traefik.v1alpha1.middleware

"Middleware is the CRD implementation of a Traefik Middleware.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/overview/"

Index

fn new(name)
obj metadata
obj spec

Fields

fn new

new(name)

new returns an instance of Middleware

obj metadata

"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."

fn metadata.withAnnotations

withAnnotations(annotations)

"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"

fn metadata.withAnnotationsMixin

withAnnotationsMixin(annotations)

"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"

Note: This function appends passed data to existing values

fn metadata.withClusterName

withClusterName(clusterName)

"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."

fn metadata.withCreationTimestamp

withCreationTimestamp(creationTimestamp)

"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."

fn metadata.withDeletionGracePeriodSeconds

withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)

"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."

fn metadata.withDeletionTimestamp

withDeletionTimestamp(deletionTimestamp)

"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."

fn metadata.withFinalizers

withFinalizers(finalizers)

"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."

fn metadata.withFinalizersMixin

withFinalizersMixin(finalizers)

"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."

Note: This function appends passed data to existing values

fn metadata.withGenerateName

withGenerateName(generateName)

"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"

fn metadata.withGeneration

withGeneration(generation)

"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."

fn metadata.withLabels

withLabels(labels)

"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"

fn metadata.withLabelsMixin

withLabelsMixin(labels)

"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"

Note: This function appends passed data to existing values

fn metadata.withName

withName(name)

"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"

fn metadata.withNamespace

withNamespace(namespace)

"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"

fn metadata.withOwnerReferences

withOwnerReferences(ownerReferences)

"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."

fn metadata.withOwnerReferencesMixin

withOwnerReferencesMixin(ownerReferences)

"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."

Note: This function appends passed data to existing values

fn metadata.withResourceVersion

withResourceVersion(resourceVersion)

"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"

fn metadata.withSelfLink

withSelfLink(selfLink)

"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."

fn metadata.withUid

withUid(uid)

"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"

obj spec

"MiddlewareSpec defines the desired state of a Middleware."

fn spec.withPlugin

withPlugin(plugin)

"Plugin defines the middleware plugin configuration.\nMore info: https://doc.traefik.io/traefik/plugins/"

fn spec.withPluginMixin

withPluginMixin(plugin)

"Plugin defines the middleware plugin configuration.\nMore info: https://doc.traefik.io/traefik/plugins/"

Note: This function appends passed data to existing values

obj spec.addPrefix

"AddPrefix holds the add prefix middleware configuration.\nThis middleware updates the path of a request before forwarding it.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/addprefix/"

fn spec.addPrefix.withPrefix

withPrefix(prefix)

"Prefix is the string to add before the current path in the requested URL.\nIt should include a leading slash (/)."

obj spec.basicAuth

"BasicAuth holds the basic auth middleware configuration.\nThis middleware restricts access to your services to known users.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/basicauth/"

fn spec.basicAuth.withHeaderField

withHeaderField(headerField)

"HeaderField defines a header field to store the authenticated user.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/basicauth/#headerfield"

fn spec.basicAuth.withRealm

withRealm(realm)

"Realm allows the protected resources on a server to be partitioned into a set of protection spaces, each with its own authentication scheme.\nDefault: traefik."

fn spec.basicAuth.withRemoveHeader

withRemoveHeader(removeHeader)

"RemoveHeader sets the removeHeader option to true to remove the authorization header before forwarding the request to your service.\nDefault: false."

fn spec.basicAuth.withSecret

withSecret(secret)

"Secret is the name of the referenced Kubernetes Secret containing user credentials."

obj spec.buffering

"Buffering holds the buffering middleware configuration.\nThis middleware retries or limits the size of requests that can be forwarded to backends.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/buffering/#maxrequestbodybytes"

fn spec.buffering.withMaxRequestBodyBytes

withMaxRequestBodyBytes(maxRequestBodyBytes)

"MaxRequestBodyBytes defines the maximum allowed body size for the request (in bytes).\nIf the request exceeds the allowed size, it is not forwarded to the service, and the client gets a 413 (Request Entity Too Large) response.\nDefault: 0 (no maximum)."

fn spec.buffering.withMaxResponseBodyBytes

withMaxResponseBodyBytes(maxResponseBodyBytes)

"MaxResponseBodyBytes defines the maximum allowed response size from the service (in bytes).\nIf the response exceeds the allowed size, it is not forwarded to the client. The client gets a 500 (Internal Server Error) response instead.\nDefault: 0 (no maximum)."

fn spec.buffering.withMemRequestBodyBytes

withMemRequestBodyBytes(memRequestBodyBytes)

"MemRequestBodyBytes defines the threshold (in bytes) from which the request will be buffered on disk instead of in memory.\nDefault: 1048576 (1Mi)."

fn spec.buffering.withMemResponseBodyBytes

withMemResponseBodyBytes(memResponseBodyBytes)

