description: Kind defines the kind of the Service.
|
||||
@ -1069,7 +1078,7 @@ spec:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: |-
|
||||
Interval defines the frequency of the health check calls.
|
||||
Interval defines the frequency of the health check calls for healthy targets.
|
||||
Default: 30s
|
||||
x-kubernetes-int-or-string: true
|
||||
method:
|
||||
@ -1105,6 +1114,15 @@ spec:
|
||||
Timeout defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy.
|
||||
Default: 5s
|
||||
x-kubernetes-int-or-string: true
|
||||
unhealthyInterval:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: |-
|
||||
UnhealthyInterval defines the frequency of the health check calls for unhealthy targets.
|
||||
When UnhealthyInterval is not defined, it defaults to the Interval value.
|
||||
Default: 30s
|
||||
x-kubernetes-int-or-string: true
|
||||
type: object
|
||||
kind:
|
||||
description: Kind defines the kind of the Service.
|
||||
@ -2741,7 +2759,7 @@ spec:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: |-
|
||||
Interval defines the frequency of the health check calls.
|
||||
Interval defines the frequency of the health check calls for healthy targets.
|
||||
Default: 30s
|
||||
x-kubernetes-int-or-string: true
|
||||
method:
|
||||
@ -2777,6 +2795,15 @@ spec:
|
||||
Timeout defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy.
|
||||
Default: 5s
|
||||
x-kubernetes-int-or-string: true
|
||||
unhealthyInterval:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: |-
|
||||
UnhealthyInterval defines the frequency of the health check calls for unhealthy targets.
|
||||
When UnhealthyInterval is not defined, it defaults to the Interval value.
|
||||
Default: 30s
|
||||
x-kubernetes-int-or-string: true
|
||||
type: object
|
||||
kind:
|
||||
description: Kind defines the kind of the Service.
|
||||
@ -2826,7 +2853,7 @@ spec:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: |-
|
||||
Interval defines the frequency of the health check calls.
|
||||
Interval defines the frequency of the health check calls for healthy targets.
|
||||
Default: 30s
|
||||
x-kubernetes-int-or-string: true
|
||||
method:
|
||||
@ -2862,6 +2889,15 @@ spec:
|
||||
Timeout defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy.
|
||||
Default: 5s
|
||||
x-kubernetes-int-or-string: true
|
||||
unhealthyInterval:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: |-
|
||||
UnhealthyInterval defines the frequency of the health check calls for unhealthy targets.
|
||||
When UnhealthyInterval is not defined, it defaults to the Interval value.
|
||||
Default: 30s
|
||||
x-kubernetes-int-or-string: true
|
||||
type: object
|
||||
kind:
|
||||
description: Kind defines the kind of the Service.
|
||||
@ -3163,7 +3199,7 @@ spec:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: |-
|
||||
Interval defines the frequency of the health check calls.
|
||||
Interval defines the frequency of the health check calls for healthy targets.
|
||||
Default: 30s
|
||||
x-kubernetes-int-or-string: true
|
||||
method:
|
||||
@ -3199,6 +3235,15 @@ spec:
|
||||
Timeout defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy.
|
||||
Default: 5s
|
||||
x-kubernetes-int-or-string: true
|
||||
unhealthyInterval:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: |-
|
||||
UnhealthyInterval defines the frequency of the health check calls for unhealthy targets.
|
||||
When UnhealthyInterval is not defined, it defaults to the Interval value.
|
||||
Default: 30s
|
||||
x-kubernetes-int-or-string: true
|
||||
type: object
|
||||
kind:
|
||||
description: Kind defines the kind of the Service.
|
||||
|
||||
@ -281,6 +281,7 @@ THIS FILE MUST NOT BE EDITED BY HAND
|
||||
| `traefik/http/services/Service02/loadBalancer/healthCheck/scheme` | `foobar` |
|
||||
| `traefik/http/services/Service02/loadBalancer/healthCheck/status` | `42` |
|
||||
| `traefik/http/services/Service02/loadBalancer/healthCheck/timeout` | `42s` |
|
||||
| `traefik/http/services/Service02/loadBalancer/healthCheck/unhealthyInterval` | `42s` |
|
||||
| `traefik/http/services/Service02/loadBalancer/passHostHeader` | `true` |
|
||||
| `traefik/http/services/Service02/loadBalancer/responseForwarding/flushInterval` | `42s` |
|
||||
| `traefik/http/services/Service02/loadBalancer/servers/0/preservePath` | `true` |
|
||||
|
||||
@ -136,7 +136,7 @@ spec:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: |-
|
||||
Interval defines the frequency of the health check calls.
|
||||
Interval defines the frequency of the health check calls for healthy targets.
|
||||
Default: 30s
|
||||
x-kubernetes-int-or-string: true
|
||||
method:
|
||||
@ -172,6 +172,15 @@ spec:
|
||||
Timeout defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy.
|
||||
Default: 5s
|
||||
x-kubernetes-int-or-string: true
|
||||
unhealthyInterval:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: |-
|
||||
UnhealthyInterval defines the frequency of the health check calls for unhealthy targets.
|
||||
When UnhealthyInterval is not defined, it defaults to the Interval value.
|
||||
Default: 30s
|
||||
x-kubernetes-int-or-string: true
|
||||
type: object
|
||||
kind:
|
||||
description: Kind defines the kind of the Service.
|
||||
|
||||
@ -301,7 +301,7 @@ spec:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: |-
|
||||
Interval defines the frequency of the health check calls.
|
||||
Interval defines the frequency of the health check calls for healthy targets.
|
||||
Default: 30s
|
||||
x-kubernetes-int-or-string: true
|
||||
method:
|
||||
@ -337,6 +337,15 @@ spec:
|
||||
Timeout defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy.
|
||||
Default: 5s
|
||||
x-kubernetes-int-or-string: true
|
||||
unhealthyInterval:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: |-
|
||||
UnhealthyInterval defines the frequency of the health check calls for unhealthy targets.
|
||||
When UnhealthyInterval is not defined, it defaults to the Interval value.
|
||||
Default: 30s
|
||||
x-kubernetes-int-or-string: true
|
||||
type: object
|
||||
kind:
|
||||
description: Kind defines the kind of the Service.
|
||||
|
||||
@ -71,7 +71,7 @@ spec:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: |-
|
||||
Interval defines the frequency of the health check calls.
|
||||
Interval defines the frequency of the health check calls for healthy targets.
|
||||
Default: 30s
|
||||
x-kubernetes-int-or-string: true
|
||||
method:
|
||||
@ -107,6 +107,15 @@ spec:
|
||||
Timeout defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy.
|
||||
Default: 5s
|
||||
x-kubernetes-int-or-string: true
|
||||
unhealthyInterval:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: |-
|
||||
UnhealthyInterval defines the frequency of the health check calls for unhealthy targets.
|
||||
When UnhealthyInterval is not defined, it defaults to the Interval value.
|
||||
Default: 30s
|
||||
x-kubernetes-int-or-string: true
|
||||
type: object
|
||||
kind:
|
||||
description: Kind defines the kind of the Service.
|
||||
@ -156,7 +165,7 @@ spec:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: |-
|
||||
Interval defines the frequency of the health check calls.
|
||||
Interval defines the frequency of the health check calls for healthy targets.
|
||||
Default: 30s
|
||||
x-kubernetes-int-or-string: true
|
||||
method:
|
||||
@ -192,6 +201,15 @@ spec:
|
||||
Timeout defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy.
|
||||
Default: 5s
|
||||
x-kubernetes-int-or-string: true
|
||||
unhealthyInterval:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: |-
|
||||
UnhealthyInterval defines the frequency of the health check calls for unhealthy targets.
|
||||
When UnhealthyInterval is not defined, it defaults to the Interval value.
|
||||
Default: 30s
|
||||
x-kubernetes-int-or-string: true
|
||||
type: object
|
||||
kind:
|
||||
description: Kind defines the kind of the Service.
|
||||
@ -493,7 +511,7 @@ spec:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: |-
|
||||
Interval defines the frequency of the health check calls.
|
||||
Interval defines the frequency of the health check calls for healthy targets.
|
||||
Default: 30s
|
||||
x-kubernetes-int-or-string: true
|
||||
method:
|
||||
@ -529,6 +547,15 @@ spec:
|
||||
Timeout defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy.
|
||||
Default: 5s
|
||||
x-kubernetes-int-or-string: true
|
||||
unhealthyInterval:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: |-
|
||||
UnhealthyInterval defines the frequency of the health check calls for unhealthy targets.
|
||||
When UnhealthyInterval is not defined, it defaults to the Interval value.
|
||||
Default: 30s
|
||||
x-kubernetes-int-or-string: true
|
||||
type: object
|
||||
kind:
|
||||
description: Kind defines the kind of the Service.
|
||||
|
||||
@ -73,27 +73,30 @@ certificatesResolvers:
|
||||
|
||||
ACME certificate resolvers have the following configuration options:
|
||||
|
||||
| Field | Description | Default | Required |
|
||||
|:------------------|:--------------------|:-----------------------------------------------|:---------|
|
||||
| `acme.email` | Email address used for registration. | "" | Yes |
|
||||
| `acme.caServer` | CA server to use. | https://acme-v02.api.letsencrypt.org/directory | No |
|
||||
| `acme.preferredChain` | Preferred chain to use. If the CA offers multiple certificate chains, prefer the chain with an issuer matching this Subject Common Name. If no match, the default offered chain will be used. | "" | No |
|
||||
| `acme.keyType` | KeyType to use. | "RSA4096" | No |
|
||||
| `acme.eab` | Enable external account binding.| | No |
|
||||
| `acme.eab.kid` | Key identifier from External CA. | "" | No |
|
||||
| `acme.eab.hmacEncoded` | HMAC key from External CA, should be in Base64 URL Encoding without padding format. | "" | No |
|
||||
| `acme.certificatesDuration` | The certificates' duration in hours, exclusively used to determine renewal dates. | 2160 | No |
|
||||
| `acme.dnsChallenge` | Enable DNS-01 challenge. More information [here](#dnschallenge). | - | No |
|
||||
| `acme.dnsChallenge.provider` | DNS provider to use. | "" | No |
|
||||
| `acme.dnsChallenge.resolvers` | DNS servers to resolve the FQDN authority. | [] | No |
|
||||
| `acme.dnsChallenge.propagation.delayBeforeChecks` | By default, the provider will verify the TXT DNS challenge record before letting ACME verify. If `delayBeforeCheck` is greater than zero, this check is delayed for the configured duration in seconds. This is Useful if internal networks block external DNS queries. | 0s | No |
|
||||
| `acme.dnsChallenge.propagation.disableChecks` | Disables the challenge TXT record propagation checks, before notifying ACME that the DNS challenge is ready. Please note that disabling checks can prevent the challenge from succeeding. | false | No |
|
||||
| `acme.dnsChallenge.propagation.requireAllRNS` | Enables the challenge TXT record to be propagated to all recursive nameservers. If you have disabled authoritative nameservers checks (with `propagation.disableANSChecks`), it is recommended to check all recursive nameservers instead. | false | No |
|
||||
| `acme.dnsChallenge.propagation.disableANSChecks` | Disables the challenge TXT record propagation checks against authoritative nameservers. This option will skip the propagation check against the nameservers of the authority (SOA). It should be used only if the nameservers of the authority are not reachable. | false | No |
|
||||
| `acme.httpChallenge` | Enable HTTP-01 challenge. More information [here](#httpchallenge). | | No |
|
||||
| `acme.httpChallenge.entryPoint` | EntryPoint to use for the HTTP-01 challenges. Must be reachable by Let's Encrypt through port 80 | "" | Yes |
|
||||
| `acme.tlsChallenge` | Enable TLS-ALPN-01 challenge. Traefik must be reachable by Let's Encrypt through port 443. More information [here](#tlschallenge). | - | No |
|
||||
| `acme.storage` | File path used for certificates storage. | "acme.json" | Yes |
|
||||
| Field | Description | Default | Required |
|
||||
|:--------------------------------------------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-----------------------------------------------|:---------|
|
||||
| `acme.email` | Email address used for registration. | "" | Yes |
|
||||
| `acme.caServer` | CA server to use. | https://acme-v02.api.letsencrypt.org/directory | No |
|
||||
| `acme.preferredChain` | Preferred chain to use. If the CA offers multiple certificate chains, prefer the chain with an issuer matching this Subject Common Name. If no match, the default offered chain will be used. | "" | No |
|
||||
| `acme.keyType` | KeyType to use. | "RSA4096" | No |
|
||||
| `acme.eab` | Enable external account binding. | | No |
|
||||
| `acme.eab.kid` | Key identifier from External CA. | "" | No |
|
||||
| `acme.eab.hmacEncoded` | HMAC key from External CA, should be in Base64 URL Encoding without padding format. | "" | No |
|
||||
| `acme.certificatesDuration` | The certificates' duration in hours, exclusively used to determine renewal dates. | 2160 | No |
|
||||
| `acme.clientTimeout` | Timeout for HTTP Client used to communicate with the ACME server. | 2m | No |
|
||||
| `acme.clientResponseHeaderTimeout` | Timeout for response headers for HTTP Client used to communicate with the ACME server. | 30s | No |
|
||||
| `acme.dnsChallenge` | Enable DNS-01 challenge. More information [here](#dnschallenge). | - | No |
|
||||
| `acme.dnsChallenge.provider` | DNS provider to use. | "" | No |
|
||||
| `acme.dnsChallenge.resolvers` | DNS servers to resolve the FQDN authority. | [] | No |
|
||||
| `acme.dnsChallenge.propagation.delayBeforeChecks` | By default, the provider will verify the TXT DNS challenge record before letting ACME verify. If `delayBeforeCheck` is greater than zero, this check is delayed for the configured duration in seconds. This is Useful if internal networks block external DNS queries. | 0s | No |
|
||||
| `acme.dnsChallenge.propagation.disableChecks` | Disables the challenge TXT record propagation checks, before notifying ACME that the DNS challenge is ready. Please note that disabling checks can prevent the challenge from succeeding. | false | No |
|
||||
| `acme.dnsChallenge.propagation.requireAllRNS` | Enables the challenge TXT record to be propagated to all recursive nameservers. If you have disabled authoritative nameservers checks (with `propagation.disableANSChecks`), it is recommended to check all recursive nameservers instead. | false | No |
|
||||
| `acme.dnsChallenge.propagation.disableANSChecks` | Disables the challenge TXT record propagation checks against authoritative nameservers. This option will skip the propagation check against the nameservers of the authority (SOA). It should be used only if the nameservers of the authority are not reachable. | false | No |
|
||||
| `acme.httpChallenge` | Enable HTTP-01 challenge. More information [here](#httpchallenge). | | No |
|
||||
| `acme.httpChallenge.entryPoint` | EntryPoint to use for the HTTP-01 challenges. Must be reachable by Let's Encrypt through port 80 | "" | Yes |
|
||||
| `acme.httpChallenge.delay` | The delay between the creation of the challenge and the validation. A value lower than or equal to zero means no delay. | 0 | No |
|
||||
| `acme.tlsChallenge` | Enable TLS-ALPN-01 challenge. Traefik must be reachable by Let's Encrypt through port 443. More information [here](#tlschallenge). | - | No |
|
||||
| `acme.storage` | File path used for certificates storage. | "acme.json" | Yes |
|
||||
|
||||
## Automatic Certificate Renewal
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: "Traefik HTTP Services Documentation"
|
||||
description: "A service is in charge of connecting incoming requests to the Servers that can handle them. Read the technical documentation."
|
||||
---
|
||||
---
|
||||
|
||||
## Service Load Balancer
|
||||
|
||||
@ -70,7 +70,6 @@ labels:
|
||||
|
||||
```json tab="Tags"
|
||||
{
|
||||
// ...
