diff --git a/.github/workflows/common-tests.yaml b/.github/workflows/common-tests.yaml index baa94cf3cdc..a5d0e973498 100644 --- a/.github/workflows/common-tests.yaml +++ b/.github/workflows/common-tests.yaml @@ -20,7 +20,6 @@ on: workflow_dispatch: jobs: - check_changes: runs-on: ubuntu-latest outputs: @@ -81,7 +80,7 @@ jobs: name: Unit Tests runs-on: ubuntu-24.04 env: - helmUnitVersion: 0.5.0 + helmUnitVersion: 0.7.1 strategy: fail-fast: false matrix: diff --git a/charts/library/common-test/Chart.yaml b/charts/library/common-test/Chart.yaml index 83d881bccde..486d4c2d922 100644 --- a/charts/library/common-test/Chart.yaml +++ b/charts/library/common-test/Chart.yaml @@ -7,7 +7,7 @@ apiVersion: v2 appVersion: unknown dependencies: - name: common - version: ~25.3.0 + version: ~25.4.0 repository: file://../common/ condition: "" alias: "" diff --git a/charts/library/common-test/tests/traefik/metadata_test.yaml b/charts/library/common-test/tests/traefik/metadata_test.yaml new file mode 100644 index 00000000000..b8cd46958f5 --- /dev/null +++ b/charts/library/common-test/tests/traefik/metadata_test.yaml @@ -0,0 +1,132 @@ +suite: middlewares metadata test +templates: + - common.yaml +chart: + appVersion: &appVer v9.9.9 +release: + name: test-release-name + namespace: test-release-namespace +tests: + - it: should pass with middlewares created with labels and annotations + set: + label1: label1 + label2: global_label2 + annotation1: annotation1 + annotation2: global_annotation2 + global: + labels: + g_label1: global_label1 + g_label2: "{{ .Values.label2 }}" + annotations: + g_annotation1: global_annotation1 + g_annotation2: "{{ .Values.annotation2 }}" + middlewares: + my-middleware1: + enabled: true + type: buffering + labels: + label1: "{{ .Values.label1 }}" + label2: label2 + annotations: + annotation1: "{{ .Values.annotation1 }}" + annotation2: annotation2 + data: + foo: bar + asserts: + - documentIndex: &middlewareDoc 0 + isKind: + of: Middleware + - documentIndex: *middlewareDoc + equal: + path: metadata.annotations + value: + annotation1: annotation1 + annotation2: annotation2 + g_annotation1: global_annotation1 + g_annotation2: global_annotation2 + - documentIndex: *middlewareDoc + equal: + path: metadata.labels + value: + app: common-test-1.0.0 + release: test-release-name + helm-revision: "0" + helm.sh/chart: common-test-1.0.0 + app.kubernetes.io/name: common-test + app.kubernetes.io/instance: test-release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: *appVer + g_label1: global_label1 + g_label2: global_label2 + label1: label1 + label2: label2 + - documentIndex: *middlewareDoc + equal: + path: metadata.namespace + value: test-release-namespace + + - it: should pass with middlewares created with namespace + set: + middlewares: + my-middleware1: + enabled: true + type: buffering + namespace: some-namespace + data: + foo: bar + asserts: + - documentIndex: *middlewareDoc + equal: + path: metadata.namespace + value: some-namespace + + - it: should pass with middlewares created with object namespace from tpl + set: + key: some-namespace + middlewares: + my-middleware1: + enabled: true + type: buffering + namespace: "{{ .Values.key }}" + data: + foo: bar + asserts: + - documentIndex: *middlewareDoc + equal: + path: metadata.namespace + value: some-namespace + + - it: should pass with middlewares created with namespace from global with tpl + set: + key: global-namespace + global: + namespace: "{{ .Values.key }}" + middlewares: + my-middleware1: + enabled: true + type: buffering + data: + foo: bar + asserts: + - documentIndex: *middlewareDoc + equal: + path: metadata.namespace + value: global-namespace + + - it: should pass with middlewares created with namespace from root with tpl + set: + key: local-namespace + namespace: "{{ .Values.key }}" + global: + namespace: global-namespace + middlewares: + my-middleware1: + enabled: true + type: buffering + data: + foo: bar + asserts: + - documentIndex: *middlewareDoc + equal: + path: metadata.namespace + value: local-namespace diff --git a/charts/library/common-test/tests/traefik/middleware_addPrefix_test.yaml b/charts/library/common-test/tests/traefik/middleware_addPrefix_test.yaml new file mode 100644 index 00000000000..f414ef4da51 --- /dev/null +++ b/charts/library/common-test/tests/traefik/middleware_addPrefix_test.yaml @@ -0,0 +1,37 @@ +suite: add-prefix middleware test +templates: + - common.yaml +release: + name: test-release-name + namespace: test-release-namespace +tests: + - it: should pass with all set + set: + middlewares: + my-middleware1: + enabled: true + type: add-prefix + data: + prefix: some-prefix + asserts: + - documentIndex: &middlewareDoc 0 + isKind: + of: Middleware + - documentIndex: *middlewareDoc + equal: + path: spec + value: + addPrefix: + prefix: some-prefix + + - it: should fail with missing prefix + set: + middlewares: + my-middleware1: + enabled: true + type: add-prefix + data: + foo: bar + asserts: + - failedTemplate: + errorMessage: Middleware (add-prefix) - Expected [prefix] to be set diff --git a/charts/library/common-test/tests/traefik/middleware_basicAuth_test.yaml b/charts/library/common-test/tests/traefik/middleware_basicAuth_test.yaml new file mode 100644 index 00000000000..825eae38f05 --- /dev/null +++ b/charts/library/common-test/tests/traefik/middleware_basicAuth_test.yaml @@ -0,0 +1,81 @@ +suite: basicAuth middleware test +templates: + - common.yaml +release: + name: test-release-name + namespace: test-release-namespace +tests: + - it: should pass with all set + set: + middlewares: + my-middleware1: + enabled: true + type: basic-auth + data: + secret: some-secret + my-middleware2: + enabled: true + type: basic-auth + data: + users: + - username: some-username + password: some-password + - username: some-other-username + password: some-other-password + asserts: + - documentIndex: &middlewareDoc 0 + isKind: + of: Middleware + - documentIndex: *middlewareDoc + equal: + path: spec + value: + basicAuth: + secret: some-secret + - documentIndex: &otherMiddlewareDoc 1 + isKind: + of: Middleware + - documentIndex: *otherMiddlewareDoc + equal: + path: spec + value: + basicAuth: + secret: test-release-name-common-test-my-middleware2 + - documentIndex: &secretDoc 2 + isKind: + of: Secret + - documentIndex: *secretDoc + equal: + path: metadata.name + value: test-release-name-common-test-my-middleware2 + - documentIndex: *secretDoc + matchRegex: + path: stringData.users + pattern: some-username:.+\nsome-other-username:.+ + + - it: should fail with missing both users and secret + set: + middlewares: + my-middleware1: + enabled: true + type: basic-auth + data: + foo: bar + asserts: + - failedTemplate: + errorMessage: Middleware (basic-auth) - Expected at least one of [users] or [secret] to be set + + - it: should fail with both secret and users set + set: + middlewares: + my-middleware1: + enabled: true + type: basic-auth + data: + secret: some-secret + users: + - username: some-username + password: some-password + asserts: + - failedTemplate: + errorMessage: Middleware (basic-auth) - Expected either [users] or [secret] to be set, but not both diff --git a/charts/library/common-test/tests/traefik/middleware_buffering_test.yaml b/charts/library/common-test/tests/traefik/middleware_buffering_test.yaml new file mode 100644 index 00000000000..a561eb65942 --- /dev/null +++ b/charts/library/common-test/tests/traefik/middleware_buffering_test.yaml @@ -0,0 +1,71 @@ +suite: buffering middleware test +templates: + - common.yaml +release: + name: test-release-name + namespace: test-release-namespace +tests: + - it: should pass with all set + set: + middlewares: + my-middleware1: + enabled: true + type: buffering + data: + maxRequestBodyBytes: 1024 + memRequestBodyBytes: 1024 + maxResponseBodyBytes: 1024 + memResponseBodyBytes: 1024 + retryExpression: some-expression + asserts: + - documentIndex: &middlewareDoc 0 + isKind: + of: Middleware + - documentIndex: *middlewareDoc + equal: + path: spec + value: + buffering: + maxRequestBodyBytes: 1024 + memRequestBodyBytes: 1024 + maxResponseBodyBytes: 1024 + memResponseBodyBytes: 1024 + retryExpression: "some-expression" + + - it: should pass with only maxRequestBodyBytes set + set: + middlewares: + my-middleware1: + enabled: true + type: buffering + data: + maxRequestBodyBytes: 1024 + asserts: + - documentIndex: *middlewareDoc + equal: + path: spec + value: + buffering: + maxRequestBodyBytes: 1024 + + - it: should render 0 and non-null values + set: + middlewares: + my-middleware1: + enabled: true + type: buffering + data: + maxRequestBodyBytes: 0 + memRequestBodyBytes: null + maxResponseBodyBytes: 1024 + memResponseBodyBytes: 1024 + retryExpression: "" + asserts: + - documentIndex: *middlewareDoc + equal: + path: spec + value: + buffering: + maxRequestBodyBytes: 0 + maxResponseBodyBytes: 1024 + memResponseBodyBytes: 1024 diff --git a/charts/library/common-test/tests/traefik/middleware_chain_test.yaml b/charts/library/common-test/tests/traefik/middleware_chain_test.yaml new file mode 100644 index 00000000000..36d7dbce6ad --- /dev/null +++ b/charts/library/common-test/tests/traefik/middleware_chain_test.yaml @@ -0,0 +1,42 @@ +suite: chain middleware test +templates: + - common.yaml +release: + name: test-release-name + namespace: test-release-namespace +tests: + - it: should pass with all set + set: + middlewares: + my-middleware1: + enabled: true + type: chain + data: + middlewares: + - name: some-name + expandObjectName: false + - name: some-other-name + asserts: + - documentIndex: &middlewareDoc 0 + isKind: + of: Middleware + - documentIndex: *middlewareDoc + equal: + path: spec + value: + chain: + middlewares: + - name: some-name + - name: test-release-name-common-test-some-other-name + + - it: should fail with missing middlewares + set: + middlewares: + my-middleware1: + enabled: true + type: chain + data: + middlewares: [] + asserts: + - failedTemplate: + errorMessage: Middleware (chain) - Expected [middlewares] to be set diff --git a/charts/library/common-test/tests/traefik/middleware_compress_test.yaml b/charts/library/common-test/tests/traefik/middleware_compress_test.yaml new file mode 100644 index 00000000000..82c18e5dca9 --- /dev/null +++ b/charts/library/common-test/tests/traefik/middleware_compress_test.yaml @@ -0,0 +1,22 @@ +suite: compress middleware test +templates: + - common.yaml +release: + name: test-release-name + namespace: test-release-namespace +tests: + - it: should pass with all set + set: + middlewares: + my-middleware1: + enabled: true + type: compress + asserts: + - documentIndex: &middlewareDoc 0 + isKind: + of: Middleware + - documentIndex: *middlewareDoc + equal: + path: spec + value: + compress: {} diff --git a/charts/library/common-test/tests/traefik/middleware_contentType_test.yaml b/charts/library/common-test/tests/traefik/middleware_contentType_test.yaml new file mode 100644 index 00000000000..54ac83d7ce2 --- /dev/null +++ b/charts/library/common-test/tests/traefik/middleware_contentType_test.yaml @@ -0,0 +1,22 @@ +suite: contentType middleware test +templates: + - common.yaml +release: + name: test-release-name + namespace: test-release-namespace +tests: + - it: should pass with all set + set: + middlewares: + my-middleware1: + enabled: true + type: content-type + asserts: + - documentIndex: &middlewareDoc 0 + isKind: + of: Middleware + - documentIndex: *middlewareDoc + equal: + path: spec + value: + contentType: {} diff --git a/charts/library/common-test/tests/traefik/middleware_forwardAuth_test.yaml b/charts/library/common-test/tests/traefik/middleware_forwardAuth_test.yaml new file mode 100644 index 00000000000..7ead0b55add --- /dev/null +++ b/charts/library/common-test/tests/traefik/middleware_forwardAuth_test.yaml @@ -0,0 +1,106 @@ +suite: forward-auth middleware test +templates: + - common.yaml +release: + name: test-release-name + namespace: test-release-namespace +tests: + - it: should pass with values + set: + middlewares: + my-middleware1: + enabled: true + type: forward-auth + data: + address: some-address + authResponseHeadersRegex: some-regex + trustForwardHeader: true + authResponseHeaders: + - some-header + authRequestHeaders: + - some-header + tls: + insecureSkipVerify: true + asserts: + - documentIndex: &middlewareDoc 0 + isKind: + of: Middleware + - documentIndex: *middlewareDoc + equal: + path: spec + value: + forwardAuth: + address: some-address + authResponseHeadersRegex: some-regex + trustForwardHeader: true + authResponseHeaders: + - some-header + authRequestHeaders: + - some-header + tls: + insecureSkipVerify: true + + - it: should fail with missing address + set: + middlewares: + my-middleware1: + enabled: true + type: forward-auth + data: + authResponseHeadersRegex: some-regex + asserts: + - failedTemplate: + errorMessage: Middleware (forward-auth) - Expected [address] to be set + + - it: should fail with invalid authResponseHeaders + set: + middlewares: + my-middleware1: + enabled: true + type: forward-auth + data: + address: some-address + authResponseHeaders: some-header + asserts: + - failedTemplate: + errorMessage: Middleware (forward-auth) - Expected [authResponseHeaders] to be a list, but got [string] + + - it: should fail with invalid authRequestHeaders + set: + middlewares: + my-middleware1: + enabled: true + type: forward-auth + data: + address: some-address + authRequestHeaders: some-header + asserts: + - failedTemplate: + errorMessage: Middleware (forward-auth) - Expected [authRequestHeaders] to be a list, but got [string] + + - it: should fail with invalid tls.insecureSkipVerify + set: + middlewares: + my-middleware1: + enabled: true + type: forward-auth + data: + address: some-address + tls: + insecureSkipVerify: some-value + asserts: + - failedTemplate: + errorMessage: Middleware (forward-auth) - Expected [tls.insecureSkipVerify] to be a boolean, but got [string] + + - it: should fail with invalid trustForwardHeader + set: + middlewares: + my-middleware1: + enabled: true + type: forward-auth + data: + address: some-address + trustForwardHeader: some-value + asserts: + - failedTemplate: + errorMessage: Middleware (forward-auth) - Expected [trustForwardHeader] to be a boolean, but got [string] diff --git a/charts/library/common-test/tests/traefik/middleware_headers_test.yaml b/charts/library/common-test/tests/traefik/middleware_headers_test.yaml new file mode 100644 index 00000000000..dc25d25f5c5 --- /dev/null +++ b/charts/library/common-test/tests/traefik/middleware_headers_test.yaml @@ -0,0 +1,119 @@ +suite: headers middleware test +templates: + - common.yaml +release: + name: test-release-name + namespace: test-release-namespace +tests: + - it: should pass with all set + set: + middlewares: + my-middleware1: + enabled: true + type: headers + data: + customRequestHeaders: + some-name: some-value + some-other-name: some-other-value + customResponseHeaders: + some-name: some-value + some-other-name: some-other-value + accessControlAllowCredentials: true + accessControlAllowHeaders: + - some-header + - some-other-header + accessControlAllowMethods: + - GET + - DELETE + accessControlAllowOriginList: + - some-origin + - some-other-origin + accessControlAllowOriginListRegex: + - some-origin-regex + - some-other-origin-regex + accessControlExposeHeaders: + - some-header + - some-other-header + accessControlMaxAge: 1000 + addVaryHeader: true + allowedHosts: + - some-host + - some-other-host + hostsProxyHeaders: + - some-header + - some-other-header + sslProxyHeaders: + some-header: some-value + some-other-header: some-other-value + stsSeconds: 1000 + stsIncludeSubdomains: true + stsPreload: true + forceSTSHeader: true + frameDeny: true + customFrameOptionsValue: some-value + contentTypeNosniff: true + browserXssFilter: true + customBrowserXSSValue: some-value + contentSecurityPolicy: some-value + contentSecurityPolicyReportOnly: true + publicKey: some-public-key + referrerPolicy: some-referrer-policy + permissionsPolicy: some-permissions-policy + isDevelopment: true + asserts: + - documentIndex: &middlewareDoc 0 + isKind: + of: Middleware + - documentIndex: *middlewareDoc + equal: + path: spec + value: + headers: + customRequestHeaders: + some-name: some-value + some-other-name: some-other-value + customResponseHeaders: + some-name: some-value + some-other-name: some-other-value + accessControlAllowCredentials: true + accessControlAllowHeaders: + - some-header + - some-other-header + accessControlAllowMethods: + - GET + - DELETE + accessControlAllowOriginList: + - some-origin + - some-other-origin + accessControlAllowOriginListRegex: + - some-origin-regex + - some-other-origin-regex + accessControlExposeHeaders: + - some-header + - some-other-header + accessControlMaxAge: 1000 + addVaryHeader: true + allowedHosts: + - some-host + - some-other-host + hostsProxyHeaders: + - some-header + - some-other-header + sslProxyHeaders: + some-header: some-value + some-other-header: some-other-value + stsSeconds: 1000 + stsIncludeSubdomains: true + stsPreload: true + forceSTSHeader: true + frameDeny: true + customFrameOptionsValue: some-value + contentTypeNosniff: true + browserXssFilter: true + customBrowserXSSValue: some-value + contentSecurityPolicy: some-value + contentSecurityPolicyReportOnly: true + publicKey: some-public-key + referrerPolicy: some-referrer-policy + permissionsPolicy: some-permissions-policy + isDevelopment: true diff --git a/charts/library/common-test/tests/traefik/middleware_ipAllowList_test.yaml b/charts/library/common-test/tests/traefik/middleware_ipAllowList_test.yaml new file mode 100644 index 00000000000..ad9a306b1ab --- /dev/null +++ b/charts/library/common-test/tests/traefik/middleware_ipAllowList_test.yaml @@ -0,0 +1,62 @@ +suite: ip-allow-list middleware test +templates: + - common.yaml +release: + name: test-release-name + namespace: test-release-namespace +tests: + - it: should pass with all set + set: + middlewares: + my-middleware1: + enabled: true + type: ip-allow-list + data: + sourceRange: + - some-source-range + ipStrategy: + depth: 1 + excludedIPs: + - some-excluded-ip + asserts: + - documentIndex: &middlewareDoc 0 + isKind: + of: Middleware + - documentIndex: *middlewareDoc + equal: + path: spec + value: + ipAllowList: + sourceRange: + - some-source-range + ipStrategy: + depth: 1 + excludedIPs: + - some-excluded-ip + + - it: should fail with invalid sourceRange + set: + middlewares: + my-middleware1: + enabled: true + type: ip-allow-list + data: + sourceRange: some-source-range + asserts: + - failedTemplate: + errorMessage: Middleware (ip-allow-list) - Expected [sourceRange] to be a list, but got [string] + + - it: should fail with invalid ipStrategy.excludedIPs + set: + middlewares: + my-middleware1: + enabled: true + type: ip-allow-list + data: + sourceRange: + - some-source-range + ipStrategy: + excludedIPs: some-excluded-ip + asserts: + - failedTemplate: + errorMessage: Middleware (ip-allow-list) - Expected [ipStrategy.excludedIPs] to be a list, but got [string] diff --git a/charts/library/common-test/tests/traefik/middleware_pluginBouncer_test.yaml b/charts/library/common-test/tests/traefik/middleware_pluginBouncer_test.yaml new file mode 100644 index 00000000000..27cb81665d0 --- /dev/null +++ b/charts/library/common-test/tests/traefik/middleware_pluginBouncer_test.yaml @@ -0,0 +1,177 @@ +suite: plugin-bouncer middleware test +templates: + - common.yaml +release: + name: test-release-name + namespace: test-release-namespace +tests: + - it: should pass with all set + set: + middlewares: + my-middleware1: + enabled: true + type: plugin-bouncer + data: + enabled: true + logLevel: DEBUG + updateIntervalSeconds: 60 + updateMaxFailure: 0 + defaultDecisionSeconds: 60 + httpTimeoutSeconds: 10 + crowdsecMode: live + crowdsecAppsecEnabled: false + crowdsecAppsecHost: crowdsec:7422 + crowdsecAppsecFailureBlock: true + crowdsecAppsecUnreachableBlock: true + crowdsecLapiKey: privateKey-foo + crowdsecLapiHost: crowdsec:8080 + crowdsecLapiScheme: http + crowdsecLapiTLSInsecureVerify: false + crowdsecCapiMachineId: login + crowdsecCapiPassword: password + crowdsecCapiScenarios: + - crowdsecurity/http-path-traversal-probing + - crowdsecurity/http-xss-probing + - crowdsecurity/http-generic-bf + forwardedHeadersTrustedIPs: + - 10.0.10.23/32 + - 10.0.20.0/24 + clientTrustedIPs: + - 192.168.1.0/24 + forwardedHeadersCustomName: X-Custom-Header + remediationHeadersCustomName: cs-remediation + redisCacheEnabled: false + redisCacheHost: "redis:6379" + redisCachePassword: password + redisCacheDatabase: "5" + crowdsecLapiTLSCertificateAuthority: |- + -----BEGIN CERTIFICATE----- + MIIEBzCCAu+gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVT + ... + Q0veeNzBQXg1f/JxfeA39IDIX1kiCf71tGlT + -----END CERTIFICATE----- + crowdsecLapiTLSCertificateBouncer: |- + -----BEGIN CERTIFICATE----- + MIIEHjCCAwagAwIBAgIUOBTs1eqkaAUcPplztUr2xRapvNAwDQYJKoZIhvcNAQEL + ... + RaXAnYYUVRblS1jmePemh388hFxbmrpG2pITx8B5FMULqHoj11o2Rl0gSV6tHIHz + N2U= + -----END CERTIFICATE----- + crowdsecLapiTLSCertificateBouncerKey: |- + -----BEGIN RSA PRIVATE KEY----- + MIIEogIBAAKCAQEAtYQnbJqifH+ZymePylDxGGLIuxzcAUU4/ajNj+qRAdI/Ux3d + ... + ic5cDRo6/VD3CS3MYzyBcibaGaV34nr0G/pI+KEqkYChzk/PZRA= + -----END RSA PRIVATE KEY----- + captchaProvider: hcaptcha + captchaSiteKey: FIXME + captchaSecretKey: FIXME + captchaGracePeriodSeconds: 1800 + captchaHTMLFilePath: /captcha.html + banHTMLFilePath: /ban.html + asserts: + - documentIndex: &middlewareDoc 0 + equal: + path: spec + value: + plugin: + bouncer: + enabled: true + logLevel: DEBUG + updateIntervalSeconds: 60 + updateMaxFailure: 0 + defaultDecisionSeconds: 60 + httpTimeoutSeconds: 10 + crowdsecMode: live + crowdsecAppsecEnabled: false + crowdsecAppsecHost: crowdsec:7422 + crowdsecAppsecFailureBlock: true + crowdsecAppsecUnreachableBlock: true + crowdsecLapiKey: privateKey-foo + crowdsecLapiHost: crowdsec:8080 + crowdsecLapiScheme: http + crowdsecLapiTLSInsecureVerify: false + crowdsecCapiMachineId: login + crowdsecCapiPassword: password + crowdsecCapiScenarios: + - crowdsecurity/http-path-traversal-probing + - crowdsecurity/http-xss-probing + - crowdsecurity/http-generic-bf + forwardedHeadersTrustedIPs: + - 10.0.10.23/32 + - 10.0.20.0/24 + clientTrustedIPs: + - 192.168.1.0/24 + forwardedHeadersCustomName: X-Custom-Header + remediationHeadersCustomName: cs-remediation + redisCacheEnabled: false + redisCacheHost: "redis:6379" + redisCachePassword: password + redisCacheDatabase: "5" + crowdsecLapiTLSCertificateAuthority: |- + -----BEGIN CERTIFICATE----- + MIIEBzCCAu+gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVT + ... + Q0veeNzBQXg1f/JxfeA39IDIX1kiCf71tGlT + -----END CERTIFICATE----- + crowdsecLapiTLSCertificateBouncer: |- + -----BEGIN CERTIFICATE----- + MIIEHjCCAwagAwIBAgIUOBTs1eqkaAUcPplztUr2xRapvNAwDQYJKoZIhvcNAQEL + ... + RaXAnYYUVRblS1jmePemh388hFxbmrpG2pITx8B5FMULqHoj11o2Rl0gSV6tHIHz + N2U= + -----END CERTIFICATE----- + crowdsecLapiTLSCertificateBouncerKey: |- + -----BEGIN RSA PRIVATE KEY----- + MIIEogIBAAKCAQEAtYQnbJqifH+ZymePylDxGGLIuxzcAUU4/ajNj+qRAdI/Ux3d + ... + ic5cDRo6/VD3CS3MYzyBcibaGaV34nr0G/pI+KEqkYChzk/PZRA= + -----END RSA PRIVATE KEY----- + captchaProvider: hcaptcha + captchaSiteKey: FIXME + captchaSecretKey: FIXME + captchaGracePeriodSeconds: 1800 + captchaHTMLFilePath: /captcha.html + banHTMLFilePath: /ban.html + + - it: should pass with pluginName set + set: + middlewares: + my-middleware1: + enabled: true + type: plugin-bouncer + data: + pluginName: traefik-bouncer-test + enabled: true + asserts: + - documentIndex: *middlewareDoc + equal: + path: spec + value: + plugin: + traefik-bouncer-test: + enabled: true + + - it: should fail with missing enabled + set: + middlewares: + my-middleware1: + enabled: true + type: plugin-bouncer + data: + foo: bar + asserts: + - failedTemplate: + errorMessage: Middleware (plugin-bouncer) - Expected [enabled] to be set + + - it: should fail with invalid enabled + set: + middlewares: + my-middleware1: + enabled: true + type: plugin-bouncer + data: + enabled: some-value + asserts: + - failedTemplate: + errorMessage: Middleware (plugin-bouncer) - Expected [enabled] to be a boolean, but got [string] diff --git a/charts/library/common-test/tests/traefik/middleware_pluginGeoblock_test.yaml b/charts/library/common-test/tests/traefik/middleware_pluginGeoblock_test.yaml new file mode 100644 index 00000000000..6a457a6712e --- /dev/null +++ b/charts/library/common-test/tests/traefik/middleware_pluginGeoblock_test.yaml @@ -0,0 +1,101 @@ +suite: plugin-geoblock middleware test +templates: + - common.yaml +release: + name: test-release-name + namespace: test-release-namespace +tests: + - it: should pass with all set + set: + middlewares: + my-middleware1: + enabled: true + type: plugin-geoblock + data: + api: https://api.geoblock.org/v2/geoblock + allowLocalRequests: true + logLocalRequests: true + logAllowedRequests: true + logApiRequests: true + apiTimeoutMs: 1000 + cacheSize: 1000 + forceMonthlyUpdate: true + allowUnknownCountries: true + unknownCountryApiResponse: some-value + blackListMode: true + silentStartUp: true + addCountryHeader: true + countries: + - some-country + - some-other-country + asserts: + - documentIndex: &middlewareDoc 0 + equal: + path: spec + value: + plugin: + GeoBlock: + allowLocalRequests: true + logLocalRequests: true + logAllowedRequests: true + logApiRequests: true + api: https://api.geoblock.org/v2/geoblock + apiTimeoutMs: 1000 + cacheSize: 1000 + forceMonthlyUpdate: true + allowUnknownCountries: true + unknownCountryApiResponse: some-value + blackListMode: true + silentStartUp: true + addCountryHeader: true + countries: + - some-country + - some-other-country + + - it: should pass with pluginName set + set: + middlewares: + my-middleware1: + enabled: true + type: plugin-geoblock + data: + pluginName: traefik-geoblock-test + api: https://api.geoblock.org/v2/geoblock + countries: + - some-country + - some-other-country + asserts: + - documentIndex: *middlewareDoc + equal: + path: spec + value: + plugin: + traefik-geoblock-test: + api: https://api.geoblock.org/v2/geoblock + countries: + - some-country + - some-other-country + + - it: should fail with missing api + set: + middlewares: + my-middleware1: + enabled: true + type: plugin-geoblock + data: + foo: bar + asserts: + - failedTemplate: + errorMessage: Middleware (plugin-geoblock) - Expected [api] to be set + + - it: should fail with missing countries + set: + middlewares: + my-middleware1: + enabled: true + type: plugin-geoblock + data: + api: https://api.geoblock.org/v2/geoblock + asserts: + - failedTemplate: + errorMessage: Middleware (plugin-geoblock) - Expected [countries] to be set diff --git a/charts/library/common-test/tests/traefik/middleware_pluginModSecurity_test.yaml b/charts/library/common-test/tests/traefik/middleware_pluginModSecurity_test.yaml new file mode 100644 index 00000000000..14f63a6a707 --- /dev/null +++ b/charts/library/common-test/tests/traefik/middleware_pluginModSecurity_test.yaml @@ -0,0 +1,57 @@ +suite: plugin-mod-security middleware test +templates: + - common.yaml +release: + name: test-release-name + namespace: test-release-namespace +tests: + - it: should pass with all set + set: + middlewares: + my-middleware1: + enabled: true + type: plugin-mod-security + data: + modSecurityUrl: some-url + timeoutMillis: 1000 + maxBodySize: 1024 + asserts: + - documentIndex: &middlewareDoc 0 + equal: + path: spec + value: + plugin: + traefik-modsecurity-plugin: + modSecurityUrl: some-url + timeoutMillis: 1000 + maxBodySize: 1024 + + - it: should pass with pluginName set + set: + middlewares: + my-middleware1: + enabled: true + type: plugin-mod-security + data: + pluginName: traefik-mod-security-test + modSecurityUrl: some-url + asserts: + - documentIndex: *middlewareDoc + equal: + path: spec + value: + plugin: + traefik-mod-security-test: + modSecurityUrl: some-url + + - it: should fail with missing modSecurityUrl + set: + middlewares: + my-middleware1: + enabled: true + type: plugin-mod-security + data: + foo: bar + asserts: + - failedTemplate: + errorMessage: Middleware (modsecurity) - Expected [modSecurityUrl] to be set diff --git a/charts/library/common-test/tests/traefik/middleware_pluginRealIP_test.yaml b/charts/library/common-test/tests/traefik/middleware_pluginRealIP_test.yaml new file mode 100644 index 00000000000..5b1990c95ee --- /dev/null +++ b/charts/library/common-test/tests/traefik/middleware_pluginRealIP_test.yaml @@ -0,0 +1,61 @@ +suite: plugin-real-ip middleware test +templates: + - common.yaml +release: + name: test-release-name + namespace: test-release-namespace +tests: + - it: should pass with all set + set: + middlewares: + my-middleware1: + enabled: true + type: plugin-real-ip + data: + excludednets: + - some-excluded-net + - some-other-excluded-net + asserts: + - documentIndex: &middlewareDoc 0 + equal: + path: spec + value: + plugin: + traefik-real-ip: + excludednets: + - some-excluded-net + - some-other-excluded-net + + - it: should pass with pluginName set + set: + middlewares: + my-middleware1: + enabled: true + type: plugin-real-ip + data: + pluginName: traefik-real-ip-test + excludednets: + - some-excluded-net + - some-other-excluded-net + asserts: + - documentIndex: *middlewareDoc + equal: + path: spec + value: + plugin: + traefik-real-ip-test: + excludednets: + - some-excluded-net + - some-other-excluded-net + + - it: should fail with missing excludednets + set: + middlewares: + my-middleware1: + enabled: true + type: plugin-real-ip + data: + foo: bar + asserts: + - failedTemplate: + errorMessage: Middleware (real-ip) - Expected [excludednets] to be set diff --git a/charts/library/common-test/tests/traefik/middleware_pluginRewriteResponseHeaders_test.yaml b/charts/library/common-test/tests/traefik/middleware_pluginRewriteResponseHeaders_test.yaml new file mode 100644 index 00000000000..93c3d91fd47 --- /dev/null +++ b/charts/library/common-test/tests/traefik/middleware_pluginRewriteResponseHeaders_test.yaml @@ -0,0 +1,125 @@ +suite: plugin-rewrite-response-headers middleware test +templates: + - common.yaml +release: + name: test-release-name + namespace: test-release-namespace +tests: + - it: should pass with all set + set: + middlewares: + my-middleware1: + enabled: true + type: plugin-rewrite-response-headers + data: + rewrites: + - header: some-header + regex: some-regex + replacement: some-replacement + - header: some-other-header + regex: some-other-regex + replacement: some-other-replacement + asserts: + - documentIndex: &middlewareDoc 0 + equal: + path: spec + value: + plugin: + rewriteResponseHeaders: + rewrites: + - header: some-header + regex: some-regex + replacement: some-replacement + - header: some-other-header + regex: some-other-regex + replacement: some-other-replacement + + - it: should pass with pluginName set + set: + middlewares: + my-middleware1: + enabled: true + type: plugin-rewrite-response-headers + data: + pluginName: traefik-rewrite-response-headers-test + rewrites: + - header: some-header + regex: some-regex + replacement: some-replacement + asserts: + - documentIndex: *middlewareDoc + equal: + path: spec + value: + plugin: + traefik-rewrite-response-headers-test: + rewrites: + - header: some-header + regex: some-regex + replacement: some-replacement + + - it: should fail with missing header + set: + middlewares: + my-middleware1: + enabled: true + type: plugin-rewrite-response-headers + data: + rewrites: + - regex: some-regex + replacement: some-replacement + asserts: + - failedTemplate: + errorMessage: Middleware (rewrite-response-headers) - Expected [header] to be set for rewrite [0] + + - it: should fail with missing regex + set: + middlewares: + my-middleware1: + enabled: true + type: plugin-rewrite-response-headers + data: + rewrites: + - header: some-header + replacement: some-replacement + asserts: + - failedTemplate: + errorMessage: Middleware (rewrite-response-headers) - Expected [regex] to be set for rewrite [0] + + - it: should fail with missing replacement + set: + middlewares: + my-middleware1: + enabled: true + type: plugin-rewrite-response-headers + data: + rewrites: + - header: some-header + regex: some-regex + asserts: + - failedTemplate: + errorMessage: Middleware (rewrite-response-headers) - Expected [replacement] to be set for rewrite [0] + + - it: should fail with missing rewrites + set: + middlewares: + my-middleware1: + enabled: true + type: plugin-rewrite-response-headers + data: + foo: bar + asserts: + - failedTemplate: + errorMessage: Middleware (rewrite-response-headers) - Expected [rewrites] to be set + + - it: should fail with invalid rewrites + set: + middlewares: + my-middleware1: + enabled: true + type: plugin-rewrite-response-headers + data: + rewrites: some-value + asserts: + - failedTemplate: + errorMessage: Middleware (rewrite-response-headers) - Expected [rewrites] to be a list, but got [string] diff --git a/charts/library/common-test/tests/traefik/middleware_pluginThemePark_test.yaml b/charts/library/common-test/tests/traefik/middleware_pluginThemePark_test.yaml new file mode 100644 index 00000000000..deaad41d96e --- /dev/null +++ b/charts/library/common-test/tests/traefik/middleware_pluginThemePark_test.yaml @@ -0,0 +1,77 @@ +suite: plugin-theme-park middleware test +templates: + - common.yaml +release: + name: test-release-name + namespace: test-release-namespace +tests: + - it: should pass with all set + set: + middlewares: + my-middleware1: + enabled: true + type: plugin-theme-park + data: + app: sonarr + theme: dark + baseUrl: https://example.com + addons: + - some-addon + - some-other-addon + asserts: + - documentIndex: &middlewareDoc 