"MemResponseBodyBytes defines the threshold (in bytes) from which the response will be buffered on disk instead of in memory.\nDefault: 1048576 (1Mi)."

fn spec.buffering.withRetryExpression

withRetryExpression(retryExpression)

"RetryExpression defines the retry conditions.\nIt is a logical combination of functions with operators AND (&&) and OR (||).\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/buffering/#retryexpression"

obj spec.chain

"Chain holds the configuration of the chain middleware.\nThis middleware enables to define reusable combinations of other pieces of middleware.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/chain/"

fn spec.chain.withMiddlewares

withMiddlewares(middlewares)

"Middlewares is the list of MiddlewareRef which composes the chain."

fn spec.chain.withMiddlewaresMixin

withMiddlewaresMixin(middlewares)

"Middlewares is the list of MiddlewareRef which composes the chain."

Note: This function appends passed data to existing values

obj spec.chain.middlewares

"Middlewares is the list of MiddlewareRef which composes the chain."

fn spec.chain.middlewares.withName

withName(name)

"Name defines the name of the referenced Middleware resource."

fn spec.chain.middlewares.withNamespace

withNamespace(namespace)

"Namespace defines the namespace of the referenced Middleware resource."

obj spec.circuitBreaker

"CircuitBreaker holds the circuit breaker configuration."

fn spec.circuitBreaker.withCheckPeriod

withCheckPeriod(checkPeriod)

"CheckPeriod is the interval between successive checks of the circuit breaker condition (when in standby state)."

fn spec.circuitBreaker.withExpression

withExpression(expression)

"Expression is the condition that triggers the tripped state."

fn spec.circuitBreaker.withFallbackDuration

withFallbackDuration(fallbackDuration)

"FallbackDuration is the duration for which the circuit breaker will wait before trying to recover (from a tripped state)."

fn spec.circuitBreaker.withRecoveryDuration

withRecoveryDuration(recoveryDuration)

"RecoveryDuration is the duration for which the circuit breaker will try to recover (as soon as it is in recovering state)."

obj spec.compress

"Compress holds the compress middleware configuration.\nThis middleware compresses responses before sending them to the client, using gzip compression.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/compress/"

fn spec.compress.withExcludedContentTypes

withExcludedContentTypes(excludedContentTypes)

"ExcludedContentTypes defines the list of content types to compare the Content-Type header of the incoming requests and responses before compressing."

fn spec.compress.withExcludedContentTypesMixin

withExcludedContentTypesMixin(excludedContentTypes)

"ExcludedContentTypes defines the list of content types to compare the Content-Type header of the incoming requests and responses before compressing."

Note: This function appends passed data to existing values

fn spec.compress.withMinResponseBodyBytes

withMinResponseBodyBytes(minResponseBodyBytes)

"MinResponseBodyBytes defines the minimum amount of bytes a response body must have to be compressed.\nDefault: 1024."

obj spec.contentType

"ContentType holds the content-type middleware configuration.\nThis middleware exists to enable the correct behavior until at least the default one can be changed in a future version."

fn spec.contentType.withAutoDetect

withAutoDetect(autoDetect)

"AutoDetect specifies whether to let the Content-Type header, if it has not been set by the backend,\nbe automatically set to a value derived from the contents of the response.\nAs a proxy, the default behavior should be to leave the header alone, regardless of what the backend did with it.\nHowever, the historic default was to always auto-detect and set the header if it was nil,\nand it is going to be kept that way in order to support users currently relying on it."

obj spec.digestAuth

"DigestAuth holds the digest auth middleware configuration.\nThis middleware restricts access to your services to known users.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/digestauth/"

fn spec.digestAuth.withHeaderField

withHeaderField(headerField)

"HeaderField defines a header field to store the authenticated user.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/basicauth/#headerfield"

fn spec.digestAuth.withRealm

withRealm(realm)

"Realm allows the protected resources on a server to be partitioned into a set of protection spaces, each with its own authentication scheme.\nDefault: traefik."

fn spec.digestAuth.withRemoveHeader

withRemoveHeader(removeHeader)

"RemoveHeader defines whether to remove the authorization header before forwarding the request to the backend."

fn spec.digestAuth.withSecret

withSecret(secret)

"Secret is the name of the referenced Kubernetes Secret containing user credentials."

obj spec.errors

"ErrorPage holds the custom error middleware configuration.\nThis middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/errorpages/"

fn spec.errors.withQuery

withQuery(query)

"Query defines the URL for the error page (hosted by service).\nThe {status} variable can be used in order to insert the status code in the URL."

obj spec.errors.service

"Service defines the reference to a Kubernetes Service that will serve the error page.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/errorpages/#service"

fn spec.errors.service.withKind

withKind(kind)

"Kind defines the kind of the Service."

fn spec.errors.service.withName

withName(name)