|
||||
"Tags": [
|
||||
"traefik.http.services.my-service.loadBalancer.servers[0].url=http://private-ip-server-1/",
|
||||
"traefik.http.services.my-service.loadBalancer.servers[0].weight=2",
|
||||
@ -88,15 +87,15 @@ labels:
|
||||
|
||||
### Configuration Options
|
||||
|
||||
| Field | Description | Required |
|
||||
|----------|------------------------------------------|----------|
|
||||
|`servers`| Represents individual backend instances for your service | Yes |
|
||||
|`sticky`| Defines a `Set-Cookie` header is set on the initial response to let the client know which server handles the first response. | No |
|
||||
|`healthcheck`| Configures health check to remove unhealthy servers from the load balancing rotation. | No |
|
||||
|`passHostHeader`| Allows forwarding of the client Host header to server. By default, `passHostHeader` is true. | No |
|
||||
|`serversTransport`| Allows to reference an [HTTP ServersTransport](./serverstransport.md) configuration for the communication between Traefik and your servers. If no `serversTransport` is specified, the `default@internal` will be used. | No |
|
||||
| `responseForwarding` | Configures how Traefik forwards the response from the backend server to the client.| No |
|
||||
| `responseForwarding.FlushInterval` | Specifies the interval in between flushes to the client while copying the response body. It is a duration in milliseconds, defaulting to 100ms. A negative value means to flush immediately after each write to the client. The `FlushInterval` is ignored when ReverseProxy recognizes a response as a streaming response; for such responses, writes are flushed to the client immediately. | No |
|
||||
| Field | Description | Required |
|
||||
|------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|
|
||||
| `servers` | Represents individual backend instances for your service | Yes |
|
||||
| `sticky` | Defines a `Set-Cookie` header is set on the initial response to let the client know which server handles the first response. | No |
|
||||
| `healthcheck` | Configures health check to remove unhealthy servers from the load balancing rotation. | No |
|
||||
| `passHostHeader` | Allows forwarding of the client Host header to server. By default, `passHostHeader` is true. | No |
|
||||
| `serversTransport` | Allows to reference an [HTTP ServersTransport](./serverstransport.md) configuration for the communication between Traefik and your servers. If no `serversTransport` is specified, the `default@internal` will be used. | No |
|
||||
| `responseForwarding` | Configures how Traefik forwards the response from the backend server to the client. | No |
|
||||
| `responseForwarding.FlushInterval` | Specifies the interval in between flushes to the client while copying the response body. It is a duration in milliseconds, defaulting to 100ms. A negative value means to flush immediately after each write to the client. The `FlushInterval` is ignored when ReverseProxy recognizes a response as a streaming response; for such responses, writes are flushed to the client immediately. | No |
|
||||
|
||||
#### Servers
|
||||
|
||||
@ -104,11 +103,11 @@ Servers represent individual backend instances for your service. The [service lo
|
||||
|
||||
##### Configuration Options
|
||||
|
||||
| Field | Description | Required |
|
||||
|----------|------------------------------------------|----------|
|
||||
|`url`| Points to a specific instance. | Yes for File provider, No for [Docker provider](../../other-providers/docker.md) |
|
||||
|`weight`| Allows for weighted load balancing on the servers. | No |
|
||||
|`preservePath`| Allows to preserve the URL path. | No |
|
||||
| Field | Description | Required |
|
||||
|----------------|----------------------------------------------------|----------------------------------------------------------------------------------|
|
||||
| `url` | Points to a specific instance. | Yes for File provider, No for [Docker provider](../../other-providers/docker.md) |
|
||||
| `weight` | Allows for weighted load balancing on the servers. | No |
|
||||
| `preservePath` | Allows to preserve the URL path. | No |
|
||||
|
||||
#### Health Check
|
||||
|
||||
@ -118,20 +117,21 @@ To propagate status changes (e.g. all servers of this service are down) upwards,
|
||||
|
||||
Below are the available options for the health check mechanism:
|
||||
|
||||
| Field | Description | Default | Required |
|
||||
|----------|------------------------------------------|----------|--------|
|
||||
|`path`| Defines the server URL path for the health check endpoint. | "" | Yes |
|
||||
|`scheme`| Replaces the server URL scheme for the health check endpoint. | | No |
|
||||
|`mode`| If defined to `grpc`, will use the gRPC health check protocol to probe the server. | http | No |
|
||||
|`hostname`| Defines the value of hostname in the Host header of the health check request. | "" | No |
|
||||
|`port`| Replaces the server URL port for the health check endpoint. | | No |
|
||||
|`interval`| Defines the frequency of the health check calls. | 30s | No |
|
||||
|`timeout`| Defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy. | 5s | No |
|
||||
|`headers`| Defines custom headers to be sent to the health check endpoint. | | No |
|
||||
|`followRedirects`| Defines whether redirects should be followed during the health check calls. | true | No |
|
||||
|`hostname`| Defines the value of hostname in the Host header of the health check request. | "" | No |
|
||||
|`method`| Defines the HTTP method that will be used while connecting to the endpoint. | GET | No |
|
||||
|`status`| Defines the expected HTTP status code of the response to the health check request. | | No |
|
||||
| Field | Description | Default | Required |
|
||||
|---------------------|-------------------------------------------------------------------------------------------------------------------------------|---------|----------|
|
||||
| `path` | Defines the server URL path for the health check endpoint. | "" | Yes |
|
||||
| `scheme` | Replaces the server URL scheme for the health check endpoint. | | No |
|
||||
| `mode` | If defined to `grpc`, will use the gRPC health check protocol to probe the server. | http | No |
|
||||
| `hostname` | Defines the value of hostname in the Host header of the health check request. | "" | No |
|
||||
| `port` | Replaces the server URL port for the health check endpoint. | | No |
|
||||
| `interval` | Defines the frequency of the health check calls for healthy targets. | 30s | No |
|
||||
| `unhealthyInterval` | Defines the frequency of the health check calls for unhealthy targets. When not defined, it defaults to the `interval` value. | 30s | No |
|
||||
| `timeout` | Defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy. | 5s | No |
|
||||
| `headers` | Defines custom headers to be sent to the health check endpoint. | | No |
|
||||
| `followRedirects` | Defines whether redirects should be followed during the health check calls. | true | No |
|
||||
| `hostname` | Defines the value of hostname in the Host header of the health check request. | "" | No |
|
||||
| `method` | Defines the HTTP method that will be used while connecting to the endpoint. | GET | No |
|
||||
| `status` | Defines the expected HTTP status code of the response to the health check request. | | No |
|
||||
|
||||
## Weighted Round Robin (WRR)
|
||||
|
||||
|
||||
@ -74,56 +74,57 @@ spec:
|
||||
|
||||
## Configuration Options
|
||||
|
||||
| Field | Description | Default | Required |
|
||||
|:------|:----------------------------------------------------------|:---------------------|:---------|
|
||||
| `entryPoints` | List of [entry points](../../../../install-configuration/entrypoints.md) names.<br />If not specified, HTTP routers will accept requests from all EntryPoints in the list of default EntryPoints. | | No |
|
||||
| `routes` | List of routes. | | Yes |
|
||||
| `routes[n].kind` | Kind of router matching, only `Rule` is allowed yet. | "Rule" | No |
|
||||
| `routes[n].match` | Defines the [rule](../../../http/router/rules-and-priority.md#rules) corresponding to an underlying router. | | Yes |
|
||||
| `routes[n].priority` | Defines the [priority](../../../http/router/rules-and-priority.md#priority-calculation) to disambiguate rules of the same length, for route matching.<br />If not set, the priority is directly equal to the length of the rule, and so the longest length has the highest priority.<br />A value of `0` for the priority is ignored, the default rules length sorting is used. | 0 | No |
|
||||
| `routes[n].middlewares` | List of middlewares to attach to the IngressRoute. <br />More information [here](#middleware). | "" | No |
|
||||
| `routes[n].`<br />`middlewares[m].`<br />`name` | Middleware name.<br />The character `@` is not authorized. <br />More information [here](#middleware). | | Yes |
|
||||
| `routes[n].`<br />`middlewares[m].`<br />`namespace` | Middleware namespace.<br />Can be empty if the middleware belongs to the same namespace as the IngressRoute. <br />More information [here](#middleware). | | No |
|
||||
| `routes[n].`<br />`observability.`<br />`accesslogs` | Defines whether the route will produce [access-logs](../../../../install-configuration/observability/logs-and-accesslogs.md). See [here](../../../http/router/observability.md) for more information. | false | No |
|
||||
| `routes[n].`<br />`observability.`<br />`metrics` | Defines whether the route will produce [metrics](../../../../install-configuration/observability/metrics.md). See [here](../../../http/router/observability.md) for more information. | false | No |
|
||||
| `routes[n].`<br />`observability.`<br />`tracing` | Defines whether the route will produce [traces](../../../../install-configuration/observability/tracing.md). See [here](../../../http/router/observability.md) for more information. | false | No |
|
||||
| `routes[n].`<br />`services` | List of any combination of TraefikService and [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/). <br />More information [here](#externalname-service). | | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`kind` | Kind of the service targeted.<br />Two values allowed:<br />- **Service**: Kubernetes Service<br /> **TraefikService**: Traefik Service.<br />More information [here](#externalname-service). | "Service" | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`name` | Service name.<br />The character `@` is not authorized. <br />More information [here](#middleware). | | Yes |
|
||||
| `routes[n].`<br />`services[m].`<br />`namespace` | Service namespace.<br />Can be empty if the service belongs to the same namespace as the IngressRoute. <br />More information [here](#externalname-service). | | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`port` | Service port (number or port name).<br />Evaluated only if the kind is **Service**. | | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`responseForwarding.`<br />`flushInterval` | Interval, in milliseconds, in between flushes to the client while copying the response body.<br />A negative value means to flush immediately after each write to the client.<br />This configuration is ignored when a response is a streaming response; for such responses, writes are flushed to the client immediately.<br />Evaluated only if the kind is **Service**. | 100ms | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`scheme` | Scheme to use for the request to the upstream Kubernetes Service.<br />Evaluated only if the kind is **Service**. | "http"<br />"https" if `port` is 443 or contains the string *https*. | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`serversTransport` | Name of ServersTransport resource to use to configure the transport between Traefik and your servers.<br />Evaluated only if the kind is **Service**. | "" | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`passHostHeader` | Forward client Host header to server.<br />Evaluated only if the kind is **Service**. | true | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`healthCheck.scheme` | Server URL scheme for the health check endpoint.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | "" | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`healthCheck.mode` | Health check mode.<br /> If defined to grpc, will use the gRPC health check protocol to probe the server.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | "http" | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`healthCheck.path` | Server URL path for the health check endpoint.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | "" | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`healthCheck.interval` | Frequency of the health check calls.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | "100ms" | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`healthCheck.method` | HTTP method for the health check endpoint.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | "GET" | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`healthCheck.status` | Expected HTTP status code of the response to the health check request.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type ExternalName.<br />If not set, expect a status between 200 and 399.<br />Evaluated only if the kind is **Service**. | | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`healthCheck.port` | URL port for the health check endpoint.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`healthCheck.timeout` | Maximum duration to wait before considering the server unhealthy.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | "5s" | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`healthCheck.hostname` | Value in the Host header of the health check request.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | "" | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`healthCheck.`<br />`followRedirect` | Follow the redirections during the healtchcheck.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | true | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`healthCheck.headers` | Map of header to send to the health check endpoint<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service)). | | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`sticky.`<br />`cookie.name` | Name of the cookie used for the stickiness.<br />When sticky sessions are enabled, a `Set-Cookie` header is set on the initial response to let the client know which server handles the first response.<br />On subsequent requests, to keep the session alive with the same server, the client should send the cookie with the value set.<br />If the server pecified in the cookie becomes unhealthy, the request will be forwarded to a new server (and the cookie will keep track of the new server).<br />Evaluated only if the kind is **Service**. | "" | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`sticky.`<br />`cookie.httpOnly` | Allow the cookie can be accessed by client-side APIs, such as JavaScript.<br />Evaluated only if the kind is **Service**. | false | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`sticky.`<br />`cookie.secure` | Allow the cookie can only be transmitted over an encrypted connection (i.e. HTTPS).<br />Evaluated only if the kind is **Service**. | false | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`sticky.`<br />`cookie.sameSite` | [SameSite](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite) policy<br />Allowed values:<br />-`none`<br />-`lax`<br />`strict`<br />Evaluated only if the kind is **Service**. | "" | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`sticky.`<br />`cookie.maxAge` | Number of seconds until the cookie expires.<br />Negative number, the cookie expires immediately.<br />0, the cookie never expires.<br />Evaluated only if the kind is **Service**. | 0 | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`strategy` | Load balancing strategy between the servers.<br />RoundRobin is the only supported value yet.<br />Evaluated only if the kind is **Service**. | "RoundRobin" | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`weight` | Service weight.<br />To use only to refer to WRR TraefikService | "" | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`nativeLB` | Allow using the Kubernetes Service load balancing between the pods instead of the one provided by Traefik.<br /> Evaluated only if the kind is **Service**. | false | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`nodePortLB` | Use the nodePort IP address when the service type is NodePort.<br />It allows services to be reachable when Traefik runs externally from the Kubernetes cluster but within the same network of the nodes.<br />Evaluated only if the kind is **Service**. | false | No |
|
||||
| `tls` | TLS configuration.<br />Can be an empty value(`{}`):<br />A self signed is generated in such a case<br />(or the [default certificate](tlsstore.md) is used if it is defined.) | | No |
|
||||
| `tls.secretName` | [Secret](https://kubernetes.io/docs/concepts/configuration/secret/) name used to store the certificate (in the same namesapce as the `IngressRoute`) | "" | No |
|
||||
| `tls.`<br />`options.name` | Name of the [`TLSOption`](tlsoption.md) to use.<br />More information [here](#tls-options). | "" | No |
|
||||
| `tls.`<br />`options.namespace` | Namespace of the [`TLSOption`](tlsoption.md) to use. | "" | No |
|
||||
| `tls.certResolver` | Name of the [Certificate Resolver](../../../../install-configuration/tls/certificate-resolvers/overview.md) to use to generate automatic TLS certificates. | "" | No |
|
||||
| `tls.domains` | List of domains to serve using the certificates generates (one `tls.domain`= one certificate).<br />More information in the [dedicated section](../../../../install-configuration/tls/certificate-resolvers/acme.md#domain-definition). | | No |
|
||||
| `tls.`<br />`domains[n].main` | Main domain name | "" | Yes |
|
||||
| `tls.`<br />`domains[n].sans` | List of alternative domains (SANs) | | No |
|
||||
| Field | Description | Default | Required |
|
||||
|:---------------------------------------------------------------------------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:---------------------------------------------------------------------|:---------|
|
||||
| `entryPoints` | List of [entry points](../../../../install-configuration/entrypoints.md) names.<br />If not specified, HTTP routers will accept requests from all EntryPoints in the list of default EntryPoints. | | No |
|
||||
| `routes` | List of routes. | | Yes |
|
||||
| `routes[n].kind` | Kind of router matching, only `Rule` is allowed yet. | "Rule" | No |
|
||||
| `routes[n].match` | Defines the [rule](../../../http/router/rules-and-priority.md#rules) corresponding to an underlying router. | | Yes |
|
||||
| `routes[n].priority` | Defines the [priority](../../../http/router/rules-and-priority.md#priority-calculation) to disambiguate rules of the same length, for route matching.<br />If not set, the priority is directly equal to the length of the rule, and so the longest length has the highest priority.<br />A value of `0` for the priority is ignored, the default rules length sorting is used. | 0 | No |
|
||||
| `routes[n].middlewares` | List of middlewares to attach to the IngressRoute. <br />More information [here](#middleware). | "" | No |
|
||||
| `routes[n].`<br />`middlewares[m].`<br />`name` | Middleware name.<br />The character `@` is not authorized. <br />More information [here](#middleware). | | Yes |
|
||||
| `routes[n].`<br />`middlewares[m].`<br />`namespace` | Middleware namespace.<br />Can be empty if the middleware belongs to the same namespace as the IngressRoute. <br />More information [here](#middleware). | | No |
|
||||
| `routes[n].`<br />`observability.`<br />`accesslogs` | Defines whether the route will produce [access-logs](../../../../install-configuration/observability/logs-and-accesslogs.md). See [here](../../../http/router/observability.md) for more information. | false | No |
|
||||
| `routes[n].`<br />`observability.`<br />`metrics` | Defines whether the route will produce [metrics](../../../../install-configuration/observability/metrics.md). See [here](../../../http/router/observability.md) for more information. | false | No |
|
||||
| `routes[n].`<br />`observability.`<br />`tracing` | Defines whether the route will produce [traces](../../../../install-configuration/observability/tracing.md). See [here](../../../http/router/observability.md) for more information. | false | No |
|
||||
| `routes[n].`<br />`services` | List of any combination of TraefikService and [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/). <br />More information [here](#externalname-service). | | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`kind` | Kind of the service targeted.<br />Two values allowed:<br />- **Service**: Kubernetes Service<br /> **TraefikService**: Traefik Service.<br />More information [here](#externalname-service). | "Service" | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`name` | Service name.<br />The character `@` is not authorized. <br />More information [here](#middleware). | | Yes |
|
||||