0 + equal: + path: spec + value: + plugin: + traefik-themepark: + app: sonarr + theme: dark + baseUrl: https://example.com + addons: + - some-addon + - some-other-addon + + - it: should pass with pluginName set + set: + middlewares: + my-middleware1: + enabled: true + type: plugin-theme-park + data: + app: sonarr + theme: dark + pluginName: traefik-themepark-test + asserts: + - documentIndex: *middlewareDoc + equal: + path: spec + value: + plugin: + traefik-themepark-test: + app: sonarr + theme: dark + + - it: should fail with missing app + set: + middlewares: + my-middleware1: + enabled: true + type: plugin-theme-park + data: + theme: dark + asserts: + - failedTemplate: + errorMessage: Middleware (themepark) - Expected [app] to be set + + - it: should fail with missing theme + set: + middlewares: + my-middleware1: + enabled: true + type: plugin-theme-park + data: + app: sonarr + asserts: + - failedTemplate: + errorMessage: Middleware (themepark) - Expected [theme] to be set diff --git a/charts/library/common-test/tests/traefik/middleware_rateLimit_test.yaml b/charts/library/common-test/tests/traefik/middleware_rateLimit_test.yaml new file mode 100644 index 00000000000..43732c1cd25 --- /dev/null +++ b/charts/library/common-test/tests/traefik/middleware_rateLimit_test.yaml @@ -0,0 +1,35 @@ +suite: compress middleware test +templates: + - common.yaml +release: + name: test-release-name + namespace: test-release-namespace +tests: + - it: should pass with all set + set: + middlewares: + my-middleware1: + enabled: true + type: rate-limit + data: + average: 1000 + burst: 2000 + asserts: + - documentIndex: &middlewareDoc 0 + equal: + path: spec + value: + rateLimit: + average: 1000 + burst: 2000 + - it: should fail with missing average and burst + set: + middlewares: + my-middleware1: + enabled: true + type: rate-limit + data: + foo: bar + asserts: + - failedTemplate: + errorMessage: Middleware (rate-limit) - Expected either [average] or [burst] to be set diff --git a/charts/library/common-test/tests/traefik/middleware_redirectRegex_test.yaml b/charts/library/common-test/tests/traefik/middleware_redirectRegex_test.yaml new file mode 100644 index 00000000000..e99004aa1c4 --- /dev/null +++ b/charts/library/common-test/tests/traefik/middleware_redirectRegex_test.yaml @@ -0,0 +1,69 @@ +suite: redirectRegex middleware test +templates: + - common.yaml +release: + name: test-release-name + namespace: test-release-namespace +tests: + - it: should pass with all set + set: + middlewares: + my-middleware1: + enabled: true + type: redirect-regex + data: + regex: some-regex + replacement: some-replacement + permanent: true + asserts: + - documentIndex: &middlewareDoc 0 + isKind: + of: Middleware + - documentIndex: *middlewareDoc + equal: + path: spec + value: + redirectRegex: + regex: some-regex + replacement: some-replacement + permanent: true + + - it: should fail with missing regex + set: + middlewares: + my-middleware1: + enabled: true + type: redirect-regex + data: + replacement: some-replacement + permanent: true + asserts: + - failedTemplate: + errorMessage: Middleware (redirect-regex) - Expected [regex] to be set + + - it: should fail with missing replacement + set: + middlewares: + my-middleware1: + enabled: true + type: redirect-regex + data: + regex: some-regex + permanent: true + asserts: + - failedTemplate: + errorMessage: Middleware (redirect-regex) - Expected [replacement] to be set + + - it: should fail with invalid permanent + set: + middlewares: + my-middleware1: + enabled: true + type: redirect-regex + data: + regex: some-regex + replacement: some-replacement + permanent: some-value + asserts: + - failedTemplate: + errorMessage: Middleware (redirect-regex) - Expected [permanent] to be a boolean, but got [string] diff --git a/charts/library/common-test/tests/traefik/middleware_redirectScheme_test.yaml b/charts/library/common-test/tests/traefik/middleware_redirectScheme_test.yaml new file mode 100644 index 00000000000..80d8696d927 --- /dev/null +++ b/charts/library/common-test/tests/traefik/middleware_redirectScheme_test.yaml @@ -0,0 +1,52 @@ +suite: redirectScheme middleware test +templates: + - common.yaml +release: + name: test-release-name + namespace: test-release-namespace +tests: + - it: should pass with all set + set: + middlewares: + my-middleware1: + enabled: true + type: redirect-scheme + data: + scheme: https + permanent: true + asserts: + - documentIndex: &middlewareDoc 0 + isKind: + of: Middleware + - documentIndex: *middlewareDoc + equal: + path: spec + value: + redirectScheme: + scheme: https + permanent: true + + - it: should fail with missing scheme + set: + middlewares: + my-middleware1: + enabled: true + type: redirect-scheme + data: + permanent: true + asserts: + - failedTemplate: + errorMessage: Middleware (redirect-scheme) - Expected [scheme] to be set + + - it: should fail with invalid permanent + set: + middlewares: + my-middleware1: + enabled: true + type: redirect-scheme + data: + scheme: https + permanent: some-value + asserts: + - failedTemplate: + errorMessage: Middleware (redirect-scheme) - Expected [permanent] to be a boolean, but got [string] diff --git a/charts/library/common-test/tests/traefik/middleware_replacePathRegex_test.yaml b/charts/library/common-test/tests/traefik/middleware_replacePathRegex_test.yaml new file mode 100644 index 00000000000..97127272f83 --- /dev/null +++ b/charts/library/common-test/tests/traefik/middleware_replacePathRegex_test.yaml @@ -0,0 +1,51 @@ +suite: replacePathRegex middleware test +templates: + - common.yaml +release: + name: test-release-name + namespace: test-release-namespace +tests: + - it: should pass with all set + set: + middlewares: + my-middleware1: + enabled: true + type: replace-path-regex + data: + regex: /some-path + replacement: /some-replacement + asserts: + - documentIndex: &middlewareDoc 0 + isKind: + of: Middleware + - documentIndex: *middlewareDoc + equal: + path: spec + value: + replacePathRegex: + regex: /some-path + replacement: /some-replacement + + - it: should fail with missing regex + set: + middlewares: + my-middleware1: + enabled: true + type: replace-path-regex + data: + replacement: /some-replacement + asserts: + - failedTemplate: + errorMessage: Middleware (replace-path-regex) - Expected [regex] to be set + + - it: should fail with missing replacement + set: + middlewares: + my-middleware1: + enabled: true + type: replace-path-regex + data: + regex: /some-path + asserts: + - failedTemplate: + errorMessage: Middleware (replace-path-regex) - Expected [replacement] to be set diff --git a/charts/library/common-test/tests/traefik/middleware_replacePath_test.yaml b/charts/library/common-test/tests/traefik/middleware_replacePath_test.yaml new file mode 100644 index 00000000000..319d6eaaf1c --- /dev/null +++ b/charts/library/common-test/tests/traefik/middleware_replacePath_test.yaml @@ -0,0 +1,37 @@ +suite: replacePath middleware test +templates: + - common.yaml +release: + name: test-release-name + namespace: test-release-namespace +tests: + - it: should pass with all set + set: + middlewares: + my-middleware1: + enabled: true + type: replace-path + data: + path: /some-path + asserts: + - documentIndex: &middlewareDoc 0 + isKind: + of: Middleware + - documentIndex: *middlewareDoc + equal: + path: spec + value: + replacePath: + path: /some-path + + - it: should fail with missing path + set: + middlewares: + my-middleware1: + enabled: true + type: replace-path + data: + foo: bar + asserts: + - failedTemplate: + errorMessage: Middleware (replace-path) - Expected [path] to be set diff --git a/charts/library/common-test/tests/traefik/middleware_retry_test.yaml b/charts/library/common-test/tests/traefik/middleware_retry_test.yaml new file mode 100644 index 00000000000..89e194fddfa --- /dev/null +++ b/charts/library/common-test/tests/traefik/middleware_retry_test.yaml @@ -0,0 +1,39 @@ +suite: retry middleware test +templates: + - common.yaml +release: + name: test-release-name + namespace: test-release-namespace +tests: + - it: should pass with all set + set: + middlewares: + my-middleware1: + enabled: true + type: retry + data: + attempts: 3 + initialInterval: 1000 + asserts: + - documentIndex: &middlewareDoc 0 + isKind: + of: Middleware + - documentIndex: *middlewareDoc + equal: + path: spec + value: + retry: + attempts: 3 + initialInterval: 1000 + + - it: should fail with missing