--- a/20-ingress/crd.yaml Sat Apr 09 23:51:11 2022 -0500
+++ b/20-ingress/crd.yaml Sun Apr 10 03:33:33 2022 -0500
@@ -1,120 +1,1628 @@
-apiVersion: apiextensions.k8s.io/v1beta1
+apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition
+ controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null name: ingressroutes.traefik.containo.us
group: traefik.containo.us
+ listKind: IngressRouteList + description: IngressRoute is an Ingress CRD specification. + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: IngressRouteSpec is a specification for a IngressRouteSpec + description: Route contains the set of routes. + description: MiddlewareRef is a ref to the Middleware resources. + description: Service defines an upstream to proxy traffic. + description: Name is a reference to a Kubernetes Service + object (for a load-balancer of servers), or to a TraefikService + object (service load-balancer, mirroring, etc). The + differentiation between the two is specified in the + x-kubernetes-int-or-string: true + description: ResponseForwarding holds configuration for + the forward of the response. + description: Sticky holds the sticky configuration. + description: Cookie holds the sticky configuration + description: Weight should only be specified when Name + references a TraefikService object (and to be precise, + one that embeds a Weighted Round Robin). + description: "TLS contains the TLS certificates configuration of the + routes. To enable Let's Encrypt, use an empty TLS struct, e.g. in + YAML: \n \t tls: {} # inline format \n \t tls: \t secretName: + description: Domain holds a domain name with SANs. + description: Options is a reference to a TLSOption, that specifies + the parameters of the TLS connection. + description: SecretName is the name of the referenced Kubernetes + Secret to specify the certificate details. + description: Store is a reference to a TLSStore, that specifies + the parameters of the TLS store. -apiVersion: apiextensions.k8s.io/v1beta1
+apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition
- name: middlewares.traefik.containo.us
+ controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: ingressroutetcps.traefik.containo.us group: traefik.containo.us
----
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
- name: ingressroutetcps.traefik.containo.us
- group: traefik.containo.us
+ listKind: IngressRouteTCPList singular: ingressroutetcp
+ description: IngressRouteTCP is an Ingress CRD specification. + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: IngressRouteTCPSpec is a specification for a IngressRouteTCPSpec + description: RouteTCP contains the set of routes. + description: Middlewares contains references to MiddlewareTCP + description: ObjectReference is a generic reference to a Traefik + description: ServiceTCP defines an upstream to proxy traffic. + x-kubernetes-int-or-string: true + description: ProxyProtocol holds the ProxyProtocol configuration. + description: "TLSTCP contains the TLS certificates configuration of + the routes. To enable Let's Encrypt, use an empty TLS struct, e.g. + in YAML: \n \t tls: {} # inline format \n \t tls: \t secretName: + description: Domain holds a domain name with SANs. + description: Options is a reference to a TLSOption, that specifies + the parameters of the TLS connection. + description: SecretName is the name of the referenced Kubernetes + Secret to specify the certificate details. + description: Store is a reference to a TLSStore, that specifies + the parameters of the TLS store. -apiVersion: apiextensions.k8s.io/v1beta1
+apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition
+ controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null name: ingressrouteudps.traefik.containo.us
group: traefik.containo.us
+ listKind: IngressRouteUDPList singular: ingressrouteudp
+ description: IngressRouteUDP is an Ingress CRD specification. + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: IngressRouteUDPSpec is a specification for a IngressRouteUDPSpec + description: RouteUDP contains the set of routes. + description: ServiceUDP defines an upstream to proxy traffic. + x-kubernetes-int-or-string: true -apiVersion: apiextensions.k8s.io/v1beta1
+apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition
- name: tlsoptions.traefik.containo.us
+ controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: middlewares.traefik.containo.us group: traefik.containo.us
+ listKind: MiddlewareList + description: Middleware is a specification for a Middleware resource. + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: MiddlewareSpec holds the Middleware configuration. + description: AddPrefix holds the AddPrefix configuration. + description: BasicAuth holds the HTTP basic authentication configuration. + description: Buffering holds the request/response buffering configuration. + description: Chain holds a chain of middlewares. + description: MiddlewareRef is a ref to the Middleware resources. + description: CircuitBreaker holds the circuit breaker configuration. + description: Compress holds the compress configuration. + description: ContentType middleware - or rather its unique `autoDetect` + option - specifies whether to let the `Content-Type` header, if + it has not been set by the backend, be automatically set to a value + derived from the contents of the response. As a proxy, the default + behavior should be to leave the header alone, regardless of what + the backend did with it. However, the historic default was to always + auto-detect and set the header if it was nil, and it is going to + be kept that way in order to support users currently relying on + it. This middleware exists to enable the correct behavior until + at least the default one can be changed in a future version. + description: DigestAuth holds the Digest HTTP authentication configuration. + description: ErrorPage holds the custom error page configuration. + description: Service defines an upstream to proxy traffic. + description: Name is a reference to a Kubernetes Service object + (for a