"Name defines the name of the referenced Kubernetes Service or TraefikService.\nThe differentiation between the two is specified in the Kind field."

fn spec.errors.service.withNamespace

withNamespace(namespace)

"Namespace defines the namespace of the referenced Kubernetes Service or TraefikService."

fn spec.errors.service.withNativeLB

withNativeLB(nativeLB)

"NativeLB controls, when creating the load-balancer,\nwhether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.\nThe Kubernetes Service itself does load-balance to the pods.\nBy default, NativeLB is false."

fn spec.errors.service.withPassHostHeader

withPassHostHeader(passHostHeader)

"PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service.\nBy default, passHostHeader is true."

fn spec.errors.service.withPort

withPort(port)

"Port defines the port of a Kubernetes Service.\nThis can be a reference to a named port."

fn spec.errors.service.withScheme

withScheme(scheme)

"Scheme defines the scheme to use for the request to the upstream Kubernetes Service.\nIt defaults to https when Kubernetes Service port is 443, http otherwise."

fn spec.errors.service.withServersTransport

withServersTransport(serversTransport)

"ServersTransport defines the name of ServersTransport resource to use.\nIt allows to configure the transport between Traefik and your servers.\nCan only be used on a Kubernetes Service."

fn spec.errors.service.withStrategy

withStrategy(strategy)

"Strategy defines the load balancing strategy between the servers.\nRoundRobin is the only supported value at the moment."

fn spec.errors.service.withWeight

withWeight(weight)

"Weight defines the weight and should only be specified when Name references a TraefikService object\n(and to be precise, one that embeds a Weighted Round Robin)."

obj spec.errors.service.responseForwarding

"ResponseForwarding defines how Traefik forwards the response from the upstream Kubernetes Service to the client."

fn spec.errors.service.responseForwarding.withFlushInterval

withFlushInterval(flushInterval)

"FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body.\nA negative value means to flush immediately after each write to the client.\nThis configuration is ignored when ReverseProxy recognizes a response as a streaming response;\nfor such responses, writes are flushed to the client immediately.\nDefault: 100ms"

obj spec.errors.service.sticky

"Sticky defines the sticky sessions configuration.\nMore info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions"

obj spec.errors.service.sticky.cookie

"Cookie defines the sticky cookie configuration."

fn spec.errors.service.sticky.cookie.withHttpOnly

withHttpOnly(httpOnly)

"HTTPOnly defines whether the cookie can be accessed by client-side APIs, such as JavaScript."

fn spec.errors.service.sticky.cookie.withName

withName(name)

"Name defines the Cookie name."

fn spec.errors.service.sticky.cookie.withSameSite

withSameSite(sameSite)

"SameSite defines the same site policy.\nMore info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite"

fn spec.errors.service.sticky.cookie.withSecure

withSecure(secure)

"Secure defines whether the cookie can only be transmitted over an encrypted connection (i.e. HTTPS)."

obj spec.forwardAuth

"ForwardAuth holds the forward auth middleware configuration.\nThis middleware delegates the request authentication to a Service.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/forwardauth/"

fn spec.forwardAuth.withAddress

withAddress(address)

"Address defines the authentication server address."

fn spec.forwardAuth.withAuthRequestHeaders

withAuthRequestHeaders(authRequestHeaders)

"AuthRequestHeaders defines the list of the headers to copy from the request to the authentication server.\nIf not set or empty then all request headers are passed."

fn spec.forwardAuth.withAuthRequestHeadersMixin

withAuthRequestHeadersMixin(authRequestHeaders)

"AuthRequestHeaders defines the list of the headers to copy from the request to the authentication server.\nIf not set or empty then all request headers are passed."

Note: This function appends passed data to existing values

fn spec.forwardAuth.withAuthResponseHeaders

withAuthResponseHeaders(authResponseHeaders)

"AuthResponseHeaders defines the list of headers to copy from the authentication server response and set on forwarded request, replacing any existing conflicting headers."

fn spec.forwardAuth.withAuthResponseHeadersMixin

withAuthResponseHeadersMixin(authResponseHeaders)

"AuthResponseHeaders defines the list of headers to copy from the authentication server response and set on forwarded request, replacing any existing conflicting headers."