attempts + set: + middlewares: + my-middleware1: + enabled: true + type: retry + data: + foo: bar + asserts: + - failedTemplate: + errorMessage: Middleware (retry) - Expected [attempts] to be set diff --git a/charts/library/common-test/tests/traefik/middleware_stripPrefix.yaml b/charts/library/common-test/tests/traefik/middleware_stripPrefix.yaml new file mode 100644 index 00000000000..bb0117c7881 --- /dev/null +++ b/charts/library/common-test/tests/traefik/middleware_stripPrefix.yaml @@ -0,0 +1,57 @@ +suite: stripPrefix middleware test +templates: + - common.yaml +release: + name: test-release-name + namespace: test-release-namespace +tests: + - it: should pass with all set + set: + middlewares: + my-middleware1: + enabled: true + type: strip-prefix + data: + forceSlash: true + prefix: + - /some-prefix + - /some-other-prefix + asserts: + - documentIndex: &middlewareDoc 0 + isKind: + of: Middleware + - documentIndex: *middlewareDoc + equal: + path: spec + value: + stripPrefix: + forceSlash: true + prefix: + - /some-prefix + - /some-other-prefix + + - it: should fail with missing prefix + set: + middlewares: + my-middleware1: + enabled: true + type: strip-prefix + data: + prefix: [] + asserts: + - failedTemplate: + errorMessage: Middleware (strip-prefix) - Expected [prefix] to be set + + - it: should fail with invalid forceSlash + set: + middlewares: + my-middleware1: + enabled: true + type: strip-prefix + data: + prefix: + - /some-prefix + forceSlash: some-value + asserts: + - failedTemplate: + errorMessage: Middleware (strip-prefix) - Expected [forceSlash] to be a boolean, but got [string] diff --git a/charts/library/common-test/tests/traefik/middleware_stripPrefixRegex_test.yaml b/charts/library/common-test/tests/traefik/middleware_stripPrefixRegex_test.yaml new file mode 100644 index 00000000000..eb6729060de --- /dev/null +++ b/charts/library/common-test/tests/traefik/middleware_stripPrefixRegex_test.yaml @@ -0,0 +1,41 @@ +suite: stripPrefixRegex middleware test +templates: + - common.yaml +release: + name: test-release-name + namespace: test-release-namespace +tests: + - it: should pass with all set + set: + middlewares: + my-middleware1: + enabled: true + type: strip-prefix-regex + data: + regex: + - some-regex + - some-other-regex + asserts: + - documentIndex: &middlewareDoc 0 + isKind: + of: Middleware + - documentIndex: *middlewareDoc + equal: + path: spec + value: + stripPrefixRegex: + regex: + - some-regex + - some-other-regex + + - it: should fail with missing regex + set: + middlewares: + my-middleware1: + enabled: true + type: strip-prefix-regex + data: + regex: [] + asserts: + - failedTemplate: + errorMessage: Middleware (strip-prefix-regex) - Expected [regex] to be set diff --git a/charts/library/common-test/tests/traefik/name_test.yaml b/charts/library/common-test/tests/traefik/name_test.yaml new file mode 100644 index 00000000000..ae827842a03 --- /dev/null +++ b/charts/library/common-test/tests/traefik/name_test.yaml @@ -0,0 +1,57 @@ +suite: middleware name test +templates: + - common.yaml +release: + name: test-release-name + namespace: test-release-namespace +tests: + - it: should generate correct name + set: + middlewares: + my-middleware1: + enabled: true + type: buffering + data: + foo: bar + my-middleware2: + enabled: true + type: buffering + data: + foo: bar + my-middleware3: + enabled: true + type: buffering + expandObjectName: false + data: + foo: bar + asserts: + - documentIndex: &middlewareDoc 0 + isKind: + of: Middleware + - documentIndex: *middlewareDoc + isAPIVersion: + of: traefik.io/v1alpha1 + - documentIndex: *middlewareDoc + equal: + path: metadata.name + value: test-release-name-common-test-my-middleware1 + - documentIndex: &otherMiddlewareDoc 1 + isKind: + of: Middleware + - documentIndex: *otherMiddlewareDoc + isAPIVersion: + of: traefik.io/v1alpha1 + - documentIndex: *otherMiddlewareDoc + equal: + path: metadata.name + value: test-release-name-common-test-my-middleware2 + - documentIndex: &otherMiddlewareDoc2 2 + isKind: + of: Middleware + - documentIndex: *otherMiddlewareDoc2 + isAPIVersion: + of: traefik.io/v1alpha1 + - documentIndex: *otherMiddlewareDoc2 + equal: + path: metadata.name + value: my-middleware3 diff --git a/charts/library/common-test/tests/traefik/validation_test.yaml b/charts/library/common-test/tests/traefik/validation_test.yaml new file mode 100644 index 00000000000..396a8ba8ae1 --- /dev/null +++ b/charts/library/common-test/tests/traefik/validation_test.yaml @@ -0,0 +1,103 @@ +suite: middleware validation test +templates: + - common.yaml +release: + name: test-release-name + namespace: test-release-namespace +tests: + - it: should fail with name longer than 253 characters + set: + middlewares: + ? my-middleware-super-long-name-that-is-longer-than-253-characters-my-middleware-super-long-name-that-is-longer-than-253-characters-my-middleware-super-long-name-that-is-longer-than-253-characters-my-middleware-super-long-long-long-long-long-long-long-long-name + : enabled: true + type: buffering + data: + foo: bar + asserts: + - failedTemplate: + errorMessage: Name [test-release-name-common-test-my-middleware-super-long-name-that-is-longer-than-253-characters-my-middleware-super-long-name-that-is-longer-than-253-characters-my-middleware-super-long-name-that-is-longer-than-253-characters-my-middleware-super-long-long-long-long-long-long-long-long-name] is not valid. Must start and end with an alphanumeric lowercase character. It can contain '-'. And must be at most 253 characters. + + - it: should fail with name starting with underscore + set: + middlewares: + _my-middleware: + enabled: true + type: buffering + data: + foo: bar + asserts: + - failedTemplate: + errorMessage: Name [test-release-name-common-test-_my-middleware] is not valid. Must start and end with an alphanumeric lowercase character. It can contain '-'. And must be at most 253 characters. + + - it: should fail with namespace longer than 63 characters + set: + middlewares: + my-middleware: + enabled: true + type: buffering + namespace: my-extra-super-duper-long-name-that-is-longer-than-63-characters + data: + foo: bar + asserts: + - failedTemplate: + errorMessage: Middleware - Namespace [my-extra-super-duper-long-name-that-is-longer-than-63-characters] is not valid. Must start and end with an alphanumeric lowercase character. It can contain '-'. And must be at most 63 characters. + + - it: should fail with labels not a dict + set: + middlewares: + my-middleware: + enabled: true + type: buffering + labels: "not a dict" + data: + foo: bar + asserts: + - failedTemplate: + errorMessage: Middleware - Expected [labels] to be a dictionary, but got [string] + + - it: should fail with annotations not a dict + set: + middlewares: + my-middleware: + enabled: true + type: buffering + annotations: "not a dict" + data: + foo: bar + asserts: + - failedTemplate: + errorMessage: Middleware - Expected [annotations] to be a dictionary, but got [string] + + - it: should fail with data not a dict + set: + middlewares: + my-middleware: + enabled: true + type: buffering + data: "not a dict" + asserts: + - failedTemplate: + errorMessage: Middleware - Expected [data] to be a dictionary, but got [string] + + - it: should fail with empty enabled + set: + middlewares: + my-middleware: + enabled: + data: + foo: bar + asserts: + - failedTemplate: + errorMessage: Middleware - Expected the defined key [enabled] in [middlewares.my-middleware] to not be empty + + - it: should fail with empty type + set: + middlewares: + my-middleware: + enabled: true + type: + data: + foo: bar + asserts: + - failedTemplate: + errorMessage: Middleware - Expected [type] to be set diff --git a/charts/library/common/Chart.yaml b/charts/library/common/Chart.yaml index 1663f337084..fb2550671f8 100644 --- a/charts/library/common/Chart.yaml +++ b/charts/library/common/Chart.yaml @@ -48,4 +48,4 @@ sources: - https://hub.docker.com/_/ - https://hub.docker.com/r/mikefarah/yq type: library -version: 25.3.1 +version: 25.4.0 diff --git a/charts/library/common/templates/class/traefik-middleware/_middleware.tpl b/charts/library/common/templates/class/traefik-middleware/_middleware.tpl new file mode 100644 index 00000000000..1ec5b6d4b07 --- /dev/null +++ b/charts/library/common/templates/class/traefik-middleware/_middleware.tpl @@ -0,0 +1,46 @@ +{{/* Traefik Middleware Class */}} +{{/* Call this template: +{{ include "tc.v1.common.class.traefik.middleware" (dict "rootCtx" $ "objectData" $objectData) }} + +rootCtx: The root context of the chart. +objectData: + name: The name of the middleware. + labels: The labels of the middleware. + annotations: The annotations of the middleware. + data: The data of the middleware. + namespace: The namespace of the middleware. (Optional) +*/}} + +{{- define "tc.v1.common.class.traefik.middleware" -}} + + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- $typeClassMap := (include "tc.v1.common.lib.traefik.middlewares.map" $) | fromJson -}} + + {{- if not (hasKey $typeClassMap $objectData.type) -}} + {{- fail (printf "Traefik - Middleware [%s] is not supported. Supported middlewares are [%s]" $objectData.type (keys $typeClassMap | join ", ")) -}} + {{- end }} +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ $objectData.name }} + namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Middleware") }} + {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} + labels: + {{- . | nindent 4 }} + {{- end -}} + {{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }} + annotations: + {{- . | nindent 4 }} + {{- end }} +spec: + {{- /* + Nothing goes after the include, each middleware can also render other manifests. + For the same reason indentation must be handled by each middleware. + */ -}} + {{- include (get $typeClassMap $objectData.type) (dict "rootCtx" $rootCtx "objectData" $objectData) -}} +{{- end -}} diff --git a/charts/library/common/templates/lib/traefik/_middlewares.tpl b/charts/library/common/templates/lib/traefik/_middlewares.tpl new file mode 100644 index 00000000000..d9479d47d86 --- /dev/null +++ b/charts/library/common/templates/lib/traefik/_middlewares.tpl @@ -0,0 +1,58 @@ +{{- define "tc.v1.common.lib.traefik.middlewares.map" -}} + {{- $typeClassMap := dict + "add-prefix" "tc.v1.common.class.traefik.middleware.addPrefix" + "basic-auth" "tc.v1.common.class.traefik.middleware.basicAuth" + "buffering" "tc.v1.common.class.traefik.middleware.buffering" + "chain" "tc.v1.common.class.traefik.middleware.chain" + "compress" "tc.v1.common.class.traefik.middleware.compress" + "content-type" "tc.v1.common.class.traefik.middleware.contentType" + "forward-auth" "tc.v1.common.class.traefik.middleware.forwardAuth" + "headers" "tc.v1.common.class.traefik.middleware.headers" + "ip-allow-list" "tc.v1.common.class.traefik.middleware.ipAllowList" + "rate-limit" "tc.v1.common.class.traefik.middleware.rateLimit" + "redirect-regex" "tc.v1.common.class.traefik.middleware.redirectRegex" + "redirect-scheme" "tc.v1.common.class.traefik.middleware.redirectScheme" + "replace-path" "tc.v1.common.class.traefik.middleware.replacePath" + "replace-path-regex" "tc.v1.common.class.traefik.middleware.replacePathRegex" + "retry" "tc.v1.common.class.traefik.middleware.retry" + "strip-prefix" "tc.v1.common.class.traefik.middleware.stripPrefix" + "strip-prefix-regex" "tc.v1.common.class.traefik.middleware.stripPrefixRegex" + + "plugin-bouncer" "tc.v1.common.class.traefik.middleware.pluginBouncer" + "plugin-geoblock" "tc.v1.common.class.traefik.middleware.pluginGeoblock" + "plugin-mod-security" "tc.v1.common.class.traefik.middleware.pluginModSecurity" + "plugin-real-ip" "tc.v1.common.class.traefik.middleware.pluginRealIP" + "plugin-rewrite-response-headers" "tc.v1.common.class.traefik.middleware.pluginRewriteResponseHeaders" + "plugin-theme-park" "tc.v1.common.class.traefik.middleware.pluginThemePark" + -}} + + {{- $typeClassMap | toJson -}} +{{- end -}} + +{{/* Only render if its not and has a value of 0 or greater */}} +{{- define "tc.v1.common.class.traefik.middleware.helper.int" -}} + {{- $key := .key -}} + {{- $value := .value -}} + + {{- if and (not (kindIs "invalid" $value)) (ge ($value | int) 0) -}} + {{- $key }}: {{ $value }} + {{- end -}} +{{- end -}} + +{{- define "tc.v1.common.class.traefik.middleware.helper.bool" -}} + {{- $key := .key -}} + {{- $value := .value | toString -}} + + {{- if or (eq $value "true") (eq $value "false") -}} + {{- $key }}: {{ $value }} + {{- end -}} +{{- end -}} + +{{- define "tc.v1.common.class.traefik.middleware.helper.string" -}} + {{- $key := .key -}} + {{- $value := .value | toString -}} + + {{- if and $value (ne $value "") -}} + {{- $key }}: {{ $value | quote }} + {{- end -}} +{{- end -}} diff --git a/charts/library/common/templates/lib/traefik/_validation.tpl b/charts/library/common/templates/lib/traefik/_validation.tpl new file mode 100644 index 00000000000..04426632399 --- /dev/null +++ b/charts/library/common/templates/lib/traefik/_validation.tpl @@ -0,0 +1,23 @@ +{{/* Middleware Validation */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.traefik.middleware.validation" (dict "objectData" $objectData) -}} +objectData: + labels: The labels of the middleware. + annotations: The annotations of the middleware. + data: The data of the middleware. +*/}} + +{{- define "tc.v1.common.lib.traefik.middleware.validation" -}} + {{- $objectData := .objectData -}} + + {{- if not $objectData.type -}} + {{- fail "Middleware - Expected [type] to be set" -}} + {{- end -}} + + {{- if $objectData.data -}} + {{- if not (kindIs "map" $objectData.data) -}} + {{- fail (printf "Middleware - Expected [data] to be a dictionary, but got [%v]" (kindOf $objectData.data)) -}} + {{- end -}} + {{- end -}} + +{{- end -}} diff --git a/charts/library/common/templates/lib/traefik/middlewares/_addPrefix.tpl b/charts/library/common/templates/lib/traefik/middlewares/_addPrefix.tpl new file mode 100644 index 00000000000..61e84808457 --- /dev/null +++ b/charts/library/common/templates/lib/traefik/middlewares/_addPrefix.tpl @@ -0,0 +1,12 @@ +{{- define "tc.v1.common.class.traefik.middleware.addPrefix" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $mw := $objectData.data -}} + + {{- if not $mw.prefix -}} + {{- fail "Middleware (add-prefix) - Expected [prefix] to be set" -}} + {{- end }} + addPrefix: + prefix: {{ $mw.prefix }} +{{- end -}} diff --git a/charts/library/common/templates/lib/traefik/middlewares/_basicAuth.tpl b/charts/library/common/templates/lib/traefik/middlewares/_basicAuth.tpl new file mode 100644 index 00000000000..a9352dff463 --- /dev/null +++ b/charts/library/common/templates/lib/traefik/middlewares/_basicAuth.tpl @@ -0,0 +1,35 @@ +{{- define "tc.v1.common.class.traefik.middleware.basicAuth" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $fullname := include "tc.v1.common.lib.chart.names.fullname" $rootCtx -}} + {{- $mw := $objectData.data -}} + + {{- $secret := $mw.secret | default "" -}} + {{- $users := list -}} + {{- $secretData := dict -}} + + {{- if and $mw.users $mw.secret -}} + {{- fail "Middleware (basic-auth) - Expected either [users] or [secret] to be set, but not both" -}} + {{- end -}} + {{- if and (not $mw.users) (not $mw.secret) -}} + {{- fail "Middleware (basic-auth) - Expected at least one of [users] or [secret] to be set" -}} + {{- end -}} + + {{- if $mw.users -}} + {{- $secret = $objectData.name -}} + {{- range $userData := $mw.users -}} + {{- $users = append $users (htpasswd $userData.username $userData.password) -}} + {{- end -}} + {{- $secretData = (dict + "name" $objectData.name + "labels" ($objectData.labels | default dict) + "annotations" ($objectData.annotations | default dict) + "data" (dict "users" ($users | join "\n"))) -}} + {{- end }} + basicAuth: + secret: {{ $secret }} +{{- if $secretData -}} + {{- include "tc.v1.common.class.secret" (dict "rootCtx" $rootCtx "objectData" $secretData) -}} +{{- end -}} +{{- end -}} diff --git a/charts/library/common/templates/lib/traefik/middlewares/_buffering.tpl b/charts/library/common/templates/lib/traefik/middlewares/_buffering.tpl new file mode 100644 index 00000000000..b56fbf3c6f6 --- /dev/null +++ b/charts/library/common/templates/lib/traefik/middlewares/_buffering.tpl @@ -0,0 +1,12 @@ +{{- define "tc.v1.common.class.traefik.middleware.buffering" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $mw := $objectData.data }} + buffering: + {{- include "tc.v1.common.class.traefik.middleware.helper.int" (dict "key" "maxRequestBodyBytes" "value" $mw.maxRequestBodyBytes) | nindent 4 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.int" (dict "key" "memRequestBodyBytes" "value" $mw.memRequestBodyBytes) | nindent 4 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.int" (dict "key" "maxResponseBodyBytes" "value" $mw.maxResponseBodyBytes) | nindent 4 