| `routes[n].`<br />`services[m].`<br />`namespace` | Service namespace.<br />Can be empty if the service belongs to the same namespace as the IngressRoute. <br />More information [here](#externalname-service). | | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`port` | Service port (number or port name).<br />Evaluated only if the kind is **Service**. | | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`responseForwarding.`<br />`flushInterval` | Interval, in milliseconds, in between flushes to the client while copying the response body.<br />A negative value means to flush immediately after each write to the client.<br />This configuration is ignored when a response is a streaming response; for such responses, writes are flushed to the client immediately.<br />Evaluated only if the kind is **Service**. | 100ms | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`scheme` | Scheme to use for the request to the upstream Kubernetes Service.<br />Evaluated only if the kind is **Service**. | "http"<br />"https" if `port` is 443 or contains the string *https*. | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`serversTransport` | Name of ServersTransport resource to use to configure the transport between Traefik and your servers.<br />Evaluated only if the kind is **Service**. | "" | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`passHostHeader` | Forward client Host header to server.<br />Evaluated only if the kind is **Service**. | true | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`healthCheck.scheme` | Server URL scheme for the health check endpoint.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | "" | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`healthCheck.mode` | Health check mode.<br /> If defined to grpc, will use the gRPC health check protocol to probe the server.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | "http" | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`healthCheck.path` | Server URL path for the health check endpoint.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | "" | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`healthCheck.interval` | Frequency of the health check calls for healthy targets.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | "100ms" | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`healthCheck.unhealthyInterval` | Frequency of the health check calls for unhealthy targets.<br />When not defined, it defaults to the `interval` value.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | "100ms" | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`healthCheck.method` | HTTP method for the health check endpoint.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | "GET" | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`healthCheck.status` | Expected HTTP status code of the response to the health check request.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type ExternalName.<br />If not set, expect a status between 200 and 399.<br />Evaluated only if the kind is **Service**. | | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`healthCheck.port` | URL port for the health check endpoint.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`healthCheck.timeout` | Maximum duration to wait before considering the server unhealthy.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | "5s" | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`healthCheck.hostname` | Value in the Host header of the health check request.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | "" | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`healthCheck.`<br />`followRedirect` | Follow the redirections during the healtchcheck.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | true | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`healthCheck.headers` | Map of header to send to the health check endpoint<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service)). | | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`sticky.`<br />`cookie.name` | Name of the cookie used for the stickiness.<br />When sticky sessions are enabled, a `Set-Cookie` header is set on the initial response to let the client know which server handles the first response.<br />On subsequent requests, to keep the session alive with the same server, the client should send the cookie with the value set.<br />If the server pecified in the cookie becomes unhealthy, the request will be forwarded to a new server (and the cookie will keep track of the new server).<br />Evaluated only if the kind is **Service**. | "" | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`sticky.`<br />`cookie.httpOnly` | Allow the cookie can be accessed by client-side APIs, such as JavaScript.<br />Evaluated only if the kind is **Service**. | false | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`sticky.`<br />`cookie.secure` | Allow the cookie can only be transmitted over an encrypted connection (i.e. HTTPS).<br />Evaluated only if the kind is **Service**. | false | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`sticky.`<br />`cookie.sameSite` | [SameSite](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite) policy<br />Allowed values:<br />-`none`<br />-`lax`<br />`strict`<br />Evaluated only if the kind is **Service**. | "" | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`sticky.`<br />`cookie.maxAge` | Number of seconds until the cookie expires.<br />Negative number, the cookie expires immediately.<br />0, the cookie never expires.<br />Evaluated only if the kind is **Service**. | 0 | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`strategy` | Load balancing strategy between the servers.<br />RoundRobin is the only supported value yet.<br />Evaluated only if the kind is **Service**. | "RoundRobin" | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`weight` | Service weight.<br />To use only to refer to WRR TraefikService | "" | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`nativeLB` | Allow using the Kubernetes Service load balancing between the pods instead of the one provided by Traefik.<br /> Evaluated only if the kind is **Service**. | false | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`nodePortLB` | Use the nodePort IP address when the service type is NodePort.<br />It allows services to be reachable when Traefik runs externally from the Kubernetes cluster but within the same network of the nodes.<br />Evaluated only if the kind is **Service**. | false | No |
|
||||
| `tls` | TLS configuration.<br />Can be an empty value(`{}`):<br />A self signed is generated in such a case<br />(or the [default certificate](tlsstore.md) is used if it is defined.) | | No |
|
||||
| `tls.secretName` | [Secret](https://kubernetes.io/docs/concepts/configuration/secret/) name used to store the certificate (in the same namesapce as the `IngressRoute`) | "" | No |
|
||||
| `tls.`<br />`options.name` | Name of the [`TLSOption`](tlsoption.md) to use.<br />More information [here](#tls-options). | "" | No |
|
||||
| `tls.`<br />`options.namespace` | Namespace of the [`TLSOption`](tlsoption.md) to use. | "" | No |
|
||||
| `tls.certResolver` | Name of the [Certificate Resolver](../../../../install-configuration/tls/certificate-resolvers/overview.md) to use to generate automatic TLS certificates. | "" | No |
|
||||
| `tls.domains` | List of domains to serve using the certificates generates (one `tls.domain`= one certificate).<br />More information in the [dedicated section](../../../../install-configuration/tls/certificate-resolvers/acme.md#domain-definition). | | No |
|
||||
| `tls.`<br />`domains[n].main` | Main domain name | "" | Yes |
|
||||
| `tls.`<br />`domains[n].sans` | List of alternative domains (SANs) | | No |
|
||||
|
||||
### ExternalName Service
|
||||
|
||||
|
||||
@ -148,42 +148,43 @@ data:
|
||||
|
||||
### Configuration Options
|
||||
|
||||
| Field | Description | Default | Required |
|
||||
|:------|:----------------------------------------------------------|:---------------------|:---------|
|
||||
| `services` | List of any combination of TraefikService and [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/). <br />. | | No |
|
||||
| `services[m].`<br />`kind` | Kind of the service targeted.<br />Two values allowed:<br />- **Service**: Kubernetes Service<br /> - **TraefikService**: Traefik Service. | "" | No |
|
||||
| `services[m].`<br />`name` | Service name.<br />The character `@` is not authorized. | "" | Yes |
|
||||
| `services[m].`<br />`namespace` | Service namespace. | "" | No |
|
||||
| `services[m].`<br />`port` | Service port (number or port name).<br />Evaluated only if the kind is **Service**. | "" | No |
|
||||
| `services[m].`<br />`responseForwarding.`<br />`flushInterval` | Interval, in milliseconds, in between flushes to the client while copying the response body.<br />A negative value means to flush immediately after each write to the client.<br />This configuration is ignored when a response is a streaming response; for such responses, writes are flushed to the client immediately.<br />Evaluated only if the kind is **Service**. | 100ms | No |
|
||||
| `services[m].`<br />`scheme` | Scheme to use for the request to the upstream Kubernetes Service.<br />Evaluated only if the kind is **Service**. | "http"<br />"https" if `port` is 443 or contains the string *https*. | No |
|
||||
| `services[m].`<br />`serversTransport` | Name of ServersTransport resource to use to configure the transport between Traefik and your servers.<br />Evaluated only if the kind is **Service**. | "" | No |
|
||||
| `services[m].`<br />`passHostHeader` | Forward client Host header to server.<br />Evaluated only if the kind is **Service**. | true | No |
|
||||
| `services[m].`<br />`healthCheck.scheme` | Server URL scheme for the health check endpoint.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type `ExternalName`. | "" | No |
|
||||
| `services[m].`<br />`healthCheck.mode` | Health check mode.<br /> If defined to grpc, will use the gRPC health check protocol to probe the server.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type `ExternalName`. | "http" | No |
|
||||
| `services[m].`<br />`healthCheck.path` | Server URL path for the health check endpoint.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type `ExternalName`. | "" | No |
|
||||
| `services[m].`<br />`healthCheck.interval` | Frequency of the health check calls.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName]`ExternalName`. | "100ms" | No |
|
||||
| `services[m].`<br />`healthCheck.method` | HTTP method for the health check endpoint.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type `ExternalName`. | "GET" | No |
|
||||
| `services[m].`<br />`healthCheck.status` | Expected HTTP status code of the response to the health check request.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type ExternalName.<br />If not set, expect a status between 200 and 399.<br />Evaluated only if the kind is **Service**. | | No |
|
||||
| `services[m].`<br />`healthCheck.port` | URL port for the health check endpoint.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type `ExternalName`. | | No |
|
||||
| `services[m].`<br />`healthCheck.timeout` | Maximum duration to wait before considering the server unhealthy.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type `ExternalName`. | "5s" | No |
|
||||
| `services[m].`<br />`healthCheck.hostname` | Value in the Host header of the health check request.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type `ExternalName`. | "" | No |
|
||||
| `services[m].`<br />`healthCheck.`<br />`followRedirect` | Follow the redirections during the healtchcheck.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type `ExternalName`. | true | No |
|
||||
| `services[m].`<br />`healthCheck.headers` | Map of header to send to the health check endpoint<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type `ExternalName`. | | No |
|
||||
| `services[m].`<br />`sticky.`<br />`cookie.name` | Name of the cookie used for the stickiness.<br />Evaluated only if the kind is **Service**. | Abbreviation of a sha1<br />(ex: `_1d52e`). | No |
|
||||
| `services[m].`<br />`sticky.`<br />`cookie.httpOnly` | Allow the cookie can be accessed by client-side APIs, such as JavaScript.<br />Evaluated only if the kind is **Service**. | false | No |
|
||||
| `services[m].`<br />`sticky.`<br />`cookie.secure` | Allow the cookie can only be transmitted over an encrypted connection (i.e. HTTPS).<br />Evaluated only if the kind is **Service**. | false | No |
|
||||
| `services[m].`<br />`sticky.`<br />`cookie.sameSite` | [SameSite](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite) policy.<br />Allowed values:<br />-`none`<br />-`lax`<br />`strict`<br />Evaluated only if the kind is **Service**. | "" | No |
|
||||
| `services[m].`<br />`sticky.`<br />`cookie.maxAge` | Number of seconds until the cookie expires.<br />Negative number, the cookie expires immediately.<br />0, the cookie never expires.<br />Evaluated only if the kind is **Service**. | 0 | No |
|
||||
| `services[m].`<br />`strategy` | Load balancing strategy between the servers.<br />RoundRobin is the only supported value yet.<br />Evaluated only if the kind is **Service**. | "RoundRobin" | No |
|
||||
| `services[m].`<br />`weight` | Service weight.<br />To use only to refer to WRR TraefikService | "" | No |
|
||||
| `services[m].`<br />`nativeLB` | Allow using the Kubernetes Service load balancing between the pods instead of the one provided by Traefik.<br />Evaluated only if the kind is **Service**. | false | No |
|
||||
| `services[m].`<br />`nodePortLB` | Use the nodePort IP address when the service type is NodePort.<br />It allows services to be reachable when Traefik runs externally from the Kubernetes cluster but within the same network of the nodes.<br />Evaluated only if the kind is **Service**. | false | No |
|
||||
| `sticky.`<br />`cookie.name` | Name of the cookie used for the stickiness at the WRR service level.<br />When sticky sessions are enabled, a `Set-Cookie` header is set on the initial response to let the client know which server handles the first response.<br />On subsequent requests, to keep the session alive with the same server, the client should send the cookie with the value set.<br />If the server pecified in the cookie becomes unhealthy, the request will be forwarded to a new server (and the cookie will keep track of the new server).<br />More information about WRR stickiness [here](#stickiness-on-multiple-levels) | Abbreviation of a sha1<br />(ex: `_1d52e`). | No |
|
||||
| `sticky.`<br />`cookie.httpOnly` | Allow the cookie used for the stickiness at the WRR service level to be accessed by client-side APIs, such as JavaScript.<br />More information about WRR stickiness [here](#stickiness-on-multiple-levels) | false | No |
|
||||
| `sticky.`<br />`cookie.secure` | Allow the cookie used for the stickiness at the WRR service level to be only transmitted over an encrypted connection (i.e. HTTPS).<br />More information about WRR stickiness [here](#stickiness-on-multiple-levels) | false | No |
|
||||
| `sticky.`<br />`cookie.sameSite` | [SameSite](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite) policy for the cookie used for the stickiness at the WRR service level.<br />Allowed values:<br />-`none`<br />-`lax`<br />`strict`<br />More information about WRR stickiness [here](#stickiness-on-multiple-levels) | "" | No |
|
||||
| `sticky.`<br />`cookie.maxAge` | Number of seconds until the cookie used for the stickiness at the WRR service level expires.<br />Negative number, the cookie expires immediately.<br />0, the cookie never expires. | 0 | No |
|
||||
| Field | Description | Default | Required |
|
||||
|:---------------------------------------------------------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:---------------------------------------------------------------------|:---------|
|
||||
| `services` | List of any combination of TraefikService and [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/). <br />. | | No |
|
||||
| `services[m].`<br />`kind` | Kind of the service targeted.<br />Two values allowed:<br />- **Service**: Kubernetes Service<br /> - **TraefikService**: Traefik Service. | "" | No |
|
||||
| `services[m].`<br />`name` | Service name.<br />The character `@` is not authorized. | "" | Yes |
|
||||
| `services[m].`<br />`namespace` | Service namespace. | "" | No |
|
||||
| `services[m].`<br />`port` | Service port (number or port name).<br />Evaluated only if the kind is **Service**. | "" | No |
|
||||
| `services[m].`<br />`responseForwarding.`<br />`flushInterval` | Interval, in milliseconds, in between flushes to the client while copying the response body.<br />A negative value means to flush immediately after each write to the client.<br />This configuration is ignored when a response is a streaming response; for such responses, writes are flushed to the client immediately.<br />Evaluated only if the kind is **Service**. | 100ms | No |
|
||||
| `services[m].`<br />`scheme` | Scheme to use for the request to the upstream Kubernetes Service.<br />Evaluated only if the kind is **Service**. | "http"<br />"https" if `port` is 443 or contains the string *https*. | No |
|
||||
| `services[m].`<br />`serversTransport` | Name of ServersTransport resource to use to configure the transport between Traefik and your servers.<br />Evaluated only if the kind is **Service**. | "" | No |
|
||||
| `services[m].`<br />`passHostHeader` | Forward client Host header to server.<br />Evaluated only if the kind is **Service**. | true | No |
|
||||
| `services[m].`<br />`healthCheck.scheme` | Server URL scheme for the health check endpoint.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type `ExternalName`. | "" | No |
|
||||
| `services[m].`<br />`healthCheck.mode` | Health check mode.<br /> If defined to grpc, will use the gRPC health check protocol to probe the server.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type `ExternalName`. | "http" | No |
|
||||
| `services[m].`<br />`healthCheck.path` | Server URL path for the health check endpoint.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type `ExternalName`. | "" | No |
|
||||
| `services[m].`<br />`healthCheck.interval` | Frequency of the health check calls for healthy targets.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName]`ExternalName`. | "100ms" | No |
|
||||
| `services[m].`<br />`healthCheck.unhealthyInterval` | Frequency of the health check calls for unhealthy targets.<br />When not defined, it defaults to the `interval` value.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName]`ExternalName`. | "100ms" | No |
|
||||
| `services[m].`<br />`healthCheck.method` | HTTP method for the health check endpoint.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type `ExternalName`. | "GET" | No |
|
||||
| `services[m].`<br />`healthCheck.status` | Expected HTTP status code of the response to the health check request.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type ExternalName.<br />If not set, expect a status between 200 and 399.<br />Evaluated only if the kind is **Service**. | | No |
|
||||
| `services[m].`<br />`healthCheck.port` | URL port for the health check endpoint.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type `ExternalName`. | | No |
|
||||
| `services[m].`<br />`healthCheck.timeout` | Maximum duration to wait before considering the server unhealthy.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type `ExternalName`. | "5s" | No |
|
||||
| `services[m].`<br />`healthCheck.hostname` | Value in the Host header of the health check request.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type `ExternalName`. | "" | No |
|
||||
| `services[m].`<br />`healthCheck.`<br />`followRedirect` | Follow the redirections during the healtchcheck.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type `ExternalName`. | true | No |
|
||||
| `services[m].`<br />`healthCheck.headers` | Map of header to send to the health check endpoint<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type `ExternalName`. | | No |
|
||||
| `services[m].`<br />`sticky.`<br />`cookie.name` | Name of the cookie used for the stickiness.<br />Evaluated only if the kind is **Service**. | Abbreviation of a sha1<br />(ex: `_1d52e`). | No |
|
||||
| `services[m].`<br />`sticky.`<br />`cookie.httpOnly` | Allow the cookie can be accessed by client-side APIs, such as JavaScript.<br />Evaluated only if the kind is **Service**. | false | No |
|
||||
| `services[m].`<br />`sticky.`<br />`cookie.secure` | Allow the cookie can only be transmitted over an encrypted connection (i.e. HTTPS).<br />Evaluated only if the kind is **Service**. | false | No |
|
||||
| `services[m].`<br />`sticky.`<br />`cookie.sameSite` | [SameSite](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite) policy.<br />Allowed values:<br />-`none`<br />-`lax`<br />`strict`<br />Evaluated only if the kind is **Service**. | "" | No |
|
||||
| `services[m].`<br />`sticky.`<br />`cookie.maxAge` | Number of seconds until the cookie expires.<br />Negative number, the cookie expires immediately.<br />0, the cookie never expires.<br />Evaluated only if the kind is **Service**. | 0 | No |
|
||||
| `services[m].`<br />`strategy` | Load balancing strategy between the servers.<br />RoundRobin is the only supported value yet.<br />Evaluated only if the kind is **Service**. | "RoundRobin" | No |
|
||||
| `services[m].`<br />`weight` | Service weight.<br />To use only to refer to WRR TraefikService | "" | No |
|
||||
| `services[m].`<br />`nativeLB` | Allow using the Kubernetes Service load balancing between the pods instead of the one provided by Traefik.<br />Evaluated only if the kind is **Service**. | false | No |
|
||||
| `services[m].`<br />`nodePortLB` | Use the nodePort IP address when the service type is NodePort.<br />It allows services to be reachable when Traefik runs externally from the Kubernetes cluster but within the same network of the nodes.<br />Evaluated only if the kind is **Service**. | false | No |
|
||||
| `sticky.`<br />`cookie.name` | Name of the cookie used for the stickiness at the WRR service level.<br />When sticky sessions are enabled, a `Set-Cookie` header is set on the initial response to let the client know which server handles the first response.<br />On subsequent requests, to keep the session alive with the same server, the client should send the cookie with the value set.<br />If the server pecified in the cookie becomes unhealthy, the request will be forwarded to a new server (and the cookie will keep track of the new server).<br />More information about WRR stickiness [here](#stickiness-on-multiple-levels) | Abbreviation of a sha1<br />(ex: `_1d52e`). | No |
|
||||
| `sticky.`<br />`cookie.httpOnly` | Allow the cookie used for the stickiness at the WRR service level to be accessed by client-side APIs, such as JavaScript.<br />More information about WRR stickiness [here](#stickiness-on-multiple-levels) | false | No |
|
||||
| `sticky.`<br />`cookie.secure` | Allow the cookie used for the stickiness at the WRR service level to be only transmitted over an encrypted connection (i.e. HTTPS).<br />More information about WRR stickiness [here](#stickiness-on-multiple-levels) | false | No |
|
||||
| `sticky.`<br />`cookie.sameSite` | [SameSite](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite) policy for the cookie used for the stickiness at the WRR service level.<br />Allowed values:<br />-`none`<br />-`lax`<br />`strict`<br />More information about WRR stickiness [here](#stickiness-on-multiple-levels) | "" | No |
|
||||
| `sticky.`<br />`cookie.maxAge` | Number of seconds until the cookie used for the stickiness at the WRR service level expires.<br />Negative number, the cookie expires immediately.<br />0, the cookie never expires. | 0 | No |
|
||||
|
||||
#### Stickiness on multiple levels
|
||||
|
||||
@ -372,65 +373,67 @@ spec:
|
||||
|
||||
The mirrored services properties are set in the `mirrors` list.