Note: This function appends passed data to existing values

fn spec.forwardAuth.withAuthResponseHeadersRegex

withAuthResponseHeadersRegex(authResponseHeadersRegex)

"AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/forwardauth/#authresponseheadersregex"

fn spec.forwardAuth.withTrustForwardHeader

withTrustForwardHeader(trustForwardHeader)

"TrustForwardHeader defines whether to trust (ie: forward) all X-Forwarded-* headers."

obj spec.forwardAuth.tls

"TLS defines the configuration used to secure the connection to the authentication server."

fn spec.forwardAuth.tls.withCaOptional

withCaOptional(caOptional)

fn spec.forwardAuth.tls.withCaSecret

withCaSecret(caSecret)

"CASecret is the name of the referenced Kubernetes Secret containing the CA to validate the server certificate.\nThe CA certificate is extracted from key tls.ca or ca.crt."

fn spec.forwardAuth.tls.withCertSecret

withCertSecret(certSecret)

"CertSecret is the name of the referenced Kubernetes Secret containing the client certificate.\nThe client certificate is extracted from the keys tls.crt and tls.key."

fn spec.forwardAuth.tls.withInsecureSkipVerify

withInsecureSkipVerify(insecureSkipVerify)

"InsecureSkipVerify defines whether the server certificates should be validated."

obj spec.headers

"Headers holds the headers middleware configuration.\nThis middleware manages the requests and responses headers.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/headers/#customrequestheaders"

fn spec.headers.withAccessControlAllowCredentials

withAccessControlAllowCredentials(accessControlAllowCredentials)

"AccessControlAllowCredentials defines whether the request can include user credentials."

fn spec.headers.withAccessControlAllowHeaders

withAccessControlAllowHeaders(accessControlAllowHeaders)

"AccessControlAllowHeaders defines the Access-Control-Request-Headers values sent in preflight response."

fn spec.headers.withAccessControlAllowHeadersMixin

withAccessControlAllowHeadersMixin(accessControlAllowHeaders)

"AccessControlAllowHeaders defines the Access-Control-Request-Headers values sent in preflight response."

Note: This function appends passed data to existing values

fn spec.headers.withAccessControlAllowMethods

withAccessControlAllowMethods(accessControlAllowMethods)

"AccessControlAllowMethods defines the Access-Control-Request-Method values sent in preflight response."

fn spec.headers.withAccessControlAllowMethodsMixin

withAccessControlAllowMethodsMixin(accessControlAllowMethods)

"AccessControlAllowMethods defines the Access-Control-Request-Method values sent in preflight response."

Note: This function appends passed data to existing values

fn spec.headers.withAccessControlAllowOriginList

withAccessControlAllowOriginList(accessControlAllowOriginList)

"AccessControlAllowOriginList is a list of allowable origins. Can also be a wildcard origin \"*\"."

fn spec.headers.withAccessControlAllowOriginListMixin

withAccessControlAllowOriginListMixin(accessControlAllowOriginList)

"AccessControlAllowOriginList is a list of allowable origins. Can also be a wildcard origin \"*\"."

Note: This function appends passed data to existing values

fn spec.headers.withAccessControlAllowOriginListRegex

withAccessControlAllowOriginListRegex(accessControlAllowOriginListRegex)

"AccessControlAllowOriginListRegex is a list of allowable origins written following the Regular Expression syntax (https://golang.org/pkg/regexp/)."

fn spec.headers.withAccessControlAllowOriginListRegexMixin

withAccessControlAllowOriginListRegexMixin(accessControlAllowOriginListRegex)

"AccessControlAllowOriginListRegex is a list of allowable origins written following the Regular Expression syntax (https://golang.org/pkg/regexp/)."

Note: This function appends passed data to existing values

fn spec.headers.withAccessControlExposeHeaders

withAccessControlExposeHeaders(accessControlExposeHeaders)

"AccessControlExposeHeaders defines the Access-Control-Expose-Headers values sent in preflight response."

fn spec.headers.withAccessControlExposeHeadersMixin

withAccessControlExposeHeadersMixin(accessControlExposeHeaders)

"AccessControlExposeHeaders defines the Access-Control-Expose-Headers values sent in preflight response."

Note: This function appends passed data to existing values

fn spec.headers.withAccessControlMaxAge

withAccessControlMaxAge(accessControlMaxAge)

"AccessControlMaxAge defines the time that a preflight request may be cached."

fn spec.headers.withAddVaryHeader

withAddVaryHeader(addVaryHeader)

"AddVaryHeader defines whether the Vary header is automatically added/updated when the AccessControlAllowOriginList is set."

fn spec.headers.withAllowedHosts

withAllowedHosts(allowedHosts)

"AllowedHosts defines the fully qualified list of allowed domain names."

fn spec.headers.withAllowedHostsMixin

withAllowedHostsMixin(allowedHosts)

"AllowedHosts defines the fully qualified list of allowed domain names."