load-balancer of servers), or to a TraefikService + object (service load-balancer, mirroring, etc). The differentiation + between the two is specified in the Kind field. + x-kubernetes-int-or-string: true + description: ResponseForwarding holds configuration for the + forward of the response. + description: Sticky holds the sticky configuration. + description: Cookie holds the sticky configuration based + description: Weight should only be specified when Name references + a TraefikService object (and to be precise, one that embeds + a Weighted Round Robin). + description: ForwardAuth holds the http forward authentication configuration. + authResponseHeadersRegex: + description: ClientTLS holds TLS specific configurations as client. + description: Headers holds the custom header configuration. + accessControlAllowCredentials: + description: AccessControlAllowCredentials is only valid if true. + accessControlAllowHeaders: + description: AccessControlAllowHeaders must be used in response + to a preflight request with Access-Control-Request-Headers set. + accessControlAllowMethods: + description: AccessControlAllowMethods must be used in response + to a preflight request with Access-Control-Request-Method set. + accessControlAllowOriginList: + description: AccessControlAllowOriginList is a list of allowable + origins. Can also be a wildcard origin "*". + accessControlAllowOriginListRegex: + description: AccessControlAllowOriginListRegex is a list of allowable + origins written following the Regular Expression syntax (https://golang.org/pkg/regexp/). + accessControlExposeHeaders: + description: AccessControlExposeHeaders sets valid headers for + description: AccessControlMaxAge sets the time that a preflight + description: AddVaryHeader controls if the Vary header is automatically + added/updated when the AccessControlAllowOriginList is set. + customFrameOptionsValue: + description: 'Deprecated: use PermissionsPolicy instead.' + description: 'Deprecated: use RedirectRegex instead.' + description: 'Deprecated: use RedirectRegex instead.' + description: 'Deprecated: use EntryPoint redirection or RedirectScheme + description: 'Deprecated: use EntryPoint redirection or RedirectScheme + description: InFlightReq limits the number of requests being processed + and served concurrently. + description: SourceCriterion defines what criterion is used to + group requests as originating from a common source. If none + are set, the default is to use the request's remote address + field. All fields are mutually exclusive. + description: IPStrategy holds the ip strategy configuration. + description: IPWhiteList holds the ip white list configuration. + description: IPStrategy holds the ip strategy configuration. + description: PassTLSClientCert holds the TLS client cert headers configuration. + description: TLSClientCertificateInfo holds the client TLS certificate + description: TLSClientCertificateIssuerDNInfo holds the client + TLS certificate distinguished name info configuration. cf + https://tools.ietf.org/html/rfc3739 + description: TLSClientCertificateSubjectDNInfo holds the client + TLS certificate distinguished name info configuration. cf + https://tools.ietf.org/html/rfc3739 + x-kubernetes-preserve-unknown-fields: true + description: RateLimit holds the rate limiting configuration for a + x-kubernetes-int-or-string: true + description: SourceCriterion defines what criterion is used to + group requests as originating from a common source. If none + are set, the default is to use the request's remote address + field. All fields are mutually exclusive. + description: IPStrategy holds the ip strategy configuration. + description: RedirectRegex holds the redirection configuration. + description: RedirectScheme holds the scheme redirection configuration. + description: ReplacePath holds the ReplacePath configuration. + description: ReplacePathRegex holds the ReplacePathRegex configuration. + description: Retry holds the retry configuration. + x-kubernetes-int-or-string: true + description: StripPrefix holds the StripPrefix configuration. + description: StripPrefixRegex holds the StripPrefixRegex configuration. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: middlewaretcps.traefik.containo.us + group: traefik.containo.us + listKind: MiddlewareTCPList + singular: middlewaretcp + description: MiddlewareTCP is a specification for a MiddlewareTCP resource. + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: MiddlewareTCPSpec holds the MiddlewareTCP configuration. + description: TCPInFlightConn holds the TCP in flight connection configuration. + description: TCPIPWhiteList holds the TCP ip white list configuration. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: serverstransports.traefik.containo.us + group: traefik.containo.us + listKind: ServersTransportList + plural: serverstransports + singular: serverstransport + description: ServersTransport is a specification for a ServersTransport resource. + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: ServersTransportSpec options to configure communication between + Traefik and the servers. + description: Certificates for mTLS. + description: Disable HTTP/2 for connections with backend servers. + description: Timeouts for requests forwarded to the backend servers. + description: DialTimeout is the amount of time to wait until a + connection to a backend server can be established. If zero, + x-kubernetes-int-or-string: true + description: IdleConnTimeout is the maximum period for which an + idle HTTP keep-alive connection will remain open before closing + x-kubernetes-int-or-string: true + description: PingTimeout is the timeout after which the HTTP/2 + connection will be closed if a response to ping is not received. + x-kubernetes-int-or-string: true + description: ReadIdleTimeout is the timeout after which a health + check using ping frame will be carried out if no frame is received + on the HTTP/2 connection. If zero, no health check is performed. + x-kubernetes-int-or-string: true + description: ResponseHeaderTimeout is the amount of time to wait + for a server's response headers after fully writing the request + (including its body, if any). If zero, no timeout exists. + x-kubernetes-int-or-string: true + description: Disable SSL certificate verification. + description: If non-zero, controls the maximum idle (keep-alive) to + keep per-host. If zero, DefaultMaxIdleConnsPerHost is used. + description: URI used to match against SAN URI during the peer certificate + description: Add cert file for self-signed certificate. + description: ServerName used to contact the server. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: tlsoptions.traefik.containo.us + group: traefik.containo.us + listKind: TLSOptionList + description: TLSOption is a specification for a TLSOption resource. + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: TLSOptionSpec configures TLS for an entry point. + description: ClientAuth defines the parameters of the client authentication + part of the TLS connection, if any. + description: ClientAuthType defines the client authentication + - VerifyClientCertIfGiven + - RequireAndVerifyClientCert + description: SecretName is the name of the referenced Kubernetes + Secret to specify the certificate details. + preferServerCipherSuites: -apiVersion: apiextensions.k8s.io/v1beta1
+apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition
+ controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null name: tlsstores.traefik.containo.us
group: traefik.containo.us
+ description: TLSStore is a specification for a TLSStore resource. + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: TLSStoreSpec configures a TLSStore resource. + description: DefaultCertificate holds a secret name for the TLSOption + description: SecretName is the name of the referenced Kubernetes + Secret to specify the certificate details. -apiVersion: apiextensions.k8s.io/v1beta1
+apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition
+ controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null name: traefikservices.traefik.containo.us
group: traefik.containo.us
+ listKind: TraefikServiceList
+ description: TraefikService is the specification for a service (that an IngressRoute + refers to) that is usually not a terminal service (i.e. not a pod of servers), + as opposed to a Kubernetes Service. That is to say, it usually refers to + other (children) services, which themselves can be TraefikServices or Services. + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: ServiceSpec defines whether a TraefikService is a load-balancer + of services or a mirroring service. + description: Mirroring defines a mirroring service, which is composed + of a main load-balancer, and a list of mirrors. + description: MirrorService defines one of the mirrors of a Mirroring + description: Name is a reference to a Kubernetes Service + object (for a load-balancer of servers), or to a TraefikService + object (service load-balancer, mirroring, etc). The differentiation + between the two is specified in the Kind field. + x-kubernetes-int-or-string: true + description: ResponseForwarding holds configuration for + the forward of the response. + description: Sticky holds the sticky configuration. + description: Cookie holds the sticky configuration based + description: Weight should only be specified when Name references + a TraefikService object (and to be precise, one that embeds + a Weighted Round Robin). + description: Name is a reference to a Kubernetes Service object + (for a load-balancer of servers), or to a TraefikService object + (service load-balancer, mirroring, etc). The differentiation + between the two is specified in the Kind field. + x-kubernetes-int-or-string: true + description: ResponseForwarding holds configuration for the forward + description: Sticky holds the sticky configuration. + description: Cookie holds the sticky configuration based on + description: Weight should only be specified when Name references + a TraefikService object (and to be precise, one that embeds + a Weighted Round Robin). + description: WeightedRoundRobin defines a load-balancer of services. + description: Service defines an upstream to proxy traffic. + description: Name is a reference to a Kubernetes Service + object (for a load-balancer of servers), or to a TraefikService + object (service load-balancer, mirroring, etc). The differentiation + between the two is specified in the Kind field. + x-kubernetes-int-or-string: true + description: ResponseForwarding holds configuration for + the forward of the response. + description: Sticky holds the sticky configuration. + description: Cookie holds the sticky configuration based + description: Weight should only be specified when Name references + a TraefikService object (and to be precise, one that embeds + a Weighted Round Robin). + description: Sticky holds the sticky configuration. + description: Cookie holds the sticky configuration based on -apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
- name: serverstransports.traefik.containo.us
- group: traefik.containo.us
- plural: serverstransports
- singular: serverstransport
----
--- a/20-ingress/manifest.yaml Sat Apr 09 23:51:11 2022 -0500
+++ b/20-ingress/manifest.yaml Sun Apr 10 03:33:33 2022 -0500
@@ -13,7 +13,7 @@
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
-apiVersion: policy/v1beta1
kind: PodDisruptionBudget
@@ -64,7 +64,7 @@
serviceAccountName: traefik-ingress-controller
- name: traefik-ingress-controller
- image: docker.io/traefik:v2.4.13
+ image: docker.io/traefik:v2.6.1 - "--global.checknewversion=false"
- "--global.sendanonymoususage=false"
--- a/20-ingress/rbac.yaml Sat Apr 09 23:51:11 2022 -0500
+++ b/20-ingress/rbac.yaml Sun Apr 10 03:33:33 2022 -0500
@@ -7,8 +7,8 @@
+apiVersion: rbac.authorization.k8s.io/v1 -apiVersion: rbac.authorization.k8s.io/v1beta1
name: traefik-ingress-controller
@@ -43,6 +43,7 @@
@@ -56,8 +57,8 @@
+apiVersion: rbac.authorization.k8s.io/v1 -apiVersion: rbac.authorization.k8s.io/v1beta1
name: traefik-ingress-controller