|
||||
|
||||
| Field | Description | Default | Required |
|
||||
|:------|:----------------------------------------------------------|:---------------------|:---------|
|
||||
| `kind` | Kind of the main service.<br />Two values allowed:<br />- **Service**: Kubernetes Service<br />- **TraefikService**: Traefik Service.<br />More information [here](#services) | "" | No |
|
||||
| `name` | Main service name.<br />The character `@` is not authorized. | "" | Yes |
|
||||
| `namespace` | Main service namespace.<br />More information [here](#services). | "" | No |
|
||||
| `port` | Main service port (number or port name).<br />Evaluated only if the kind of the main service is **Service**. | "" | No |
|
||||
| `responseForwarding.`<br />`flushInterval` | Interval, in milliseconds, in between flushes to the client while copying the response body.<br />A negative value means to flush immediately after each write to the client.<br />This configuration is ignored when a response is a streaming response; for such responses, writes are flushed to the client immediately.<br />Evaluated only if the kind of the main service is **Service**. | 100ms | No |
|
||||
| `scheme` | Scheme to use for the request to the upstream Kubernetes Service.<br />Evaluated only if the kind of the main service is **Service**. | "http"<br />"https" if `port` is 443 or contains the string *https*. | No |
|
||||
| `serversTransport` | Name of ServersTransport resource to use to configure the transport between Traefik and the main service's servers.<br />Evaluated only if the kind of the main service is **Service**. | "" | No |
|
||||
| `passHostHeader` | Forward client Host header to main service's server.<br />Evaluated only if the kind of the main service is **Service**. | true | No |
|
||||
| `healthCheck.scheme` | Server URL scheme for the health check endpoint.<br />Evaluated only if the kind of the main service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "" | No |
|
||||
| `healthCheck.mode` | Health check mode.<br /> If defined to grpc, will use the gRPC health check protocol to probe the server.<br />Evaluated only if the kind of the main service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "http" | No |
|
||||
| `healthCheck.path` | Server URL path for the health check endpoint.<br />Evaluated only if the kind of the main service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "" | No |
|
||||
| `healthCheck.interval` | Frequency of the health check calls.<br />Evaluated only if the kind of the main service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "100ms" | No |
|
||||
| `healthCheck.method` | HTTP method for the health check endpoint.<br />Evaluated only if the kind of the main service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "GET" | No |
|
||||
| `healthCheck.status` | Expected HTTP status code of the response to the health check request.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type ExternalName.<br />If not set, expect a status between 200 and 399.<br />Evaluated only if the kind of the main service is **Service**. | | No |
|
||||
| `healthCheck.port` | URL port for the health check endpoint.<br />Evaluated only if the kind of the main service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | | No |
|
||||
| `healthCheck.timeout` | Maximum duration to wait before considering the server unhealthy.<br />Evaluated only if the kind of the main service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "5s" | No |
|
||||
| `healthCheck.hostname` | Value in the Host header of the health check request.<br />Evaluated only if the kind of the main service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "" | No |
|
||||
| `healthCheck.`<br />`followRedirect` | Follow the redirections during the healtchcheck.<br />Evaluated only if the kind of the main service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | true | No |
|
||||
| `healthCheck.headers` | Map of header to send to the health check endpoint<br />Evaluated only if the kind of the main service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | | No |
|
||||
| `sticky.`<br />`cookie.name` | Name of the cookie used for the stickiness on the main service.<br />Evaluated only if the kind of the main service is **Service**. | Abbreviation of a sha1<br />(ex: `_1d52e`). | No |
|
||||
| `sticky.`<br />`cookie.httpOnly` | Allow the cookie can be accessed by client-side APIs, such as JavaScript.<br />Evaluated only if the kind of the main service is **Service**. | false | No |
|
||||
| `sticky.`<br />`cookie.secure` | Allow the cookie can only be transmitted over an encrypted connection (i.e. HTTPS).<br />Evaluated only if the kind of the main service is **Service**. | false | No |
|
||||
| `sticky.`<br />`cookie.sameSite` | [SameSite](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite) policy.<br />Allowed values:<br />-`none`<br />-`lax`<br />`strict`<br />Evaluated only if the kind of the main service is **Service**. | "" | No |
|
||||
| `sticky.`<br />`cookie.maxAge` | Number of seconds until the cookie expires.<br />Negative number, the cookie expires immediately.<br />0, the cookie never expires.<br />Evaluated only if the kind of the main service is **Service**. | 0 | No |
|
||||
| `strategy` | Load balancing strategy between the main service's servers.<br />RoundRobin is the only supported value yet.<br />Evaluated only if the kind of the main service is **Service**. | "RoundRobin" | No |
|
||||
| `weight` | Service weight.<br />To use only to refer to WRR TraefikService | "" | No |
|
||||
| `nativeLB` | Allow using the Kubernetes Service load balancing between the pods instead of the one provided by Traefik.<br />Evaluated only if the kind of the main service is **Service**. | false | No |
|
||||
| `nodePortLB` | Use the nodePort IP address when the service type is NodePort.<br />It allows services to be reachable when Traefik runs externally from the Kubernetes cluster but within the same network of the nodes.<br />Evaluated only if the kind of the main service is **Service**. | false | No |
|
||||
| `maxBodySize` | Maximum size allowed for the body of the request.<br />If the body is larger, the request is not mirrored.<br />-1 means unlimited size. | -1 | No |
|
||||
| `mirrors` | List of mirrored services to target.<br /> It can be any combination of TraefikService and [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/). <br />More information [here](#services). | | No |
|
||||
| `mirrors[m].`<br />`kind` | Kind of the mirrored service targeted.<br />Two values allowed:<br />- **Service**: Kubernetes Service<br />- **TraefikService**: Traefik Service.<br />More information [here](#services) | "" | No |
|
||||
| `mirrors[m].`<br />`name` | Mirrored service name.<br />The character `@` is not authorized. | "" | Yes |
|
||||
| `mirrors[m].`<br />`namespace` | Mirrored service namespace.<br />More information [here](#services). | "" | No |
|
||||
| `mirrors[m].`<br />`port` | Mirrored service port (number or port name).<br />Evaluated only if the kind of the mirrored service is **Service**. | "" | No |
|
||||
| `mirrors[m].`<br />`percent` | Part of the traffic to mirror in percent (from 0 to 100) | 0 | No |
|
||||
| `mirrors[m].`<br />`responseForwarding.`<br />`flushInterval` | Interval, in milliseconds, in between flushes to the client while copying the response body.<br />A negative value means to flush immediately after each write to the client.<br />This configuration is ignored when a response is a streaming response; for such responses, writes are flushed to the client immediately.<br />Evaluated only if the kind of the mirrored service is **Service**. | 100ms | No |
|
||||
| `mirrors[m].`<br />`scheme` | Scheme to use for the request to the mirrored service.<br />Evaluated only if the kind of the mirrored service is **Service**. | "http"<br />"https" if `port` is 443 or contains the string *https*. | No |
|
||||
| `mirrors[m].`<br />`serversTransport` | Name of ServersTransport resource to use to configure the transport between Traefik and the mirrored service servers.<br />Evaluated only if the kind of the mirrored service is **Service**. | "" | No |
|
||||
| `mirrors[m].`<br />`passHostHeader` | Forward client Host header to the mirrored service servers.<br />Evaluated only if the kind of the mirrored service is **Service**. | true | No |
|
||||
| `mirrors[m].`<br />`healthCheck.scheme` | Server URL scheme for the health check endpoint.<br />Evaluated only if the kind of the mirrored service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "" | No |
|
||||
| `mirrors[m].`<br />`healthCheck.mode` | Health check mode.<br /> If defined to grpc, will use the gRPC health check protocol to probe the server.<br />Evaluated only if the kind of the mirrored service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "http" | No |
|
||||
| `mirrors[m].`<br />`healthCheck.path` | Server URL path for the health check endpoint.<br />Evaluated only if the kind of the mirrored service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "" | No |
|
||||
| `mirrors[m].`<br />`healthCheck.interval` | Frequency of the health check calls.<br />Evaluated only if the kind of the mirrored service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "100ms" | No |
|
||||
| `mirrors[m].`<br />`healthCheck.method` | HTTP method for the health check endpoint.<br />Evaluated only if the kind of the mirrored service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "GET" | No |
|
||||
| `mirrors[m].`<br />`healthCheck.status` | Expected HTTP status code of the response to the health check request.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type ExternalName.<br />If not set, expect a status between 200 and 399.<br />Evaluated only if the kind of the mirrored service is **Service**. | | No |
|
||||
| `mirrors[m].`<br />`healthCheck.port` | URL port for the health check endpoint.<br />Evaluated only if the kind of the mirrored service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | | No |
|
||||
| `mirrors[m].`<br />`healthCheck.timeout` | Maximum duration to wait before considering the server unhealthy.<br />Evaluated only if the kind of the mirrored service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "5s" | No |
|
||||
| `mirrors[m].`<br />`healthCheck.hostname` | Value in the Host header of the health check request.<br />Evaluated only if the kind of the mirrored service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "" | No |
|
||||
| `mirrors[m].`<br />`healthCheck.`<br />`followRedirect` | Follow the redirections during the healtchcheck.<br />Evaluated only if the kind of the mirrored service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | true | No |
|
||||
| `mirrors[m].`<br />`healthCheck.headers` | Map of header to send to the health check endpoint<br />Evaluated only if the kind of the mirrored service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | | No |
|
||||
| `mirrors[m].`<br />`sticky.`<br />`cookie.name` | Name of the cookie used for the stickiness.<br />When sticky sessions are enabled, a `Set-Cookie` header is set on the initial response to let the client know which server handles the first response.<br />On subsequent requests, to keep the session alive with the same server, the client should send the cookie with the value set.<br />If the server pecified in the cookie becomes unhealthy, the request will be forwarded to a new server (and the cookie will keep track of the new server).<br />Evaluated only if the kind of the mirrored service is **Service**. | "" | No |
|
||||
| `mirrors[m].`<br />`sticky.`<br />`cookie.httpOnly` | Allow the cookie can be accessed by client-side APIs, such as JavaScript.<br />Evaluated only if the kind of the mirrored service is **Service**. | false | No |
|
||||
| `mirrors[m].`<br />`sticky.`<br />`cookie.secure` | Allow the cookie can only be transmitted over an encrypted connection (i.e. HTTPS).<br />Evaluated only if the kind of the mirrored service is **Service**. | false | No |
|
||||
| `mirrors[m].`<br />`sticky.`<br />`cookie.sameSite` | [SameSite](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite) policy.<br />Allowed values:<br />-`none`<br />-`lax`<br />`strict`<br />Evaluated only if the kind of the mirrored service is **Service**. | "" | No |
|
||||
| `mirrors[m].`<br />`sticky.`<br />`cookie.maxAge` | Number of seconds until the cookie expires.<br />Negative number, the cookie expires immediately.<br />0, the cookie never expires.<br />Evaluated only if the kind of the mirrored service is **Service**. | 0 | No |
|
||||
| `mirrors[m].`<br />`strategy` | Load balancing strategy between the servers.<br />RoundRobin is the only supported value yet.<br />Evaluated only if the kind of the mirrored service is **Service**. | "RoundRobin" | No |
|
||||
| `mirrors[m].`<br />`weight` | Service weight.<br />To use only to refer to WRR TraefikService | "" | No |
|
||||
| `mirrors[m].`<br />`nativeLB` | Allow using the Kubernetes Service load balancing between the pods instead of the one provided by Traefik.<br />Evaluated only if the kind of the mirrored service is **Service**. | false | No |
|
||||
| `mirrors[m].`<br />`nodePortLB` | Use the nodePort IP address when the service type is NodePort.<br />It allows services to be reachable when Traefik runs externally from the Kubernetes cluster but within the same network of the nodes.<br />Evaluated only if the kind of the mirrored service is **Service**. | false | No |
|
||||
| `mirrorBody` | Defines whether the request body should be mirrored. | true | No |
|
||||
| Field | Description | Default | Required |
|
||||
|:--------------------------------------------------------------|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:---------------------------------------------------------------------|:---------|
|
||||
| `kind` | Kind of the main service.<br />Two values allowed:<br />- **Service**: Kubernetes Service<br />- **TraefikService**: Traefik Service.<br />More information [here](#services) | "" | No |
|
||||
| `name` | Main service name.<br />The character `@` is not authorized. | "" | Yes |
|
||||
| `namespace` | Main service namespace.<br />More information [here](#services). | "" | No |
|
||||
| `port` | Main service port (number or port name).<br />Evaluated only if the kind of the main service is **Service**. | "" | No |
|
||||
| `responseForwarding.`<br />`flushInterval` | Interval, in milliseconds, in between flushes to the client while copying the response body.<br />A negative value means to flush immediately after each write to the client.<br />This configuration is ignored when a response is a streaming response; for such responses, writes are flushed to the client immediately.<br />Evaluated only if the kind of the main service is **Service**. | 100ms | No |
|
||||
| `scheme` | Scheme to use for the request to the upstream Kubernetes Service.<br />Evaluated only if the kind of the main service is **Service**. | "http"<br />"https" if `port` is 443 or contains the string *https*. | No |
|
||||
| `serversTransport` | Name of ServersTransport resource to use to configure the transport between Traefik and the main service's servers.<br />Evaluated only if the kind of the main service is **Service**. | "" | No |
|
||||
| `passHostHeader` | Forward client Host header to main service's server.<br />Evaluated only if the kind of the main service is **Service**. | true | No |
|
||||
| `healthCheck.scheme` | Server URL scheme for the health check endpoint.<br />Evaluated only if the kind of the main service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "" | No |
|
||||
| `healthCheck.mode` | Health check mode.<br /> If defined to grpc, will use the gRPC health check protocol to probe the server.<br />Evaluated only if the kind of the main service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "http" | No |
|
||||
| `healthCheck.path` | Server URL path for the health check endpoint.<br />Evaluated only if the kind of the main service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "" | No |
|
||||
| `healthCheck.interval` | Frequency of the health check calls for healthy targets.<br />Evaluated only if the kind of the main service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "100ms" | No |
|
||||
| `healthCheck.unhealthyInterval` | Frequency of the health check calls for unhealthy targets.<br />When not defined, it defaults to the `interval` value.<br />Evaluated only if the kind of the main service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "100ms" | No |
|
||||
| `healthCheck.method` | HTTP method for the health check endpoint.<br />Evaluated only if the kind of the main service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "GET" | No |
|
||||
| `healthCheck.status` | Expected HTTP status code of the response to the health check request.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type ExternalName.<br />If not set, expect a status between 200 and 399.<br />Evaluated only if the kind of the main service is **Service**. | | No |
|
||||
| `healthCheck.port` | URL port for the health check endpoint.<br />Evaluated only if the kind of the main service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | | No |
|
||||
| `healthCheck.timeout` | Maximum duration to wait before considering the server unhealthy.<br />Evaluated only if the kind of the main service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "5s" | No |
|
||||
| `healthCheck.hostname` | Value in the Host header of the health check request.<br />Evaluated only if the kind of the main service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "" | No |
|
||||
| `healthCheck.`<br />`followRedirect` | Follow the redirections during the healtchcheck.<br />Evaluated only if the kind of the main service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | true | No |
|
||||
| `healthCheck.headers` | Map of header to send to the health check endpoint<br />Evaluated only if the kind of the main service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | | No |
|
||||
| `sticky.`<br />`cookie.name` | Name of the cookie used for the stickiness on the main service.<br />Evaluated only if the kind of the main service is **Service**. | Abbreviation of a sha1<br />(ex: `_1d52e`). | No |
|
||||
| `sticky.`<br />`cookie.httpOnly` | Allow the cookie can be accessed by client-side APIs, such as JavaScript.<br />Evaluated only if the kind of the main service is **Service**. | false | No |
|
||||
| `sticky.`<br />`cookie.secure` | Allow the cookie can only be transmitted over an encrypted connection (i.e. HTTPS).<br />Evaluated only if the kind of the main service is **Service**. | false | No |
|
||||
| `sticky.`<br />`cookie.sameSite` | [SameSite](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite) policy.<br />Allowed values:<br />-`none`<br />-`lax`<br />`strict`<br />Evaluated only if the kind of the main service is **Service**. | "" | No |
|
||||
| `sticky.`<br />`cookie.maxAge` | Number of seconds until the cookie expires.<br />Negative number, the cookie expires immediately.<br />0, the cookie never expires.<br />Evaluated only if the kind of the main service is **Service**. | 0 | No |
|
||||
| `strategy` | Load balancing strategy between the main service's servers.<br />RoundRobin is the only supported value yet.<br />Evaluated only if the kind of the main service is **Service**. | "RoundRobin" | No |
|
||||
| `weight` | Service weight.<br />To use only to refer to WRR TraefikService | "" | No |
|
||||
| `nativeLB` | Allow using the Kubernetes Service load balancing between the pods instead of the one provided by Traefik.<br />Evaluated only if the kind of the main service is **Service**. | false | No |
|
||||
| `nodePortLB` | Use the nodePort IP address when the service type is NodePort.<br />It allows services to be reachable when Traefik runs externally from the Kubernetes cluster but within the same network of the nodes.<br />Evaluated only if the kind of the main service is **Service**. | false | No |
|
||||
| `maxBodySize` | Maximum size allowed for the body of the request.<br />If the body is larger, the request is not mirrored.<br />-1 means unlimited size. | -1 | No |
|
||||
| `mirrors` | List of mirrored services to target.<br /> It can be any combination of TraefikService and [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/). <br />More information [here](#services). | | No |
|
||||
| `mirrors[m].`<br />`kind` | Kind of the mirrored service targeted.<br />Two values allowed:<br />- **Service**: Kubernetes Service<br />- **TraefikService**: Traefik Service.<br />More information [here](#services) | "" | No |
|
||||
| `mirrors[m].`<br />`name` | Mirrored service name.<br />The character `@` is not authorized. | "" | Yes |
|
||||
| `mirrors[m].`<br />`namespace` | Mirrored service namespace.<br />More information [here](#services). | "" | No |
|
||||
| `mirrors[m].`<br />`port` | Mirrored service port (number or port name).<br />Evaluated only if the kind of the mirrored service is **Service**. | "" | No |
|
||||
| `mirrors[m].`<br />`percent` | Part of the traffic to mirror in percent (from 0 to 100) | 0 | No |
|
||||
| `mirrors[m].`<br />`responseForwarding.`<br />`flushInterval` | Interval, in milliseconds, in between flushes to the client while copying the response body.<br />A negative value means to flush immediately after each write to the client.<br />This configuration is ignored when a response is a streaming response; for such responses, writes are flushed to the client immediately.<br />Evaluated only if the kind of the mirrored service is **Service**. | 100ms | No |
|
||||
| `mirrors[m].`<br />`scheme` | Scheme to use for the request to the mirrored service.<br />Evaluated only if the kind of the mirrored service is **Service**. | "http"<br />"https" if `port` is 443 or contains the string *https*. | No |
|
||||
| `mirrors[m].`<br />`serversTransport` | Name of ServersTransport resource to use to configure the transport between Traefik and the mirrored service servers.<br />Evaluated only if the kind of the mirrored service is **Service**. | "" | No |
|
||||
| `mirrors[m].`<br />`passHostHeader` | Forward client Host header to the mirrored service servers.<br />Evaluated only if the kind of the mirrored service is **Service**. | true | No |
|
||||
| `mirrors[m].`<br />`healthCheck.scheme` | Server URL scheme for the health check endpoint.<br />Evaluated only if the kind of the mirrored service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "" | No |
|
||||
| `mirrors[m].`<br />`healthCheck.mode` | Health check mode.<br /> If defined to grpc, will use the gRPC health check protocol to probe the server.<br />Evaluated only if the kind of the mirrored service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "http" | No |
|
||||
| `mirrors[m].`<br />`healthCheck.path` | Server URL path for the health check endpoint.<br />Evaluated only if the kind of the mirrored service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "" | No |
|
||||
| `mirrors[m].`<br />`healthCheck.interval` | Frequency of the health check calls.<br />Evaluated only if the kind of the mirrored service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "100ms" | No |
|
||||
| `mirrors[m].`<br />`healthCheck.unhealthyInterval` | Frequency of the health check calls for unhealthy targets.<br />When not defined, it defaults to the `interval` value.<br />Evaluated only if the kind of the mirrored service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "100ms" | No |
|
||||
| `mirrors[m].`<br />`healthCheck.method` | HTTP method for the health check endpoint.<br />Evaluated only if the kind of the mirrored service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "GET" | No |
|
||||
| `mirrors[m].`<br />`healthCheck.status` | Expected HTTP status code of the response to the health check request.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type ExternalName.<br />If not set, expect a status between 200 and 399.<br />Evaluated only if the kind of the mirrored service is **Service**. | | No |
|
||||
| `mirrors[m].`<br />`healthCheck.port` | URL port for the health check endpoint.<br />Evaluated only if the kind of the mirrored service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | | No |
|
||||
| `mirrors[m].`<br />`healthCheck.timeout` | Maximum duration to wait before considering the server unhealthy.<br />Evaluated only if the kind of the mirrored service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "5s" | No |
|
||||
| `mirrors[m].`<br />`healthCheck.hostname` | Value in the Host header of the health check request.<br />Evaluated only if the kind of the mirrored service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "" | No |
|
||||
| `mirrors[m].`<br />`healthCheck.`<br />`followRedirect` | Follow the redirections during the healtchcheck.<br />Evaluated only if the kind of the mirrored service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | true | No |
|
||||
| `mirrors[m].`<br />`healthCheck.headers` | Map of header to send to the health check endpoint<br />Evaluated only if the kind of the mirrored service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | | No |
|
||||
| `mirrors[m].`<br />`sticky.`<br />`cookie.name` | Name of the cookie used for the stickiness.<br />When sticky sessions are enabled, a `Set-Cookie` header is set on the initial response to let the client know which server handles the first response.<br />On subsequent requests, to keep the session alive with the same server, the client should send the cookie with the value set.<br />If the server pecified in the cookie becomes unhealthy, the request will be forwarded to a new server (and the cookie will keep track of the new server).<br />Evaluated only if the kind of the mirrored service is **Service**. | "" | No |
|
||||
| `mirrors[m].`<br />`sticky.`<br />`cookie.httpOnly` | Allow the cookie can be accessed by client-side APIs, such as JavaScript.<br />Evaluated only if the kind of the mirrored service is **Service**. | false | No |
|
||||
| `mirrors[m].`<br />`sticky.`<br />`cookie.secure` | Allow the cookie can only be transmitted over an encrypted connection (i.e. HTTPS).<br />Evaluated only if the kind of the mirrored service is **Service**. | false | No |
|
||||
| `mirrors[m].`<br />`sticky.`<br />`cookie.sameSite` | [SameSite](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite) policy.<br />Allowed values:<br />-`none`<br />-`lax`<br />`strict`<br />Evaluated only if the kind of the mirrored service is **Service**. | "" | No |
|
||||
| `mirrors[m].`<br />`sticky.`<br />`cookie.maxAge` | Number of seconds until the cookie expires.<br />Negative number, the cookie expires immediately.<br />0, the cookie never expires.<br />Evaluated only if the kind of the mirrored service is **Service**. | 0 | No |
|
||||
| `mirrors[m].`<br />`strategy` | Load balancing strategy between the servers.<br />RoundRobin is the only supported value yet.<br />Evaluated only if the kind of the mirrored service is **Service**. | "RoundRobin" | No |
|
||||
| `mirrors[m].`<br />`weight` | Service weight.<br />To use only to refer to WRR TraefikService | "" | No |
|
||||
| `mirrors[m].`<br />`nativeLB` | Allow using the Kubernetes Service load balancing between the pods instead of the one provided by Traefik.<br />Evaluated only if the kind of the mirrored service is **Service**. | false | No |
|
||||
| `mirrors[m].`<br />`nodePortLB` | Use the nodePort IP address when the service type is NodePort.<br />It allows services to be reachable when Traefik runs externally from the Kubernetes cluster but within the same network of the nodes.<br />Evaluated only if the kind of the mirrored service is **Service**. | false | No |
|
||||
| `mirrorBody` | Defines whether the request body should be mirrored. | true | No |
|
||||
|
||||
@ -222,6 +222,14 @@ you'd add the tag `traefik.http.services.{name-of-your-choice}.loadbalancer.pass
|
||||
traefik.http.services.myservice.loadbalancer.healthcheck.interval=10
|
||||
```
|
||||
|
||||
??? info "`traefik.http.services.<service_name>.loadbalancer.healthcheck.unhealthyinterval`"
|
||||
|
||||
See [health check](../http/load-balancing/service.md#health-check) for more information.