Note: This function appends passed data to existing values

fn spec.headers.withBrowserXssFilter

withBrowserXssFilter(browserXssFilter)

"BrowserXSSFilter defines whether to add the X-XSS-Protection header with the value 1; mode=block."

fn spec.headers.withContentSecurityPolicy

withContentSecurityPolicy(contentSecurityPolicy)

"ContentSecurityPolicy defines the Content-Security-Policy header value."

fn spec.headers.withContentTypeNosniff

withContentTypeNosniff(contentTypeNosniff)

"ContentTypeNosniff defines whether to add the X-Content-Type-Options header with the nosniff value."

fn spec.headers.withCustomBrowserXSSValue

withCustomBrowserXSSValue(customBrowserXSSValue)

"CustomBrowserXSSValue defines the X-XSS-Protection header value.\nThis overrides the BrowserXssFilter option."

fn spec.headers.withCustomFrameOptionsValue

withCustomFrameOptionsValue(customFrameOptionsValue)

"CustomFrameOptionsValue defines the X-Frame-Options header value.\nThis overrides the FrameDeny option."

fn spec.headers.withCustomRequestHeaders

withCustomRequestHeaders(customRequestHeaders)

"CustomRequestHeaders defines the header names and values to apply to the request."

fn spec.headers.withCustomRequestHeadersMixin

withCustomRequestHeadersMixin(customRequestHeaders)

"CustomRequestHeaders defines the header names and values to apply to the request."

Note: This function appends passed data to existing values

fn spec.headers.withCustomResponseHeaders

withCustomResponseHeaders(customResponseHeaders)

"CustomResponseHeaders defines the header names and values to apply to the response."

fn spec.headers.withCustomResponseHeadersMixin

withCustomResponseHeadersMixin(customResponseHeaders)

"CustomResponseHeaders defines the header names and values to apply to the response."

Note: This function appends passed data to existing values

fn spec.headers.withFeaturePolicy

withFeaturePolicy(featurePolicy)

"Deprecated: use PermissionsPolicy instead."

fn spec.headers.withForceSTSHeader

withForceSTSHeader(forceSTSHeader)

"ForceSTSHeader defines whether to add the STS header even when the connection is HTTP."

fn spec.headers.withFrameDeny

withFrameDeny(frameDeny)

"FrameDeny defines whether to add the X-Frame-Options header with the DENY value."

fn spec.headers.withHostsProxyHeaders

withHostsProxyHeaders(hostsProxyHeaders)

"HostsProxyHeaders defines the header keys that may hold a proxied hostname value for the request."

fn spec.headers.withHostsProxyHeadersMixin

withHostsProxyHeadersMixin(hostsProxyHeaders)

"HostsProxyHeaders defines the header keys that may hold a proxied hostname value for the request."

Note: This function appends passed data to existing values

fn spec.headers.withIsDevelopment

withIsDevelopment(isDevelopment)

"IsDevelopment defines whether to mitigate the unwanted effects of the AllowedHosts, SSL, and STS options when developing.\nUsually testing takes place using HTTP, not HTTPS, and on localhost, not your production domain.\nIf you would like your development environment to mimic production with complete Host blocking, SSL redirects,\nand STS headers, leave this as false."

fn spec.headers.withPermissionsPolicy

withPermissionsPolicy(permissionsPolicy)

"PermissionsPolicy defines the Permissions-Policy header value.\nThis allows sites to control browser features."

fn spec.headers.withPublicKey

withPublicKey(publicKey)

"PublicKey is the public key that implements HPKP to prevent MITM attacks with forged certificates."

fn spec.headers.withReferrerPolicy

withReferrerPolicy(referrerPolicy)

"ReferrerPolicy defines the Referrer-Policy header value.\nThis allows sites to control whether browsers forward the Referer header to other sites."

fn spec.headers.withSslForceHost

withSslForceHost(sslForceHost)

"Deprecated: use RedirectRegex instead."

fn spec.headers.withSslHost

withSslHost(sslHost)

"Deprecated: use RedirectRegex instead."

fn spec.headers.withSslProxyHeaders

withSslProxyHeaders(sslProxyHeaders)

"SSLProxyHeaders defines the header keys with associated values that would indicate a valid HTTPS request.\nIt can be useful when using other proxies (example: \"X-Forwarded-Proto\": \"https\")."

fn spec.headers.withSslProxyHeadersMixin

withSslProxyHeadersMixin(sslProxyHeaders)

"SSLProxyHeaders defines the header keys with associated values that would indicate a valid HTTPS request.\nIt can be useful when using other proxies (example: \"X-Forwarded-Proto\": \"https\")."

Note: This function appends passed data to existing values

fn spec.headers.withSslRedirect

withSslRedirect(sslRedirect)

"Deprecated: use EntryPoint redirection or RedirectScheme instead."

fn spec.headers.withSslTemporaryRedirect

withSslTemporaryRedirect(sslTemporaryRedirect)

"Deprecated: use EntryPoint redirection or RedirectScheme instead."

fn spec.headers.withStsIncludeSubdomains

withStsIncludeSubdomains(stsIncludeSubdomains)

"STSIncludeSubdomains defines whether the includeSubDomains directive is appended to the Strict-Transport-Security header."

fn spec.headers.withStsPreload

withStsPreload(stsPreload)

"STSPreload defines whether the preload flag is appended to the Strict-Transport-Security header."

fn spec.headers.withStsSeconds

withStsSeconds(stsSeconds)

"STSSeconds defines the max-age of the Strict-Transport-Security header.\nIf set to 0, the header is not set."

obj spec.inFlightReq

"InFlightReq holds the in-flight request middleware configuration.\nThis middleware limits the number of requests being processed and served concurrently.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/inflightreq/"

fn spec.inFlightReq.withAmount

withAmount(amount)

"Amount defines the maximum amount of allowed simultaneous in-flight request.\nThe middleware responds with HTTP 429 Too Many Requests if there are already amount requests in progress (based on the same sourceCriterion strategy)."

obj spec.inFlightReq.sourceCriterion

"SourceCriterion defines what criterion is used to group requests as originating from a common source.\nIf several strategies are defined at the same time, an error will be raised.\nIf none are set, the default is to use the requestHost.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/inflightreq/#sourcecriterion"

fn spec.inFlightReq.sourceCriterion.withRequestHeaderName

withRequestHeaderName(requestHeaderName)

"RequestHeaderName defines the name of the header used to group incoming requests."

fn spec.inFlightReq.sourceCriterion.withRequestHost

withRequestHost(requestHost)

"RequestHost defines whether to consider the request Host as the source."

obj spec.inFlightReq.sourceCriterion.ipStrategy

"IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy"

fn spec.inFlightReq.sourceCriterion.ipStrategy.withDepth

withDepth(depth)

"Depth tells Traefik to use the X-Forwarded-For header and take the IP located at the depth position (starting from the right)."

fn spec.inFlightReq.sourceCriterion.ipStrategy.withExcludedIPs

withExcludedIPs(excludedIPs)

"ExcludedIPs configures Traefik to scan the X-Forwarded-For header and select the first IP not in the list."

fn spec.inFlightReq.sourceCriterion.ipStrategy.withExcludedIPsMixin

withExcludedIPsMixin(excludedIPs)

"ExcludedIPs configures Traefik to scan the X-Forwarded-For header and select the first IP not in the list."

Note: This function appends passed data to existing values

obj spec.ipAllowList

"IPAllowList holds the IP allowlist middleware configuration.\nThis middleware accepts / refuses requests based on the client IP.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/"

fn spec.ipAllowList.withSourceRange

withSourceRange(sourceRange)

"SourceRange defines the set of allowed IPs (or ranges of allowed IPs by using CIDR notation)."

fn spec.ipAllowList.withSourceRangeMixin

withSourceRangeMixin(sourceRange)

"SourceRange defines the set of allowed IPs (or ranges of allowed IPs by using CIDR notation)."

Note: This function appends passed data to existing values

obj spec.ipAllowList.ipStrategy

"IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy"

fn spec.ipAllowList.ipStrategy.withDepth

withDepth(depth)

"Depth tells Traefik to use the X-Forwarded-For header and take the IP located at the depth position (starting from the right)."

fn spec.ipAllowList.ipStrategy.withExcludedIPs

withExcludedIPs(excludedIPs)

"ExcludedIPs configures Traefik to scan the X-Forwarded-For header and select the first IP not in the list."

fn spec.ipAllowList.ipStrategy.withExcludedIPsMixin

withExcludedIPsMixin(excludedIPs)

"ExcludedIPs configures Traefik to scan the X-Forwarded-For header and select the first IP not in the list."

Note: This function appends passed data to existing values

obj spec.ipWhiteList

"IPWhiteList holds the IP whitelist middleware configuration.\nThis middleware accepts / refuses requests based on the client IP.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipwhitelist/\nDeprecated: please use IPAllowList instead."

fn spec.ipWhiteList.withSourceRange

withSourceRange(sourceRange)

"SourceRange defines the set of allowed IPs (or ranges of allowed IPs by using CIDR notation)."

fn spec.ipWhiteList.withSourceRangeMixin

withSourceRangeMixin(sourceRange)

"SourceRange defines the set of allowed IPs (or ranges of allowed IPs by using CIDR notation)."

Note: This function appends passed data to existing values

obj spec.ipWhiteList.ipStrategy

"IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy"

fn spec.ipWhiteList.ipStrategy.withDepth

withDepth(depth)

"Depth tells Traefik to use the X-Forwarded-For header and take the IP located at the depth position (starting from the right)."

fn spec.ipWhiteList.ipStrategy.withExcludedIPs

withExcludedIPs(excludedIPs)

"ExcludedIPs configures Traefik to scan the X-Forwarded-For header and select the first IP not in the list."

fn spec.ipWhiteList.ipStrategy.withExcludedIPsMixin

withExcludedIPsMixin(excludedIPs)

"ExcludedIPs configures Traefik to scan the X-Forwarded-For header and select the first IP not in the list."