|
||||
|
||||
```yaml
|
||||
traefik.http.services.myservice.loadbalancer.healthcheck.unhealthyinterval=10
|
||||
```
|
||||
|
||||
??? info "`traefik.http.services.<service_name>.loadbalancer.healthcheck.path`"
|
||||
|
||||
See [health check](../http/load-balancing/service.md#health-check) for more information.
|
||||
|
||||
@ -327,6 +327,14 @@ you'd add the label `traefik.http.services.<name-of-your-choice>.loadbalancer.pa
|
||||
"traefik.http.services.myservice.loadbalancer.healthcheck.interval=10s"
|
||||
```
|
||||
|
||||
??? info "`traefik.http.services.<service_name>.loadbalancer.healthcheck.unhealthyinterval`"
|
||||
|
||||
See [health check](../http/load-balancing/service.md#health-check) for more information.
|
||||
|
||||
```yaml
|
||||
"traefik.http.services.myservice.loadbalancer.healthcheck.unhealthyinterval=10s"
|
||||
```
|
||||
|
||||
??? info "`traefik.http.services.<service_name>.loadbalancer.healthcheck.path`"
|
||||
|
||||
See [health check](../http/load-balancing/service.md#health-check) for more information.
|
||||
|
||||
@ -218,6 +218,14 @@ you'd add the label `traefik.http.services.{name-of-your-choice}.loadbalancer.pa
|
||||
traefik.http.services.myservice.loadbalancer.healthcheck.interval=10
|
||||
```
|
||||
|
||||
??? info "`traefik.http.services.<service_name>.loadbalancer.healthcheck.unhealthyinterval`"
|
||||
|
||||
See [health check](../http/load-balancing/service.md#health-check) for more information.
|
||||
|
||||
```yaml
|
||||
traefik.http.services.myservice.loadbalancer.healthcheck.unhealthyinterval=10
|
||||
```
|
||||
|
||||
??? info "`traefik.http.services.<service_name>.loadbalancer.healthcheck.path`"
|
||||
|
||||
See [health check](../http/load-balancing/service.md#health-check) for more information.
|
||||
|
||||
@ -203,6 +203,14 @@ description: "Read the technical documentation to learn the Traefik Routing Conf
|
||||
|---------------------------------------------------------------------|-------|
|
||||
| `traefik/http/services/myservice/loadbalancer/healthcheck/interval` | `10` |
|
||||
|
||||
??? info "`traefik/http/services/<service_name>/loadbalancer/healthcheck/unhealthyinterval`"
|
||||
|
||||
See [health check](../http/load-balancing/service.md#health-check) for more information.
|
||||
|
||||
| Key (Path) | Value |
|
||||
|------------------------------------------------------------------------------|-------|
|
||||
| `traefik/http/services/myservice/loadbalancer/healthcheck/unhealthyinterval` | `10` |
|
||||
|
||||
??? info "`traefik/http/services/<service_name>/loadbalancer/healthcheck/path`"
|
||||
|
||||
See [health check](../http/load-balancing/service.md#health-check) for more information.
|
||||
|
||||
@ -222,6 +222,14 @@ you'd add the tag `traefik.http.services.{name-of-your-choice}.loadbalancer.pass
|
||||
traefik.http.services.myservice.loadbalancer.healthcheck.interval=10
|
||||
```
|
||||
|
||||
??? info "`traefik.http.services.<service_name>.loadbalancer.healthcheck.unhealthyinterval`"
|
||||
|
||||
See [health check](../http/load-balancing/service.md#health-check) for more information.
|
||||
|
||||
```yaml
|
||||
traefik.http.services.myservice.loadbalancer.healthcheck.unhealthyinterval=10
|
||||
```
|
||||
|
||||
??? info "`traefik.http.services.<service_name>.loadbalancer.healthcheck.path`"
|
||||
|
||||
See [health check](../http/load-balancing/service.md#health-check) for more information.
|
||||
|
||||
@ -351,6 +351,14 @@ you'd add the label `traefik.http.services.<name-of-your-choice>.loadbalancer.pa
|
||||
- "traefik.http.services.myservice.loadbalancer.healthcheck.interval=10s"
|
||||
```
|
||||
|
||||
??? info "`traefik.http.services.<service_name>.loadbalancer.healthcheck.unhealthyinterval`"
|
||||
|
||||
See [health check](../http/load-balancing/service.md#health-check) for more information.
|
||||
|
||||
```yaml
|
||||
- "traefik.http.services.myservice.loadbalancer.healthcheck.unhealthyinterval=10s"
|
||||
```
|
||||
|
||||
??? info "`traefik.http.services.<service_name>.loadbalancer.healthcheck.path`"
|
||||
|
||||
See [health check](../http/load-balancing/service.md#health-check) for more information.
|
||||
|
||||
@ -129,6 +129,12 @@ Define if the certificates pool must use a copy of the system cert pool. (Defaul
|
||||
`--certificatesresolvers.<name>.acme.certificatesduration`:
|
||||
Certificates' duration in hours. (Default: ```2160```)
|
||||
|
||||
`--certificatesresolvers.<name>.acme.clientresponseheadertimeout`:
|
||||
Timeout for receiving the response headers when communicating with the ACME server. (Default: ```30```)
|
||||
|
||||
`--certificatesresolvers.<name>.acme.clienttimeout`:
|
||||
Timeout for a complete HTTP transaction with the ACME server. (Default: ```120```)
|
||||
|
||||
`--certificatesresolvers.<name>.acme.dnschallenge`:
|
||||
Activate DNS-01 Challenge. (Default: ```false```)
|
||||
|
||||
@ -174,6 +180,9 @@ CSR email addresses to use.
|
||||
`--certificatesresolvers.<name>.acme.httpchallenge`:
|
||||
Activate HTTP-01 Challenge. (Default: ```false```)
|
||||
|
||||
`--certificatesresolvers.<name>.acme.httpchallenge.delay`:
|
||||
Delay between the creation of the challenge and the validation. (Default: ```0```)
|
||||
|
||||
`--certificatesresolvers.<name>.acme.httpchallenge.entrypoint`:
|
||||
HTTP challenge EntryPoint
|
||||
|
||||
@ -345,6 +354,9 @@ Environment variables to forward to the wasm guest.
|
||||
`--experimental.localplugins.<name>.settings.mounts`:
|
||||
Directory to mount to the wasm guest.
|
||||
|
||||
`--experimental.localplugins.<name>.settings.useunsafe`:
|
||||
Allow the plugin to use unsafe package. (Default: ```false```)
|
||||
|
||||
`--experimental.otlplogs`:
|
||||
Enables the OpenTelemetry logs integration. (Default: ```false```)
|
||||
|
||||
@ -360,6 +372,9 @@ Environment variables to forward to the wasm guest.
|
||||
`--experimental.plugins.<name>.settings.mounts`:
|
||||
Directory to mount to the wasm guest.
|
||||
|
||||
`--experimental.plugins.<name>.settings.useunsafe`:
|
||||
Allow the plugin to use unsafe package. (Default: ```false```)
|
||||
|
||||
`--experimental.plugins.<name>.version`:
|
||||
plugin's version.
|
||||
|
||||
|
||||
@ -129,6 +129,12 @@ Define if the certificates pool must use a copy of the system cert pool. (Defaul
|
||||
`TRAEFIK_CERTIFICATESRESOLVERS_<NAME>_ACME_CERTIFICATESDURATION`:
|
||||
Certificates' duration in hours. (Default: ```2160```)
|
||||
|
||||
`TRAEFIK_CERTIFICATESRESOLVERS_<NAME>_ACME_CLIENTRESPONSEHEADERTIMEOUT`:
|
||||
Timeout for receiving the response headers when communicating with the ACME server. (Default: ```30```)
|
||||
|
||||
`TRAEFIK_CERTIFICATESRESOLVERS_<NAME>_ACME_CLIENTTIMEOUT`:
|
||||
Timeout for a complete HTTP transaction with the ACME server. (Default: ```120```)
|
||||
|
||||
`TRAEFIK_CERTIFICATESRESOLVERS_<NAME>_ACME_DNSCHALLENGE`:
|
||||
Activate DNS-01 Challenge. (Default: ```false```)
|
||||
|
||||
@ -174,6 +180,9 @@ CSR email addresses to use.
|
||||
`TRAEFIK_CERTIFICATESRESOLVERS_<NAME>_ACME_HTTPCHALLENGE`:
|
||||
Activate HTTP-01 Challenge. (Default: ```false```)
|
||||
|
||||
`TRAEFIK_CERTIFICATESRESOLVERS_<NAME>_ACME_HTTPCHALLENGE_DELAY`:
|
||||
Delay between the creation of the challenge and the validation. (Default: ```0```)
|
||||
|
||||
`TRAEFIK_CERTIFICATESRESOLVERS_<NAME>_ACME_HTTPCHALLENGE_ENTRYPOINT`:
|
||||
HTTP challenge EntryPoint
|
||||
|
||||
@ -345,6 +354,9 @@ Environment variables to forward to the wasm guest.
|
||||
`TRAEFIK_EXPERIMENTAL_LOCALPLUGINS_<NAME>_SETTINGS_MOUNTS`:
|
||||
Directory to mount to the wasm guest.
|
||||
|
||||
`TRAEFIK_EXPERIMENTAL_LOCALPLUGINS_<NAME>_SETTINGS_USEUNSAFE`:
|
||||
Allow the plugin to use unsafe package. (Default: ```false```)
|
||||
|
||||
`TRAEFIK_EXPERIMENTAL_OTLPLOGS`:
|
||||
Enables the OpenTelemetry logs integration. (Default: ```false```)
|
||||
|
||||
@ -360,6 +372,9 @@ Environment variables to forward to the wasm guest.
|
||||
`TRAEFIK_EXPERIMENTAL_PLUGINS_<NAME>_SETTINGS_MOUNTS`:
|
||||
Directory to mount to the wasm guest.
|
||||
|
||||
`TRAEFIK_EXPERIMENTAL_PLUGINS_<NAME>_SETTINGS_USEUNSAFE`:
|
||||
Allow the plugin to use unsafe package. (Default: ```false```)
|
||||
|
||||
`TRAEFIK_EXPERIMENTAL_PLUGINS_<NAME>_VERSION`:
|
||||
plugin's version.
|
||||
|
||||
|
||||
@ -511,6 +511,8 @@
|
||||
storage = "foobar"
|
||||
keyType = "foobar"
|
||||
certificatesDuration = 42
|
||||
clientTimeout = "42s"
|
||||
clientResponseHeaderTimeout = "42s"
|
||||
caCertificates = ["foobar", "foobar"]
|
||||
caSystemCertPool = true
|
||||
caServerName = "foobar"
|
||||
@ -529,6 +531,7 @@
|
||||
delayBeforeChecks = "42s"
|
||||
[certificatesResolvers.CertificateResolver0.acme.httpChallenge]
|
||||
entryPoint = "foobar"
|
||||
delay = "42s"
|
||||
[certificatesResolvers.CertificateResolver0.acme.tlsChallenge]
|
||||
[certificatesResolvers.CertificateResolver0.tailscale]
|
||||
[certificatesResolvers.CertificateResolver1]
|
||||
@ -541,6 +544,8 @@
|
||||
storage = "foobar"
|
||||
keyType = "foobar"
|
||||
certificatesDuration = 42
|
||||
clientTimeout = "42s"
|
||||
clientResponseHeaderTimeout = "42s"
|
||||
caCertificates = ["foobar", "foobar"]
|
||||
caSystemCertPool = true
|
||||
caServerName = "foobar"
|
||||
@ -559,6 +564,7 @@
|
||||
delayBeforeChecks = "42s"
|
||||
[certificatesResolvers.CertificateResolver1.acme.httpChallenge]
|
||||
entryPoint = "foobar"
|
||||
delay = "42s"
|
||||
[certificatesResolvers.CertificateResolver1.acme.tlsChallenge]
|
||||
[certificatesResolvers.CertificateResolver1.tailscale]
|
||||
|
||||
@ -573,23 +579,27 @@
|
||||
[experimental.plugins.Descriptor0.settings]
|
||||
envs = ["foobar", "foobar"]
|
||||
mounts = ["foobar", "foobar"]
|
||||
useUnsafe = true
|
||||
[experimental.plugins.Descriptor1]
|
||||
moduleName = "foobar"
|
||||
version = "foobar"
|
||||
[experimental.plugins.Descriptor1.settings]
|
||||
envs = ["foobar", "foobar"]
|
||||
mounts = ["foobar", "foobar"]
|
||||
useUnsafe = true
|
||||
[experimental.localPlugins]
|
||||
[experimental.localPlugins.LocalDescriptor0]
|
||||
moduleName = "foobar"
|
||||
[experimental.localPlugins.LocalDescriptor0.settings]
|
||||
envs = ["foobar", "foobar"]
|
||||
mounts = ["foobar", "foobar"]
|
||||
useUnsafe = true
|
||||
[experimental.localPlugins.LocalDescriptor1]
|
||||
moduleName = "foobar"
|
||||
[experimental.localPlugins.LocalDescriptor1.settings]
|
||||
envs = ["foobar", "foobar"]
|
||||
mounts = ["foobar", "foobar"]
|
||||
useUnsafe = true
|
||||
[experimental.fastProxy]
|
||||
debug = true
|
||||
|
||||
|
||||
@ -557,6 +557,8 @@ certificatesResolvers:
|
||||
kid: foobar
|
||||
hmacEncoded: foobar
|
||||
certificatesDuration: 42
|
||||
clientTimeout: 42s
|
||||
clientResponseHeaderTimeout: 42s
|
||||
caCertificates:
|
||||
- foobar
|
||||
- foobar
|
||||
@ -576,6 +578,7 @@ certificatesResolvers:
|
||||
disablePropagationCheck: true
|
||||
httpChallenge:
|
||||
entryPoint: foobar
|
||||
delay: 42s
|
||||
tlsChallenge: {}
|
||||
tailscale: {}
|
||||
CertificateResolver1:
|
||||
@ -593,6 +596,8 @@ certificatesResolvers:
|
||||
kid: foobar
|
||||
hmacEncoded: foobar
|
||||
certificatesDuration: 42
|
||||
clientTimeout: 42s
|
||||
clientResponseHeaderTimeout: 42s
|
||||
caCertificates:
|
||||
- foobar
|
||||
- foobar
|
||||
@ -612,6 +617,7 @@ certificatesResolvers:
|
||||
disablePropagationCheck: true
|
||||
httpChallenge:
|
||||
entryPoint: foobar
|
||||
delay: 42s
|
||||
tlsChallenge: {}
|
||||
tailscale: {}
|
||||
experimental:
|
||||
@ -626,6 +632,7 @@ experimental:
|
||||
mounts:
|
||||
- foobar
|
||||
- foobar
|
||||
useUnsafe: true
|
||||
Descriptor1:
|
||||
moduleName: foobar
|
||||
version: foobar
|
||||
@ -636,6 +643,7 @@ experimental:
|
||||
mounts:
|
||||
- foobar
|
||||
- foobar
|
||||
useUnsafe: true
|
||||
localPlugins:
|
||||
LocalDescriptor0:
|
||||
moduleName: foobar
|
||||
@ -646,6 +654,7 @@ experimental:
|
||||
mounts:
|
||||
- foobar
|
||||
- foobar
|
||||
useUnsafe: true
|
||||
LocalDescriptor1:
|
||||
moduleName: foobar
|
||||
settings:
|
||||
@ -655,6 +664,7 @@ experimental:
|
||||
mounts:
|
||||
- foobar
|
||||
- foobar
|
||||
useUnsafe: true
|
||||
abortOnPluginFailure: true
|
||||
fastProxy:
|
||||
debug: true
|
||||
|
||||
@ -218,6 +218,14 @@ you'd add the tag `traefik.http.services.{name-of-your-choice}.loadbalancer.pass
|
||||
traefik.http.services.myservice.loadbalancer.healthcheck.interval=10
|
||||
```
|
||||
|
||||
??? info "`traefik.http.services.<service_name>.loadbalancer.healthcheck.unhealthyinterval`"
|
||||
|
||||
See [health check](../services/index.md#health-check) for more information.