Note: This function appends passed data to existing values

obj spec.passTLSClientCert

"PassTLSClientCert holds the pass TLS client cert middleware configuration.\nThis middleware adds the selected data from the passed client TLS certificate to a header.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/passtlsclientcert/"

fn spec.passTLSClientCert.withPem

withPem(pem)

"PEM sets the X-Forwarded-Tls-Client-Cert header with the certificate."

obj spec.passTLSClientCert.info

"Info selects the specific client certificate details you want to add to the X-Forwarded-Tls-Client-Cert-Info header."

fn spec.passTLSClientCert.info.withNotAfter

withNotAfter(notAfter)

"NotAfter defines whether to add the Not After information from the Validity part."

fn spec.passTLSClientCert.info.withNotBefore

withNotBefore(notBefore)

"NotBefore defines whether to add the Not Before information from the Validity part."

fn spec.passTLSClientCert.info.withSans

withSans(sans)

"Sans defines whether to add the Subject Alternative Name information from the Subject Alternative Name part."

fn spec.passTLSClientCert.info.withSerialNumber

withSerialNumber(serialNumber)

"SerialNumber defines whether to add the client serialNumber information."

obj spec.passTLSClientCert.info.issuer

"Issuer defines the client certificate issuer details to add to the X-Forwarded-Tls-Client-Cert-Info header."

fn spec.passTLSClientCert.info.issuer.withCommonName

withCommonName(commonName)

"CommonName defines whether to add the organizationalUnit information into the issuer."

fn spec.passTLSClientCert.info.issuer.withCountry

withCountry(country)

"Country defines whether to add the country information into the issuer."

fn spec.passTLSClientCert.info.issuer.withDomainComponent

withDomainComponent(domainComponent)

"DomainComponent defines whether to add the domainComponent information into the issuer."

fn spec.passTLSClientCert.info.issuer.withLocality

withLocality(locality)

"Locality defines whether to add the locality information into the issuer."

fn spec.passTLSClientCert.info.issuer.withOrganization

withOrganization(organization)

"Organization defines whether to add the organization information into the issuer."

fn spec.passTLSClientCert.info.issuer.withProvince

withProvince(province)

"Province defines whether to add the province information into the issuer."

fn spec.passTLSClientCert.info.issuer.withSerialNumber

withSerialNumber(serialNumber)

"SerialNumber defines whether to add the serialNumber information into the issuer."

obj spec.passTLSClientCert.info.subject

"Subject defines the client certificate subject details to add to the X-Forwarded-Tls-Client-Cert-Info header."

fn spec.passTLSClientCert.info.subject.withCommonName

withCommonName(commonName)

"CommonName defines whether to add the organizationalUnit information into the subject."

fn spec.passTLSClientCert.info.subject.withCountry

withCountry(country)

"Country defines whether to add the country information into the subject."

fn spec.passTLSClientCert.info.subject.withDomainComponent

withDomainComponent(domainComponent)

"DomainComponent defines whether to add the domainComponent information into the subject."

fn spec.passTLSClientCert.info.subject.withLocality

withLocality(locality)

"Locality defines whether to add the locality information into the subject."

fn spec.passTLSClientCert.info.subject.withOrganization

withOrganization(organization)

"Organization defines whether to add the organization information into the subject."

fn spec.passTLSClientCert.info.subject.withOrganizationalUnit

withOrganizationalUnit(organizationalUnit)

"OrganizationalUnit defines whether to add the organizationalUnit information into the subject."

fn spec.passTLSClientCert.info.subject.withProvince

withProvince(province)

"Province defines whether to add the province information into the subject."

fn spec.passTLSClientCert.info.subject.withSerialNumber

withSerialNumber(serialNumber)

"SerialNumber defines whether to add the serialNumber information into the subject."

obj spec.rateLimit

"RateLimit holds the rate limit configuration.\nThis middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ratelimit/"

fn spec.rateLimit.withAverage

withAverage(average)

"Average is the maximum rate, by default in requests/s, allowed for the given source.\nIt defaults to 0, which means no rate limiting.\nThe rate is actually defined by dividing Average by Period. So for a rate below 1req/s,\none needs to define a Period larger than a second."

fn spec.rateLimit.withBurst

withBurst(burst)

"Burst is the maximum number of requests allowed to arrive in the same arbitrarily small period of time.\nIt defaults to 1."

fn spec.rateLimit.withPeriod

withPeriod(period)

"Period, in combination with Average, defines the actual maximum rate, such as:\nr = Average / Period. It defaults to a second."

obj spec.rateLimit.sourceCriterion

"SourceCriterion defines what criterion is used to group requests as originating from a common source.\nIf several strategies are defined at the same time, an error will be raised.\nIf none are set, the default is to use the request's remote address field (as an ipStrategy)."

fn spec.rateLimit.sourceCriterion.withRequestHeaderName

withRequestHeaderName(requestHeaderName)

"RequestHeaderName defines the name of the header used to group incoming requests."

fn spec.rateLimit.sourceCriterion.withRequestHost

withRequestHost(requestHost)

"RequestHost defines whether to consider the request Host as the source."

obj spec.rateLimit.sourceCriterion.ipStrategy

"IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy"

fn spec.rateLimit.sourceCriterion.ipStrategy.withDepth

withDepth(depth)

"Depth tells Traefik to use the X-Forwarded-For header and take the IP located at the depth position (starting from the right)."

fn spec.rateLimit.sourceCriterion.ipStrategy.withExcludedIPs

withExcludedIPs(excludedIPs)

"ExcludedIPs configures Traefik to scan the X-Forwarded-For header and select the first IP not in the list."

fn spec.rateLimit.sourceCriterion.ipStrategy.withExcludedIPsMixin

withExcludedIPsMixin(excludedIPs)

"ExcludedIPs configures Traefik to scan the X-Forwarded-For header and select the first IP not in the list."

Note: This function appends passed data to existing values

obj spec.redirectRegex

"RedirectRegex holds the redirect regex middleware configuration.\nThis middleware redirects a request using regex matching and replacement.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/redirectregex/#regex"

fn spec.redirectRegex.withPermanent

withPermanent(permanent)

"Permanent defines whether the redirection is permanent (301)."

fn spec.redirectRegex.withRegex

withRegex(regex)

"Regex defines the regex used to match and capture elements from the request URL."

fn spec.redirectRegex.withReplacement

withReplacement(replacement)

"Replacement defines how to modify the URL to have the new target URL."

obj spec.redirectScheme

"RedirectScheme holds the redirect scheme middleware configuration.\nThis middleware redirects requests from a scheme/port to another.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/redirectscheme/"

fn spec.redirectScheme.withPermanent

withPermanent(permanent)

"Permanent defines whether the redirection is permanent (301)."

fn spec.redirectScheme.withPort

withPort(port)

"Port defines the port of the new URL."

fn spec.redirectScheme.withScheme

withScheme(scheme)

"Scheme defines the scheme of the new URL."

obj spec.replacePath

"ReplacePath holds the replace path middleware configuration.\nThis middleware replaces the path of the request URL and store the original path in an X-Replaced-Path header.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/replacepath/"

fn spec.replacePath.withPath

withPath(path)

"Path defines the path to use as replacement in the request URL."

obj spec.replacePathRegex

"ReplacePathRegex holds the replace path regex middleware configuration.\nThis middleware replaces the path of a URL using regex matching and replacement.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/replacepathregex/"

fn spec.replacePathRegex.withRegex

withRegex(regex)

"Regex defines the regular expression used to match and capture the path from the request URL."

fn spec.replacePathRegex.withReplacement

withReplacement(replacement)

"Replacement defines the replacement path format, which can include captured variables."

obj spec.retry

"Retry holds the retry middleware configuration.\nThis middleware reissues requests a given number of times to a backend server if that server does not reply.\nAs soon as the server answers, the middleware stops retrying, regardless of the response status.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/retry/"

fn spec.retry.withAttempts

withAttempts(attempts)

"Attempts defines how many times the request should be retried."

fn spec.retry.withInitialInterval

withInitialInterval(initialInterval)

"InitialInterval defines the first wait time in the exponential backoff series.\nThe maximum interval is calculated as twice the initialInterval.\nIf unspecified, requests will be retried immediately.\nThe value of initialInterval should be provided in seconds or as a valid duration format,\nsee https://pkg.go.dev/time#ParseDuration."

obj spec.stripPrefix

"StripPrefix holds the strip prefix middleware configuration.\nThis middleware removes the specified prefixes from the URL path.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/stripprefix/"

fn spec.stripPrefix.withForceSlash

withForceSlash(forceSlash)

"ForceSlash ensures that the resulting stripped path is not the empty string, by replacing it with / when necessary.\nDefault: true."

fn spec.stripPrefix.withPrefixes

withPrefixes(prefixes)

"Prefixes defines the prefixes to strip from the request URL."

fn spec.stripPrefix.withPrefixesMixin

withPrefixesMixin(prefixes)

"Prefixes defines the prefixes to strip from the request URL."

Note: This function appends passed data to existing values

obj spec.stripPrefixRegex

"StripPrefixRegex holds the strip prefix regex middleware configuration.\nThis middleware removes the matching prefixes from the URL path.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/stripprefixregex/"

fn spec.stripPrefixRegex.withRegex

withRegex(regex)

"Regex defines the regular expression to match the path prefix from the request URL."

fn spec.stripPrefixRegex.withRegexMixin

withRegexMixin(regex)

"Regex defines the regular expression to match the path prefix from the request URL."

Note: This function appends passed data to existing values