|
||||
|
||||
```yaml
|
||||
traefik.http.services.myservice.loadbalancer.healthcheck.unhealthyinterval=10
|
||||
```
|
||||
|
||||
??? info "`traefik.http.services.<service_name>.loadbalancer.healthcheck.path`"
|
||||
|
||||
See [health check](../services/index.md#health-check) for more information.
|
||||
|
||||
@ -333,6 +333,14 @@ you'd add the label `traefik.http.services.<name-of-your-choice>.loadbalancer.pa
|
||||
- "traefik.http.services.myservice.loadbalancer.healthcheck.interval=10s"
|
||||
```
|
||||
|
||||
??? info "`traefik.http.services.<service_name>.loadbalancer.healthcheck.unhealthyinterval`"
|
||||
|
||||
See [health check](../services/index.md#health-check) for more information.
|
||||
|
||||
```yaml
|
||||
- "traefik.http.services.myservice.loadbalancer.healthcheck.unhealthyinterval=10s"
|
||||
```
|
||||
|
||||
??? info "`traefik.http.services.<service_name>.loadbalancer.healthcheck.path`"
|
||||
|
||||
See [health check](../services/index.md#health-check) for more information.
|
||||
|
||||
@ -220,6 +220,14 @@ you'd add the label `traefik.http.services.{name-of-your-choice}.loadbalancer.pa
|
||||
traefik.http.services.myservice.loadbalancer.healthcheck.interval=10
|
||||
```
|
||||
|
||||
??? info "`traefik.http.services.<service_name>.loadbalancer.healthcheck.unhealthyinterval`"
|
||||
|
||||
See [health check](../services/index.md#health-check) for more information.
|
||||
|
||||
```yaml
|
||||
traefik.http.services.myservice.loadbalancer.healthcheck.unhealthyinterval=10
|
||||
```
|
||||
|
||||
??? info "`traefik.http.services.<service_name>.loadbalancer.healthcheck.path`"
|
||||
|
||||
See [health check](../services/index.md#health-check) for more information.
|
||||
|
||||
@ -180,6 +180,14 @@ A Story of key & values
|
||||
|---------------------------------------------------------------------|-------|
|
||||
| `traefik/http/services/myservice/loadbalancer/healthcheck/interval` | `10` |
|
||||
|
||||
??? info "`traefik/http/services/<service_name>/loadbalancer/healthcheck/unhealthyinterval`"
|
||||
|
||||
See [health check](../services/index.md#health-check) for more information.
|
||||
|
||||
| Key (Path) | Value |
|
||||
|------------------------------------------------------------------------------|-------|
|
||||
| `traefik/http/services/myservice/loadbalancer/healthcheck/unhealthyinterval` | `10` |
|
||||
|
||||
??? info "`traefik/http/services/<service_name>/loadbalancer/healthcheck/path`"
|
||||
|
||||
See [health check](../services/index.md#health-check) for more information.
|
||||
|
||||
@ -218,6 +218,14 @@ you'd add the tag `traefik.http.services.{name-of-your-choice}.loadbalancer.pass
|
||||
traefik.http.services.myservice.loadbalancer.healthcheck.interval=10
|
||||
```
|
||||
|
||||
??? info "`traefik.http.services.<service_name>.loadbalancer.healthcheck.unhealthyinterval`"
|
||||
|
||||
See [health check](../services/index.md#health-check) for more information.
|
||||
|
||||
```yaml
|
||||
traefik.http.services.myservice.loadbalancer.healthcheck.unhealthyinterval=10
|
||||
```
|
||||
|
||||
??? info "`traefik.http.services.<service_name>.loadbalancer.healthcheck.path`"
|
||||
|
||||
See [health check](../services/index.md#health-check) for more information.
|
||||
|
||||
@ -347,6 +347,14 @@ you'd add the label `traefik.http.services.<name-of-your-choice>.loadbalancer.pa
|
||||
- "traefik.http.services.myservice.loadbalancer.healthcheck.interval=10s"
|
||||
```
|
||||
|
||||
??? info "`traefik.http.services.<service_name>.loadbalancer.healthcheck.unhealthyinterval`"
|
||||
|
||||
See [health check](../services/index.md#health-check) for more information.
|
||||
|
||||
```yaml
|
||||
- "traefik.http.services.myservice.loadbalancer.healthcheck.unhealthyinterval=10s"
|
||||
```
|
||||
|
||||
??? info "`traefik.http.services.<service_name>.loadbalancer.healthcheck.path`"
|
||||
|
||||
See [health check](../services/index.md#health-check) for more information.
|
||||
|
||||
@ -415,7 +415,8 @@ Below are the available options for the health check mechanism:
|
||||
- `mode` (default: http), if defined to `grpc`, will use the gRPC health check protocol to probe the server.
|
||||
- `hostname` (optional), sets the value of `hostname` in the `Host` header of the health check request.
|
||||
- `port` (optional), replaces the server URL `port` for the health check endpoint.
|
||||
- `interval` (default: 30s), defines the frequency of the health check calls.
|
||||
- `interval` (default: 30s), defines the frequency of the health check calls for healthy targets.
|
||||
- `unhealthyInterval` (default: 30s), defines the frequency of the health check calls for unhealthy targets. When not defined, it defaults to the `interval` value.
|
||||
- `timeout` (default: 5s), defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy.
|
||||
- `headers` (optional), defines custom headers to be sent to the health check endpoint.
|
||||
- `followRedirects` (default: true), defines whether redirects should be followed during the health check calls.
|
||||
@ -424,7 +425,7 @@ Below are the available options for the health check mechanism:
|
||||
|
||||
!!! info "Interval & Timeout Format"
|
||||
|
||||
Interval and timeout are to be given in a format understood by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration).
|
||||
Interval, UnhealthyInterval and Timeout are to be given in a format understood by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration).
|
||||
|
||||
!!! info "Recovering Servers"
|
||||
|
||||
|
||||
@ -136,7 +136,7 @@ spec:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: |-
|
||||
Interval defines the frequency of the health check calls.
|
||||
Interval defines the frequency of the health check calls for healthy targets.
|
||||
Default: 30s
|
||||
x-kubernetes-int-or-string: true
|
||||
method:
|
||||
@ -172,6 +172,15 @@ spec:
|
||||
Timeout defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy.
|
||||
Default: 5s
|
||||
x-kubernetes-int-or-string: true
|
||||
unhealthyInterval:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: |-
|
||||
UnhealthyInterval defines the frequency of the health check calls for unhealthy targets.
|
||||
When UnhealthyInterval is not defined, it defaults to the Interval value.
|
||||
Default: 30s
|
||||
x-kubernetes-int-or-string: true
|
||||
type: object
|
||||
kind:
|
||||
description: Kind defines the kind of the Service.
|
||||
@ -1069,7 +1078,7 @@ spec:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: |-
|
||||
Interval defines the frequency of the health check calls.
|
||||
Interval defines the frequency of the health check calls for healthy targets.
|
||||
Default: 30s
|
||||
x-kubernetes-int-or-string: true
|
||||
method:
|
||||
@ -1105,6 +1114,15 @@ spec:
|
||||
Timeout defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy.
|
||||
Default: 5s
|
||||
x-kubernetes-int-or-string: true
|
||||
unhealthyInterval:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: |-
|
||||
UnhealthyInterval defines the frequency of the health check calls for unhealthy targets.
|
||||
When UnhealthyInterval is not defined, it defaults to the Interval value.
|
||||
Default: 30s
|
||||
x-kubernetes-int-or-string: true
|
||||
type: object
|
||||
kind:
|
||||
description: Kind defines the kind of the Service.
|
||||
@ -2741,7 +2759,7 @@ spec:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: |-
|
||||
Interval defines the frequency of the health check calls.
|
||||
Interval defines the frequency of the health check calls for healthy targets.
|
||||
Default: 30s
|
||||
x-kubernetes-int-or-string: true
|
||||
method:
|
||||
@ -2777,6 +2795,15 @@ spec:
|
||||
Timeout defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy.
|
||||
Default: 5s
|
||||
x-kubernetes-int-or-string: true
|
||||
unhealthyInterval:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: |-
|
||||
UnhealthyInterval defines the frequency of the health check calls for unhealthy targets.
|
||||
When UnhealthyInterval is not defined, it defaults to the Interval value.
|
||||
Default: 30s
|
||||
x-kubernetes-int-or-string: true
|
||||
type: object
|
||||
kind:
|
||||
description: Kind defines the kind of the Service.
|
||||
@ -2826,7 +2853,7 @@ spec:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: |-
|
||||
Interval defines the frequency of the health check calls.
|
||||
Interval defines the frequency of the health check calls for healthy targets.
|
||||
Default: 30s
|
||||
x-kubernetes-int-or-string: true
|
||||
method:
|
||||
@ -2862,6 +2889,15 @@ spec:
|
||||
Timeout defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy.
|
||||
Default: 5s
|
||||
x-kubernetes-int-or-string: true
|
||||
unhealthyInterval:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: |-
|
||||
UnhealthyInterval defines the frequency of the health check calls for unhealthy targets.
|
||||
When UnhealthyInterval is not defined, it defaults to the Interval value.
|
||||
Default: 30s
|
||||
x-kubernetes-int-or-string: true
|
||||
type: object
|
||||
kind:
|
||||
description: Kind defines the kind of the Service.
|
||||
@ -3163,7 +3199,7 @@ spec:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: |-
|
||||
Interval defines the frequency of the health check calls.
|
||||
Interval defines the frequency of the health check calls for healthy targets.
|
||||
Default: 30s
|
||||
x-kubernetes-int-or-string: true
|
||||
method:
|
||||
@ -3199,6 +3235,15 @@ spec:
|
||||
Timeout defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy.
|
||||
Default: 5s
|
||||
x-kubernetes-int-or-string: true
|
||||
unhealthyInterval:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: |-
|
||||
UnhealthyInterval defines the frequency of the health check calls for unhealthy targets.
|
||||
When UnhealthyInterval is not defined, it defaults to the Interval value.
|
||||
Default: 30s
|
||||
x-kubernetes-int-or-string: true
|
||||
type: object
|
||||
kind:
|
||||
description: Kind defines the kind of the Service.
|
||||
|
||||
@ -299,17 +299,18 @@ type Server struct {
|
||||
|
||||
// ServerHealthCheck holds the HealthCheck configuration.
|
||||
type ServerHealthCheck struct {
|
||||
Scheme string `json:"scheme,omitempty" toml:"scheme,omitempty" yaml:"scheme,omitempty" export:"true"`
|
||||
Mode string `json:"mode,omitempty" toml:"mode,omitempty" yaml:"mode,omitempty" export:"true"`
|
||||
Path string `json:"path,omitempty" toml:"path,omitempty" yaml:"path,omitempty" export:"true"`
|
||||
Method string `json:"method,omitempty" toml:"method,omitempty" yaml:"method,omitempty" export:"true"`
|
||||
Status int `json:"status,omitempty" toml:"status,omitempty" yaml:"status,omitempty" export:"true"`
|
||||
Port int `json:"port,omitempty" toml:"port,omitempty,omitzero" yaml:"port,omitempty" export:"true"`
|
||||
Interval ptypes.Duration `json:"interval,omitempty" toml:"interval,omitempty" yaml:"interval,omitempty" export:"true"`
|
||||
Timeout ptypes.Duration `json:"timeout,omitempty" toml:"timeout,omitempty" yaml:"timeout,omitempty" export:"true"`
|
||||
Hostname string `json:"hostname,omitempty" toml:"hostname,omitempty" yaml:"hostname,omitempty"`
|
||||
FollowRedirects *bool `json:"followRedirects,omitempty" toml:"followRedirects,omitempty" yaml:"followRedirects,omitempty" export:"true"`
|
||||
Headers map[string]string `json:"headers,omitempty" toml:"headers,omitempty" yaml:"headers,omitempty" export:"true"`
|
||||
Scheme string `json:"scheme,omitempty" toml:"scheme,omitempty" yaml:"scheme,omitempty" export:"true"`
|
||||
Mode string `json:"mode,omitempty" toml:"mode,omitempty" yaml:"mode,omitempty" export:"true"`
|
||||
Path string `json:"path,omitempty" toml:"path,omitempty" yaml:"path,omitempty" export:"true"`
|
||||
Method string `json:"method,omitempty" toml:"method,omitempty" yaml:"method,omitempty" export:"true"`
|
||||
Status int `json:"status,omitempty" toml:"status,omitempty" yaml:"status,omitempty" export:"true"`
|
||||
Port int `json:"port,omitempty" toml:"port,omitempty,omitzero" yaml:"port,omitempty" export:"true"`
|
||||
Interval ptypes.Duration `json:"interval,omitempty" toml:"interval,omitempty" yaml:"interval,omitempty" export:"true"`
|
||||
UnhealthyInterval *ptypes.Duration `json:"unhealthyInterval,omitempty" toml:"unhealthyInterval,omitempty" yaml:"unhealthyInterval,omitempty" export:"true"`
|
||||
Timeout ptypes.Duration `json:"timeout,omitempty" toml:"timeout,omitempty" yaml:"timeout,omitempty" export:"true"`
|
||||
Hostname string `json:"hostname,omitempty" toml:"hostname,omitempty" yaml:"hostname,omitempty"`
|
||||
FollowRedirects *bool `json:"followRedirects,omitempty" toml:"followRedirects,omitempty" yaml:"followRedirects,omitempty" export:"true"`
|
||||
Headers map[string]string `json:"headers,omitempty" toml:"headers,omitempty" yaml:"headers,omitempty" export:"true"`
|
||||
}
|
||||
|
||||
// SetDefaults Default values for a HealthCheck.
|
||||
|
||||
@ -1428,6 +1428,11 @@ func (in *Server) DeepCopy() *Server {
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *ServerHealthCheck) DeepCopyInto(out *ServerHealthCheck) {
|
||||
*out = *in
|
||||
if in.UnhealthyInterval != nil {
|
||||
in, out := &in.UnhealthyInterval, &out.UnhealthyInterval
|
||||
*out = new(paersertypes.Duration)
|
||||
**out = **in
|
||||
}
|
||||
if in.FollowRedirects != nil {
|
||||
in, out := &in.FollowRedirects, &out.FollowRedirects
|
||||
*out = new(bool)
|
||||
|
||||
@ -162,6 +162,7 @@ func TestDecodeConfiguration(t *testing.T) {
|
||||
"traefik.http.services.Service0.loadbalancer.healthcheck.headers.name1": "foobar",
|
||||
"traefik.http.services.Service0.loadbalancer.healthcheck.hostname": "foobar",
|
||||
"traefik.http.services.Service0.loadbalancer.healthcheck.interval": "1s",
|
||||
"traefik.http.services.Service0.loadbalancer.healthcheck.unhealthyinterval": "1s",
|
||||
"traefik.http.services.Service0.loadbalancer.healthcheck.path": "foobar",
|
||||
"traefik.http.services.Service0.loadbalancer.healthcheck.method": "foobar",
|
||||
"traefik.http.services.Service0.loadbalancer.healthcheck.status": "401",
|
||||
@ -186,6 +187,7 @@ func TestDecodeConfiguration(t *testing.T) {
|
||||
"traefik.http.services.Service1.loadbalancer.healthcheck.headers.name1": "foobar",
|
||||
"traefik.http.services.Service1.loadbalancer.healthcheck.hostname": "foobar",
|
||||
"traefik.http.services.Service1.loadbalancer.healthcheck.interval": "1s",
|
||||
"traefik.http.services.Service1.loadbalancer.healthcheck.unhealthyinterval": "1s",
|
||||
"traefik.http.services.Service1.loadbalancer.healthcheck.path": "foobar",
|
||||
"traefik.http.services.Service1.loadbalancer.healthcheck.method": "foobar",
|
||||
"traefik.http.services.Service1.loadbalancer.healthcheck.status": "401",
|
||||
@ -701,15 +703,16 @@ func TestDecodeConfiguration(t *testing.T) {
|
||||
},
|
||||
},
|
||||
HealthCheck: &dynamic.ServerHealthCheck{
|
||||
Scheme: "foobar",
|
||||
Mode: "foobar",
|
||||
Path: "foobar",
|
||||
Method: "foobar",
|
||||
Status: 401,
|
||||
Port: 42,
|
||||
Interval: ptypes.Duration(time.Second),
|
||||
Timeout: ptypes.Duration(time.Second),
|
||||
Hostname: "foobar",
|
||||
Scheme: "foobar",
|
||||
Mode: "foobar",
|
||||
Path: "foobar",
|
||||
Method: "foobar",
|
||||
Status: 401,
|
||||
Port: 42,
|
||||
Interval: ptypes.Duration(time.Second),
|
||||
UnhealthyInterval: pointer(ptypes.Duration(time.Second)),
|
||||
Timeout: ptypes.Duration(time.Second),
|
||||
Hostname: "foobar",
|
||||
Headers: map[string]string{
|
||||
"name0": "foobar",
|
||||
"name1": "foobar",
|
||||
@ -735,15 +738,16 @@ func TestDecodeConfiguration(t *testing.T) {
|
||||
},
|
||||
},
|
||||
HealthCheck: &dynamic.ServerHealthCheck{
|
||||
Scheme: "foobar",
|
||||
Mode: "foobar",
|
||||
Path: "foobar",
|
||||
Method: "foobar",
|
||||
Status: 401,
|
||||
Port: 42,
|
||||
Interval: ptypes.Duration(time.Second),
|
||||
Timeout: ptypes.Duration(time.Second),
|
||||
Hostname: "foobar",
|
||||
Scheme: "foobar",
|
||||
Mode: "foobar",
|
||||
Path: "foobar",
|
||||
Method: "foobar",
|
||||
Status: 401,
|
||||
Port: 42,
|
||||
Interval: ptypes.Duration(time.Second),
|
||||
UnhealthyInterval: pointer(ptypes.Duration(time.Second)),
|
||||
Timeout: ptypes.Duration(time.Second),
|
||||
Hostname: "foobar",
|
||||
Headers: map[string]string{
|
||||
"name0": "foobar",
|
||||
"name1": "foobar",
|
||||
@ -1244,14 +1248,15 @@ func TestEncodeConfiguration(t *testing.T) {
|
||||
},
|
||||
},
|
||||
HealthCheck: &dynamic.ServerHealthCheck{
|
||||
Scheme: "foobar",
|
||||
Path: "foobar",
|
||||
Method: "foobar",
|
||||
Status: 401,
|
||||
Port: 42,
|
||||
Interval: ptypes.Duration(time.Second),
|
||||
Timeout: ptypes.Duration(time.Second),
|
||||
Hostname: "foobar",
|
||||
Scheme: "foobar",
|
||||
Path: "foobar",
|
||||
Method: "foobar",
|
||||
Status: 401,
|
||||
Port: 42,
|
||||
Interval: ptypes.Duration(time.Second),
|
||||
UnhealthyInterval: pointer(ptypes.Duration(time.Second)),
|
||||
Timeout: ptypes.Duration(time.Second),
|
||||
Hostname: "foobar",
|
||||
Headers: map[string]string{
|
||||
"name0": "foobar",
|
||||
"name1": "foobar",
|
||||
@ -1276,14 +1281,15 @@ func TestEncodeConfiguration(t *testing.T) {
|
||||
},
|
||||
},
|
||||
HealthCheck: &dynamic.ServerHealthCheck{
|
||||
Scheme: "foobar",
|
||||
Path: "foobar",
|
||||
Method: "foobar",
|
||||
Status: 401,
|
||||
Port: 42,
|
||||
Interval: ptypes.Duration(time.Second),
|
||||
Timeout: ptypes.Duration(time.Second),
|
||||
Hostname: "foobar",
|
||||
Scheme: "foobar",
|
||||
Path: "foobar",
|
||||
Method: "foobar",
|
||||
Status: 401,
|
||||
Port: 42,
|
||||
Interval: ptypes.Duration(time.Second),
|
||||
UnhealthyInterval: pointer(ptypes.Duration(time.Second)),
|
||||
Timeout: ptypes.Duration(time.Second),
|
||||
Hostname: "foobar",
|
||||
Headers: map[string]string{
|
||||
"name0": "foobar",
|
||||
"name1": "foobar",
|
||||
@ -1471,6 +1477,7 @@ func TestEncodeConfiguration(t *testing.T) {
|
||||
"traefik.HTTP.Services.Service0.LoadBalancer.HealthCheck.Headers.name1": "foobar",
|
||||
"traefik.HTTP.Services.Service0.LoadBalancer.HealthCheck.Hostname": "foobar",
|
||||
"traefik.HTTP.Services.Service0.LoadBalancer.HealthCheck.Interval": "1000000000",
|
||||
"traefik.HTTP.Services.Service0.LoadBalancer.HealthCheck.UnhealthyInterval": "1000000000",
|
||||
"traefik.HTTP.Services.Service0.LoadBalancer.HealthCheck.Path": "foobar",
|
||||
"traefik.HTTP.Services.Service0.LoadBalancer.HealthCheck.Method": "foobar",
|
||||
"traefik.HTTP.Services.Service0.LoadBalancer.HealthCheck.Status": "401",
|
||||
@ -1495,6 +1502,7 @@ func TestEncodeConfiguration(t *testing.T) {
|
||||
"traefik.HTTP.Services.Service1.LoadBalancer.HealthCheck.Headers.name1": "foobar",
|
||||
"traefik.HTTP.Services.Service1.LoadBalancer.HealthCheck.Hostname": "foobar",
|
||||
"traefik.HTTP.Services.Service1.LoadBalancer.HealthCheck.Interval": "1000000000",
|
||||
"traefik.HTTP.Services.Service1.LoadBalancer.HealthCheck.UnhealthyInterval": "1000000000",
|
||||
"traefik.HTTP.Services.Service1.LoadBalancer.HealthCheck.Path": "foobar",
|
||||
"traefik.HTTP.Services.Service1.LoadBalancer.HealthCheck.Method": "foobar",
|
||||
"traefik.HTTP.Services.Service1.LoadBalancer.HealthCheck.Status": "401",
|
||||
|
||||
@ -40,18 +40,27 @@ type metricsHealthCheck interface {
|
||||
ServiceServerUpGauge() gokitmetrics.Gauge
|
||||
}
|
||||
|
||||
type target struct {
|
||||
targetURL *url.URL
|
||||
name string
|
||||
}
|
||||
|
||||
type ServiceHealthChecker struct {
|
||||
balancer StatusSetter
|
||||
info *runtime.ServiceInfo
|
||||
|
||||
config *dynamic.ServerHealthCheck
|
||||
interval time.Duration
|
||||
timeout time.Duration
|
||||
config *dynamic.ServerHealthCheck
|
||||
interval time.Duration
|
||||
unhealthyInterval time.Duration
|
||||
timeout time.Duration
|
||||
|
||||
metrics metricsHealthCheck
|
||||
|
||||
client *http.Client
|
||||
targets map[string]*url.URL
|
||||
client *http.Client
|
||||
|
||||
healthyTargets chan target
|
||||
unhealthyTargets chan target
|
||||
|
||||
serviceName string
|
||||
}
|
||||
|
||||
@ -60,13 +69,26 @@ func NewServiceHealthChecker(ctx context.Context, metrics metricsHealthCheck, co
|
||||
|
||||
interval := time.Duration(config.Interval)
|
||||
if interval <= 0 {
|
||||
logger.Error().Msg("Health check interval smaller than zero")
|
||||
logger.Error().Msg("Health check interval smaller than zero, default value will be used instead.")
|
||||
interval = time.Duration(dynamic.DefaultHealthCheckInterval)
|
||||
}
|
||||
|
||||
// If the unhealthyInterval option is not set, we use the interval option value,
|
||||
// to check the unhealthy targets as often as the healthy ones.
|
||||
var unhealthyInterval time.Duration
|
||||
if config.UnhealthyInterval == nil {
|
||||
unhealthyInterval = interval
|
||||
} else {
|
||||
unhealthyInterval = time.Duration(*config.UnhealthyInterval)
|
||||
if unhealthyInterval <= 0 {
|
||||
logger.Error().Msg("Health check unhealthy interval smaller than zero, default value will be used instead.")
|
||||
unhealthyInterval = time.Duration(dynamic.DefaultHealthCheckInterval)
|
||||
}
|
||||
}
|
||||
|
||||
timeout := time.Duration(config.Timeout)
|
||||
if timeout <= 0 {
|
||||
logger.Error().Msg("Health check timeout smaller than zero")
|
||||
logger.Error().Msg("Health check timeout smaller than zero, default value will be used instead.")
|
||||
timeout = time.Duration(dynamic.DefaultHealthCheckTimeout)
|
||||
}
|
||||
|
||||
@ -80,21 +102,38 @@ func NewServiceHealthChecker(ctx context.Context, metrics metricsHealthCheck, co
|
||||
}
|
||||
}
|
||||
|
||||
healthyTargets := make(chan target, len(targets))
|
||||
for name, targetURL := range targets {
|
||||
healthyTargets <- target{
|
||||
targetURL: targetURL,
|
||||
name: name,
|
||||
}
|
||||
}
|
||||
unhealthyTargets := make(chan target, len(targets))
|
||||
|
||||
return &ServiceHealthChecker{
|
||||
balancer: service,
|
||||
info: info,
|
||||
config: config,
|
||||
interval: interval,
|
||||
timeout: timeout,
|
||||
targets: targets,
|
||||
serviceName: serviceName,
|
||||
client: client,
|
||||
metrics: metrics,
|
||||
balancer: service,
|
||||
info: info,
|
||||
config: config,
|
||||
interval: interval,
|
||||
unhealthyInterval: unhealthyInterval,
|
||||
timeout: timeout,
|
||||
healthyTargets: healthyTargets,
|
||||
unhealthyTargets: unhealthyTargets,
|
||||
serviceName: serviceName,
|
||||
client: client,
|
||||
metrics: metrics,
|
||||
}
|
||||
}
|
||||
|
||||
func (shc *ServiceHealthChecker) Launch(ctx context.Context) {
|
||||
ticker := time.NewTicker(shc.interval)
|
||||
go shc.healthcheck(ctx, shc.unhealthyTargets, shc.unhealthyInterval)
|
||||
|
||||
shc.healthcheck(ctx, shc.healthyTargets, shc.interval)
|
||||
}
|
||||
|
||||
func (shc *ServiceHealthChecker) healthcheck(ctx context.Context, targets chan target, interval time.Duration) {
|
||||
ticker := time.NewTicker(interval)
|
||||
defer ticker.Stop()
|
||||
|
||||
for {
|
||||
@ -103,7 +142,23 @@ func (shc *ServiceHealthChecker) Launch(ctx context.Context) {
|
||||
return
|
||||
|
||||
case <-ticker.C:
|
||||
for proxyName, target := range shc.targets {
|
||||
// We collect the targets to check once for all,
|
||||
// to avoid rechecking a target that has been moved during the health check.
|
||||
var targetsToCheck []target
|
||||
hasMoreTargets := true
|
||||
for hasMoreTargets {
|
||||
select {
|
||||
case <-ctx.Done():
|
||||
return
|
||||
case target := <-targets:
|
||||
targetsToCheck = append(targetsToCheck, target)
|
||||
default:
|
||||
hasMoreTargets = false
|
||||
}
|
||||
}
|
||||
|
||||
// Now we can check the targets.
|
||||
for _, target := range targetsToCheck {
|
||||
select {
|
||||
case <-ctx.Done():
|
||||
return
|
||||
@ -113,14 +168,14 @@ func (shc *ServiceHealthChecker) Launch(ctx context.Context) {
|
||||
up := true
|
||||
serverUpMetricValue := float64(1)
|
||||
|
||||
if err := shc.executeHealthCheck(ctx, shc.config, target); err != nil {
|
||||
if err := shc.executeHealthCheck(ctx, shc.config, target.targetURL); err != nil {
|
||||
// The context is canceled when the dynamic configuration is refreshed.
|
||||
if errors.Is(err, context.Canceled) {
|
||||
return
|
||||
}
|
||||
|
||||
log.Ctx(ctx).Warn().
|
||||
Str("targetURL", target.String()).
|
||||
Str("targetURL", target.targetURL.String()).
|
||||
Err(err).
|
||||
Msg("Health check failed.")
|
||||
|
||||
@ -128,17 +183,21 @@ func (shc *ServiceHealthChecker) Launch(ctx context.Context) {
|
||||
serverUpMetricValue = float64(0)
|
||||
}
|
||||
|
||||
shc.balancer.SetStatus(ctx, proxyName, up)
|
||||
shc.balancer.SetStatus(ctx, target.name, up)
|
||||
|
||||
statusStr := runtime.StatusDown
|
||||
var statusStr string
|
||||
if up {
|
||||
statusStr = runtime.StatusUp
|
||||
shc.healthyTargets <- target
|
||||
} else {
|
||||
statusStr = runtime.StatusDown
|
||||
shc.unhealthyTargets <- target
|
||||
}
|
||||
|
||||
shc.info.UpdateServerStatus(target.String(), statusStr)
|
||||
shc.info.UpdateServerStatus(target.targetURL.String(), statusStr)
|
||||
|
||||
shc.metrics.ServiceServerUpGauge().
|
||||
With("service", shc.serviceName, "url", target.String()).
|
||||
With("service", shc.serviceName, "url", target.targetURL.String()).
|
||||
Set(serverUpMetricValue)
|
||||
}
|
||||
}
|
||||
|
||||
@ -419,11 +419,12 @@ func TestServiceHealthChecker_Launch(t *testing.T) {
|
||||
lb := &testLoadBalancer{RWMutex: &sync.RWMutex{}}
|
||||
|
||||
config := &dynamic.ServerHealthCheck{
|
||||
Mode: test.mode,
|
||||
Status: test.status,
|
||||
Path: "/path",
|
||||
Interval: ptypes.Duration(500 * time.Millisecond),
|
||||
Timeout: ptypes.Duration(499 * time.Millisecond),
|
||||
Mode: test.mode,
|
||||
Status: test.status,
|
||||
Path: "/path",
|
||||
Interval: ptypes.Duration(500 * time.Millisecond),
|
||||
UnhealthyInterval: pointer(ptypes.Duration(500 * time.Millisecond)),
|
||||
Timeout: ptypes.Duration(499 * time.Millisecond),
|
||||
}
|
||||
|
||||
gauge := &testhelpers.CollectingGauge{}
|
||||
@ -456,3 +457,54 @@ func TestServiceHealthChecker_Launch(t *testing.T) {
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestDifferentIntervals(t *testing.T) {
|
||||
// The context is passed to the health check and
|
||||
// canonically canceled by the test server once all expected requests have been received.
|
||||
ctx, cancel := context.WithCancel(context.Background())
|
||||
t.Cleanup(cancel)
|
||||
|
||||
healthyServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
|
||||
w.WriteHeader(http.StatusOK)
|
||||
}))
|
||||
healthyURL := testhelpers.MustParseURL(healthyServer.URL)
|
||||
|
||||
unhealthyServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
|
||||
w.WriteHeader(http.StatusServiceUnavailable)
|
||||
}))
|
||||
unhealthyURL := testhelpers.MustParseURL(unhealthyServer.URL)
|
||||
|
||||
lb := &testLoadBalancer{RWMutex: &sync.RWMutex{}}
|
||||
|
||||
config := &dynamic.ServerHealthCheck{
|
||||
Mode: "http",
|
||||
Path: "/path",
|
||||
Interval: ptypes.Duration(500 * time.Millisecond),
|
||||
UnhealthyInterval: pointer(ptypes.Duration(50 * time.Millisecond)),
|
||||
Timeout: ptypes.Duration(499 * time.Millisecond),
|
||||
}
|
||||
|
||||
gauge := &testhelpers.CollectingGauge{}
|
||||
serviceInfo := &runtime.ServiceInfo{}
|
||||
hc := NewServiceHealthChecker(ctx, &MetricsMock{gauge}, config, lb, serviceInfo, http.DefaultTransport, map[string]*url.URL{"healthy": healthyURL, "unhealthy": unhealthyURL}, "foobar")
|
||||
|
||||
wg := sync.WaitGroup{}
|
||||
wg.Add(1)
|
||||
|
||||
go func() {
|
||||
hc.Launch(ctx)
|
||||
wg.Done()
|
||||
}()
|
||||
|
||||
select {
|
||||
case <-time.After(2 * time.Second):
|
||||
break
|
||||
case <-ctx.Done():
|
||||
wg.Wait()
|
||||
}
|
||||
|
||||
lb.Lock()
|
||||
defer lb.Unlock()
|
||||
|
||||
assert.Greater(t, lb.numRemovedServers, lb.numUpsertedServers, "removed servers greater than upserted servers")
|
||||
}
|
||||
|
||||
@ -60,7 +60,7 @@ func NewBuilder(client *Client, plugins map[string]Descriptor, localPlugins map[
|
||||
pb.middlewareBuilders[pName] = middleware
|
||||
|
||||
case typeProvider:
|
||||
pBuilder, err := newProviderBuilder(logCtx, manifest, client.GoPath())
|
||||
pBuilder, err := newProviderBuilder(logCtx, manifest, client.GoPath(), desc.Settings)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("%s: %w", desc.ModuleName, err)
|
||||
}
|
||||
@ -95,7 +95,7 @@ func NewBuilder(client *Client, plugins map[string]Descriptor, localPlugins map[
|
||||
pb.middlewareBuilders[pName] = middleware
|
||||
|
||||
case typeProvider:
|
||||
builder, err := newProviderBuilder(logCtx, manifest, localGoPath)
|
||||
builder, err := newProviderBuilder(logCtx, manifest, localGoPath, desc.Settings)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("%s: %w", desc.ModuleName, err)
|
||||
}
|
||||
@ -139,7 +139,7 @@ func newMiddlewareBuilder(ctx context.Context, goPath string, manifest *Manifest
|
||||
return newWasmMiddlewareBuilder(goPath, moduleName, wasmPath, settings)
|
||||
|
||||
case runtimeYaegi, "":
|
||||
i, err := newInterpreter(ctx, goPath, manifest.Import)
|
||||
i, err := newInterpreter(ctx, goPath, manifest, settings)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to create Yaegi interpreter: %w", err)
|
||||
}
|
||||
@ -151,10 +151,10 @@ func newMiddlewareBuilder(ctx context.Context, goPath string, manifest *Manifest
|
||||
}
|
||||
}
|
||||
|
||||
func newProviderBuilder(ctx context.Context, manifest *Manifest, goPath string) (providerBuilder, error) {
|
||||
func newProviderBuilder(ctx context.Context, manifest *Manifest, goPath string, settings Settings) (providerBuilder, error) {
|
||||
switch manifest.Runtime {
|
||||
case runtimeYaegi, "":
|
||||
i, err := newInterpreter(ctx, goPath, manifest.Import)
|
||||
i, err := newInterpreter(ctx, goPath, manifest, settings)
|
||||
if err != nil {
|
||||
return providerBuilder{}, err
|
||||
}
|
||||
|
||||
@ -2,6 +2,7 @@ package plugins
|
||||
|
||||
import (
|
||||
"context"
|
||||
"errors"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"os"
|
||||
@ -15,6 +16,7 @@ import (
|
||||
"github.com/traefik/traefik/v3/pkg/logs"
|
||||
"github.com/traefik/yaegi/interp"
|
||||
"github.com/traefik/yaegi/stdlib"
|
||||
"github.com/traefik/yaegi/stdlib/unsafe"
|
||||
)
|
||||
|
||||
type yaegiMiddlewareBuilder struct {
|
||||
@ -119,7 +121,7 @@ func (m *YaegiMiddleware) NewHandler(ctx context.Context, next http.Handler) (ht
|
||||
return m.builder.newHandler(ctx, next, m.config, m.middlewareName)
|
||||
}
|
||||
|
||||
func newInterpreter(ctx context.Context, goPath string, manifestImport string) (*interp.Interpreter, error) {
|
||||
func newInterpreter(ctx context.Context, goPath string, manifest *Manifest, settings Settings) (*interp.Interpreter, error) {
|
||||
i := interp.New(interp.Options{
|
||||
GoPath: goPath,
|
||||
Env: os.Environ(),
|
||||
@ -132,14 +134,25 @@ func newInterpreter(ctx context.Context, goPath string, manifestImport string) (
|
||||
return nil, fmt.Errorf("failed to load symbols: %w", err)
|
||||
}
|
||||
|
||||
if manifest.UseUnsafe && !settings.UseUnsafe {
|
||||
return nil, errors.New("this plugin uses unsafe import. If you want to use it, you need to allow useUnsafe in the settings")
|
||||
}
|
||||
|
||||
if settings.UseUnsafe && manifest.UseUnsafe {
|
||||
err := i.Use(unsafe.Symbols)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to load unsafe symbols: %w", err)
|
||||
}
|
||||
}
|
||||
|
||||
err = i.Use(ppSymbols())
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to load provider symbols: %w", err)
|
||||
}
|
||||
|
||||
_, err = i.Eval(fmt.Sprintf(`import "%s"`, manifestImport))
|
||||
_, err = i.Eval(fmt.Sprintf(`import "%s"`, manifest.Import))
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to import plugin code %q: %w", manifestImport, err)
|
||||
return nil, fmt.Errorf("failed to import plugin code %q: %w", manifest.Import, err)
|
||||
}
|
||||
|
||||
return i, nil
|
||||
|
||||
@ -11,8 +11,9 @@ const (
|
||||
)
|
||||
|
||||
type Settings struct {
|
||||
Envs []string `description:"Environment variables to forward to the wasm guest." json:"envs,omitempty" toml:"envs,omitempty" yaml:"envs,omitempty"`
|
||||
Mounts []string `description:"Directory to mount to the wasm guest." json:"mounts,omitempty" toml:"mounts,omitempty" yaml:"mounts,omitempty"`
|
||||
Envs []string `description:"Environment variables to forward to the wasm guest." json:"envs,omitempty" toml:"envs,omitempty" yaml:"envs,omitempty"`
|
||||
Mounts []string `description:"Directory to mount to the wasm guest." json:"mounts,omitempty" toml:"mounts,omitempty" yaml:"mounts,omitempty"`
|
||||
UseUnsafe bool `description:"Allow the plugin to use unsafe package." json:"useUnsafe,omitempty" toml:"useUnsafe,omitempty" yaml:"useUnsafe,omitempty"`
|
||||
}
|
||||
|
||||
// Descriptor The static part of a plugin configuration.
|
||||
@ -46,6 +47,7 @@ type Manifest struct {
|
||||
BasePkg string `yaml:"basePkg"`
|
||||
Compatibility string `yaml:"compatibility"`
|
||||
Summary string `yaml:"summary"`
|
||||
UseUnsafe bool `yaml:"useUnsafe"`
|
||||
TestData map[string]interface{} `yaml:"testData"`
|
||||
}
|
||||
|
||||
|
||||
@ -20,6 +20,7 @@ import (
|
||||
"github.com/go-acme/lego/v4/certificate"
|
||||
"github.com/go-acme/lego/v4/challenge"
|
||||
"github.com/go-acme/lego/v4/challenge/dns01"
|
||||
"github.com/go-acme/lego/v4/challenge/http01"
|
||||
"github.com/go-acme/lego/v4/lego"
|
||||
"github.com/go-acme/lego/v4/providers/dns"
|
||||
"github.com/go-acme/lego/v4/registration"
|
||||
@ -49,6 +50,9 @@ type Configuration struct {
|
||||
EAB *EAB `description:"External Account Binding to use." json:"eab,omitempty" toml:"eab,omitempty" yaml:"eab,omitempty"`
|
||||
CertificatesDuration int `description:"Certificates' duration in hours." json:"certificatesDuration,omitempty" toml:"certificatesDuration,omitempty" yaml:"certificatesDuration,omitempty" export:"true"`
|
||||
|
||||
ClientTimeout ptypes.Duration `description:"Timeout for a complete HTTP transaction with the ACME server." json:"clientTimeout,omitempty" toml:"clientTimeout,omitempty" yaml:"clientTimeout,omitempty" label:"allowEmpty" file:"allowEmpty" export:"true"`
|
||||
ClientResponseHeaderTimeout ptypes.Duration `description:"Timeout for receiving the response headers when communicating with the ACME server." json:"clientResponseHeaderTimeout,omitempty" toml:"clientResponseHeaderTimeout,omitempty" yaml:"clientResponseHeaderTimeout,omitempty" label:"allowEmpty" file:"allowEmpty" export:"true"`
|
||||
|
||||
CACertificates []string `description:"Specify the paths to PEM encoded CA Certificates that can be used to authenticate an ACME server with an HTTPS certificate not issued by a CA in the system-wide trusted root list." json:"caCertificates,omitempty" toml:"caCertificates,omitempty" yaml:"caCertificates,omitempty"`
|
||||
CASystemCertPool bool `description:"Define if the certificates pool must use a copy of the system cert pool." json:"caSystemCertPool,omitempty" toml:"caSystemCertPool,omitempty" yaml:"caSystemCertPool,omitempty" export:"true"`
|
||||
CAServerName string `description:"Specify the CA server name that can be used to authenticate an ACME server with an HTTPS certificate not issued by a CA in the system-wide trusted root list." json:"caServerName,omitempty" toml:"caServerName,omitempty" yaml:"caServerName,omitempty" export:"true"`
|
||||
@ -64,6 +68,8 @@ func (a *Configuration) SetDefaults() {
|
||||
a.Storage = "acme.json"
|
||||
a.KeyType = "RSA4096"
|
||||
a.CertificatesDuration = 3 * 30 * 24 // 90 Days
|
||||
a.ClientTimeout = ptypes.Duration(2 * time.Minute)
|
||||
a.ClientResponseHeaderTimeout = ptypes.Duration(30 * time.Second)
|
||||
}
|
||||
|
||||
// CertAndStore allows mapping a TLS certificate to a TLS store.
|
||||
@ -106,7 +112,8 @@ type Propagation struct {
|
||||
|
||||
// HTTPChallenge contains HTTP challenge configuration.
|
||||
type HTTPChallenge struct {
|
||||
EntryPoint string `description:"HTTP challenge EntryPoint" json:"entryPoint,omitempty" toml:"entryPoint,omitempty" yaml:"entryPoint,omitempty" export:"true"`
|
||||
EntryPoint string `description:"HTTP challenge EntryPoint" json:"entryPoint,omitempty" toml:"entryPoint,omitempty" yaml:"entryPoint,omitempty" export:"true"`
|
||||
Delay ptypes.Duration `description:"Delay between the creation of the challenge and the validation." json:"delay,omitempty" toml:"delay,omitempty" yaml:"delay,omitempty" export:"true"`
|
||||
}
|
||||
|
||||
// TLSChallenge contains TLS challenge configuration.
|
||||
@ -162,6 +169,10 @@ func (p *Provider) Init() error {
|
||||
return errors.New("cannot manage certificates with duration lower than 1 hour")
|
||||
}
|
||||
|
||||
if p.ClientTimeout < p.ClientResponseHeaderTimeout {
|
||||
return errors.New("clientTimeout must be at least clientResponseHeaderTimeout")
|
||||
}
|
||||
|
||||
var err error
|
||||
p.account, err = p.Store.GetAccount(p.ResolverName)
|
||||
if err != nil {
|
||||
@ -351,7 +362,7 @@ func (p *Provider) getClient() (*lego.Client, error) {
|
||||
if p.HTTPChallenge != nil && len(p.HTTPChallenge.EntryPoint) > 0 {
|
||||
logger.Debug().Msg("Using HTTP Challenge provider.")
|
||||
|
||||
err = client.Challenge.SetHTTP01Provider(p.HTTPChallengeProvider)
|
||||
err = client.Challenge.SetHTTP01Provider(p.HTTPChallengeProvider, http01.SetDelay(time.Duration(p.HTTPChallenge.Delay)))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@ -377,7 +388,7 @@ func (p *Provider) createHTTPClient() (*http.Client, error) {
|
||||
}
|
||||
|
||||
return &http.Client{
|
||||
Timeout: 2 * time.Minute,
|
||||
Timeout: time.Duration(p.ClientTimeout),
|
||||
Transport: &http.Transport{
|
||||
Proxy: http.ProxyFromEnvironment,
|
||||
DialContext: (&net.Dialer{
|
||||
@ -385,7 +396,7 @@ func (p *Provider) createHTTPClient() (*http.Client, error) {
|
||||
KeepAlive: 30 * time.Second,
|
||||
}).DialContext,
|
||||
TLSHandshakeTimeout: 30 * time.Second,
|
||||
ResponseHeaderTimeout: 30 * time.Second,
|
||||
ResponseHeaderTimeout: time.Duration(p.ClientResponseHeaderTimeout),
|
||||
TLSClientConfig: tlsConfig,
|
||||
},
|
||||
}, nil
|
||||
|
||||
@ -9,6 +9,7 @@ import (
|
||||
"strings"
|
||||
|
||||
"github.com/rs/zerolog/log"
|
||||
ptypes "github.com/traefik/paerser/types"
|
||||
"github.com/traefik/traefik/v3/pkg/config/dynamic"
|
||||
"github.com/traefik/traefik/v3/pkg/logs"
|
||||
"github.com/traefik/traefik/v3/pkg/provider"
|
||||
@ -373,6 +374,17 @@ func (c configBuilder) buildServersLB(namespace string, svc traefikv1alpha1.Load
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
// If the UnhealthyInterval option is not set, we use the Interval option value,
|
||||
// to check the unhealthy targets as often as the healthy ones.
|
||||
if svc.HealthCheck.UnhealthyInterval == nil {
|
||||
lb.HealthCheck.UnhealthyInterval = &lb.HealthCheck.Interval
|
||||
} else {
|
||||
var unhealthyInterval ptypes.Duration
|
||||
if err := unhealthyInterval.Set(svc.HealthCheck.UnhealthyInterval.String()); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
lb.HealthCheck.UnhealthyInterval = &unhealthyInterval
|
||||
}
|
||||
if svc.HealthCheck.Timeout != nil {
|
||||
if err := lb.HealthCheck.Timeout.Set(svc.HealthCheck.Timeout.String()); err != nil {
|
||||
return nil, err
|
||||
|
||||
@ -2647,10 +2647,11 @@ func TestLoadIngressRoutes(t *testing.T) {
|
||||
FlushInterval: ptypes.Duration(100 * time.Millisecond),
|
||||
},
|
||||
HealthCheck: &dynamic.ServerHealthCheck{
|
||||
Path: "/health",
|
||||
Timeout: 5000000000,
|
||||
Interval: 15000000000,
|
||||
FollowRedirects: pointer(true),
|
||||
Path: "/health",
|
||||
Timeout: 5000000000,
|
||||
Interval: 15000000000,
|
||||
UnhealthyInterval: pointer(ptypes.Duration(15000000000)),
|
||||
FollowRedirects: pointer(true),
|
||||
},
|
||||
},
|
||||
},
|
||||
@ -2712,10 +2713,11 @@ func TestLoadIngressRoutes(t *testing.T) {
|
||||
FlushInterval: ptypes.Duration(100 * time.Millisecond),
|
||||
},
|
||||
HealthCheck: &dynamic.ServerHealthCheck{
|
||||
Path: "/health1",
|
||||
Timeout: 5000000000,
|
||||
Interval: 15000000000,
|
||||
FollowRedirects: pointer(true),
|
||||
Path: "/health1",
|
||||
Timeout: 5000000000,
|
||||
Interval: 15000000000,
|
||||
UnhealthyInterval: pointer(ptypes.Duration(15000000000)),
|
||||
FollowRedirects: pointer(true),
|
||||
},
|
||||
},
|
||||
},
|
||||
@ -2732,10 +2734,11 @@ func TestLoadIngressRoutes(t *testing.T) {
|
||||
FlushInterval: ptypes.Duration(100 * time.Millisecond),
|
||||
},
|
||||
HealthCheck: &dynamic.ServerHealthCheck{
|
||||
Path: "/health2",
|
||||
Timeout: 5000000000,
|
||||
Interval: 20000000000,
|
||||
FollowRedirects: pointer(true),
|
||||
Path: "/health2",
|
||||
Timeout: 5000000000,
|
||||
Interval: 20000000000,
|
||||
UnhealthyInterval: pointer(ptypes.Duration(20000000000)),
|
||||
FollowRedirects: pointer(true),
|
||||
},
|
||||
},
|
||||
},
|
||||
@ -2776,10 +2779,11 @@ func TestLoadIngressRoutes(t *testing.T) {
|
||||
FlushInterval: ptypes.Duration(100 * time.Millisecond),
|
||||
},
|
||||
HealthCheck: &dynamic.ServerHealthCheck{
|
||||
Path: "/health1",
|
||||
Timeout: 5000000000,
|
||||
Interval: 15000000000,
|
||||
FollowRedirects: pointer(true),
|
||||
Path: "/health1",
|
||||
Timeout: 5000000000,
|
||||
Interval: 15000000000,
|
||||
UnhealthyInterval: pointer(ptypes.Duration(15000000000)),
|
||||
FollowRedirects: pointer(true),
|
||||
},
|
||||
},
|
||||
},
|
||||
|
||||
@ -170,9 +170,13 @@ type ServerHealthCheck struct {
|
||||
Status int `json:"status,omitempty"`
|
||||
// Port defines the server URL port for the health check endpoint.
|
||||
Port int `json:"port,omitempty"`
|
||||
// Interval defines the frequency of the health check calls.
|
||||
// Interval defines the frequency of the health check calls for healthy targets.
|
||||
// Default: 30s
|
||||
Interval *intstr.IntOrString `json:"interval,omitempty"`
|
||||
// UnhealthyInterval defines the frequency of the health check calls for unhealthy targets.
|
||||
// When UnhealthyInterval is not defined, it defaults to the Interval value.
|
||||
// Default: 30s
|
||||
UnhealthyInterval *intstr.IntOrString `json:"unhealthyInterval,omitempty"`
|
||||
// Timeout defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy.
|
||||
// Default: 5s
|
||||
Timeout *intstr.IntOrString `json:"timeout,omitempty"`
|
||||
|
||||
@ -1280,6 +1280,11 @@ func (in *ServerHealthCheck) DeepCopyInto(out *ServerHealthCheck) {
|
||||
*out = new(intstr.IntOrString)
|
||||
**out = **in
|
||||
}
|
||||
if in.UnhealthyInterval != nil {
|
||||
in, out := &in.UnhealthyInterval, &out.UnhealthyInterval
|
||||
*out = new(intstr.IntOrString)
|
||||
**out = **in
|
||||
}
|
||||
if in.Timeout != nil {
|
||||
in, out := &in.Timeout, &out.Timeout
|
||||
*out = new(intstr.IntOrString)
|
||||
|
||||
@ -45,6 +45,7 @@ func Test_buildConfiguration(t *testing.T) {
|
||||
"traefik/http/services/Service01/loadBalancer/healthCheck/path": "foobar",
|
||||
"traefik/http/services/Service01/loadBalancer/healthCheck/port": "42",
|
||||
"traefik/http/services/Service01/loadBalancer/healthCheck/interval": "1s",
|
||||
"traefik/http/services/Service01/loadBalancer/healthCheck/unhealthyinterval": "1s",
|
||||
"traefik/http/services/Service01/loadBalancer/healthCheck/timeout": "1s",
|
||||
"traefik/http/services/Service01/loadBalancer/healthCheck/hostname": "foobar",
|
||||
"traefik/http/services/Service01/loadBalancer/healthCheck/headers/name0": "foobar",
|
||||
@ -665,14 +666,15 @@ func Test_buildConfiguration(t *testing.T) {
|
||||
},
|
||||
},
|
||||
HealthCheck: &dynamic.ServerHealthCheck{
|
||||
Scheme: "foobar",
|
||||
Mode: "foobar",
|
||||
Path: "foobar",
|
||||
Port: 42,
|
||||
Interval: ptypes.Duration(time.Second),
|
||||
Timeout: ptypes.Duration(time.Second),
|
||||
Hostname: "foobar",
|
||||
FollowRedirects: pointer(true),
|
||||
Scheme: "foobar",
|
||||
Mode: "foobar",
|
||||
Path: "foobar",
|
||||
Port: 42,
|
||||
Interval: ptypes.Duration(time.Second),
|
||||
UnhealthyInterval: pointer(ptypes.Duration(time.Second)),
|
||||
Timeout: ptypes.Duration(time.Second),
|
||||
Hostname: "foobar",
|
||||
FollowRedirects: pointer(true),
|
||||
Headers: map[string]string{
|
||||
"name0": "foobar",
|
||||
"name1": "foobar",
|
||||
|
||||
@ -8,7 +8,7 @@
|
||||
:thumb-style="appThumbStyle"
|
||||
style="height:100%;"
|
||||
>
|
||||
<q-card-section v-if="data.scheme || data.interval">
|
||||
<q-card-section v-if="data.scheme || data.interval || data.unhealthyInterval">
|
||||
<div class="row items-start no-wrap">
|
||||
<div
|
||||
v-if="data.scheme"
|
||||
@ -38,6 +38,20 @@
|
||||
{{ data.interval }}
|
||||
</q-chip>
|
||||
</div>
|
||||
<div
|
||||
v-if="data.unhealthyInterval"
|
||||
class="col"
|
||||
>
|
||||
<div class="text-subtitle2">
|
||||
UNHEALTHY INTERVAL
|
||||
</div>
|
||||
<q-chip
|
||||
dense
|
||||
class="app-chip app-chip-interval"
|
||||
>
|
||||
{{ data.unhealthyInterval }}
|
||||
</q-chip>
|
||||
</div>
|
||||
</div>
|
||||
</q-card-section>
|
||||
<q-card-section v-if="data.path || data.timeout">
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user