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.int" (dict "key" "memResponseBodyBytes" "value" $mw.memResponseBodyBytes) | nindent 4 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "retryExpression" "value" $mw.retryExpression) | nindent 4 }} +{{- end -}} diff --git a/charts/library/common/templates/lib/traefik/middlewares/_chain.tpl b/charts/library/common/templates/lib/traefik/middlewares/_chain.tpl new file mode 100644 index 00000000000..a916691187f --- /dev/null +++ b/charts/library/common/templates/lib/traefik/middlewares/_chain.tpl @@ -0,0 +1,25 @@ +{{- define "tc.v1.common.class.traefik.middleware.chain" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $fullname := include "tc.v1.common.lib.chart.names.fullname" $rootCtx -}} + + {{- $mw := $objectData.data -}} + {{- if not $mw.middlewares -}} + {{- fail "Middleware (chain) - Expected [middlewares] to be set" -}} + {{- end }} + chain: + middlewares: + {{- range $m := $mw.middlewares -}} + {{- $objectName := $m.name -}} + {{- $expandName := (include "tc.v1.common.lib.util.expandName" (dict + "rootCtx" $ "objectData" $m "key" "middlewares" + "name" $objectName "caller" "Middleware (chain)" + )) -}} + + {{- if eq $expandName "true" -}} + {{- $objectName = (printf "%s-%s" $fullname $objectName) -}} + {{- end }} + - name: {{ $objectName }} + {{- end -}} +{{- end -}} diff --git a/charts/library/common/templates/lib/traefik/middlewares/_compress.tpl b/charts/library/common/templates/lib/traefik/middlewares/_compress.tpl new file mode 100644 index 00000000000..b908b83b057 --- /dev/null +++ b/charts/library/common/templates/lib/traefik/middlewares/_compress.tpl @@ -0,0 +1,7 @@ +{{- define "tc.v1.common.class.traefik.middleware.compress" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $mw := $objectData.data }} + compress: {} +{{- end -}} diff --git a/charts/library/common/templates/lib/traefik/middlewares/_contentType.tpl b/charts/library/common/templates/lib/traefik/middlewares/_contentType.tpl new file mode 100644 index 00000000000..da994bc7ff4 --- /dev/null +++ b/charts/library/common/templates/lib/traefik/middlewares/_contentType.tpl @@ -0,0 +1,7 @@ +{{- define "tc.v1.common.class.traefik.middleware.contentType" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $mw := $objectData.data }} + contentType: {} +{{- end -}} diff --git a/charts/library/common/templates/lib/traefik/middlewares/_forwardAuth.tpl b/charts/library/common/templates/lib/traefik/middlewares/_forwardAuth.tpl new file mode 100644 index 00000000000..1c79728dfb7 --- /dev/null +++ b/charts/library/common/templates/lib/traefik/middlewares/_forwardAuth.tpl @@ -0,0 +1,58 @@ +{{- define "tc.v1.common.class.traefik.middleware.forwardAuth" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $mw := $objectData.data -}} + + {{- if hasKey $mw "trustForwardHeader" -}} + {{- if not (kindIs "bool" $mw.trustForwardHeader) -}} + {{- fail (printf "Middleware (forward-auth) - Expected [trustForwardHeader] to be a boolean, but got [%s]" (kindOf $mw.trustForwardHeader)) -}} + {{- end -}} + {{- end -}} + + {{- if and $mw.tls (hasKey $mw.tls "insecureSkipVerify") -}} + {{- if not (kindIs "bool" $mw.tls.insecureSkipVerify) -}} + {{- fail (printf "Middleware (forward-auth) - Expected [tls.insecureSkipVerify] to be a boolean, but got [%s]" (kindOf $mw.tls.insecureSkipVerify)) -}} + {{- end -}} + {{- end -}} + + {{- if $mw.authResponseHeaders -}} + {{- if not (kindIs "slice" $mw.authResponseHeaders) -}} + {{- fail (printf "Middleware (forward-auth) - Expected [authResponseHeaders] to be a list, but got [%s]" (kindOf $mw.authResponseHeaders)) -}} + {{- end -}} + {{- end -}} + + {{- with $mw.authRequestHeaders -}} + {{- if not (kindIs "slice" $mw.authRequestHeaders) -}} + {{- fail (printf "Middleware (forward-auth) - Expected [authRequestHeaders] to be a list, but got [%s]" (kindOf $mw.authRequestHeaders)) -}} + {{- end -}} + {{- end -}} + + {{- if not $mw.address -}} + {{- fail "Middleware (forward-auth) - Expected [address] to be set" -}} + {{- end }} + forwardAuth: + address: {{ $mw.address }} + trustForwardHeader: {{ $mw.trustForwardHeader }} + + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "authResponseHeadersRegex" "value" $mw.authResponseHeadersRegex) | nindent 4 }} + + {{- if $mw.authResponseHeaders }} + authResponseHeaders: + {{- range $mw.authResponseHeaders }} + - {{ . | quote }} + {{- end }} + {{- end -}} + + {{- if $mw.authRequestHeaders }} + authRequestHeaders: + {{- range $mw.authRequestHeaders }} + - {{ . | quote }} + {{- end }} + {{- end -}} + + {{- if $mw.tls }} + tls: + insecureSkipVerify: {{ $mw.tls.insecureSkipVerify }} + {{- end -}} +{{- end -}} diff --git a/charts/library/common/templates/lib/traefik/middlewares/_headers.tpl b/charts/library/common/templates/lib/traefik/middlewares/_headers.tpl new file mode 100644 index 00000000000..a39b3b789b1 --- /dev/null +++ b/charts/library/common/templates/lib/traefik/middlewares/_headers.tpl @@ -0,0 +1,128 @@ +{{- define "tc.v1.common.class.traefik.middleware.headers" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $mw := $objectData.data }} + headers: + {{- if $mw.customRequestHeaders }} + customRequestHeaders: + {{- range $k, $v := $mw.customRequestHeaders }} + {{ $k }}: {{ $v }} + {{- end }} + {{- end -}} + + {{- if $mw.customResponseHeaders }} + customResponseHeaders: + {{- range $k, $v := $mw.customResponseHeaders }} + {{ $k }}: {{ $v }} + {{- end }} + {{- end -}} + + {{- if hasKey $mw "accessControlAllowCredentials" }} + accessControlAllowCredentials: {{ $mw.accessControlAllowCredentials }} + {{- end -}} + + {{- if $mw.accessControlAllowHeaders }} + accessControlAllowHeaders: + {{- range $mw.accessControlAllowHeaders }} + - {{ . | quote }} + {{- end }} + {{- end -}} + + {{- if $mw.accessControlAllowMethods }} + accessControlAllowMethods: + {{- range $mw.accessControlAllowMethods }} + - {{ . | quote }} + {{- end }} + {{- end -}} + + {{- if $mw.accessControlAllowOriginList }} + accessControlAllowOriginList: + {{- range $mw.accessControlAllowOriginList }} + - {{ . | quote }} + {{- end }} + {{- end -}} + + {{- if $mw.accessControlAllowOriginListRegex }} + accessControlAllowOriginListRegex: + {{- range $mw.accessControlAllowOriginListRegex }} + - {{ . | quote }} + {{- end }} + {{- end -}} + + {{- if $mw.accessControlExposeHeaders }} + accessControlExposeHeaders: + {{- range $mw.accessControlExposeHeaders }} + - {{ . | quote }} + {{- end }} + {{- end -}} + + {{- if $mw.accessControlMaxAge }} + accessControlMaxAge: {{ $mw.accessControlMaxAge }} + {{- end -}} + + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "addVaryHeader" "value" $mw.addVaryHeader) | nindent 4 }} + + {{- if $mw.allowedHosts }} + allowedHosts: + {{- range $mw.allowedHosts }} + - {{ . | quote }} + {{- end }} + {{- end -}} + + {{- if $mw.hostsProxyHeaders }} + hostsProxyHeaders: + {{- range $mw.hostsProxyHeaders }} + - {{ . | quote }} + {{- end }} + {{- end -}} + + {{- if $mw.sslProxyHeaders }} + sslProxyHeaders: + {{- range $k, $v := $mw.sslProxyHeaders }} + {{ $k }}: {{ $v }} + {{- end }} + {{- end -}} + + {{- if $mw.stsSeconds }} + stsSeconds: {{ $mw.stsSeconds }} + {{- end -}} + + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "stsIncludeSubdomains" "value" $mw.stsIncludeSubdomains) | nindent 4 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "stsPreload" "value" $mw.stsPreload) | nindent 4 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "forceSTSHeader" "value" $mw.forceSTSHeader) | nindent 4 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "frameDeny" "value" $mw.frameDeny) | nindent 4 }} + + {{- if $mw.customFrameOptionsValue }} + customFrameOptionsValue: {{ $mw.customFrameOptionsValue }} + {{- end -}} + + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "contentTypeNosniff" "value" $mw.contentTypeNosniff) | nindent 4 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "browserXssFilter" "value" $mw.browserXssFilter) | nindent 4 }} + + {{- if $mw.customBrowserXSSValue }} + customBrowserXSSValue: {{ $mw.customBrowserXSSValue }} + {{- end -}} + + {{- if $mw.contentSecurityPolicy }} + contentSecurityPolicy: {{ $mw.contentSecurityPolicy }} + {{- end -}} + + {{- if $mw.contentSecurityPolicyReportOnly }} + contentSecurityPolicyReportOnly: {{ $mw.contentSecurityPolicyReportOnly }} + {{- end -}} + + {{- if $mw.publicKey }} + publicKey: {{ $mw.publicKey }} + {{- end -}} + + {{- if $mw.referrerPolicy }} + referrerPolicy: {{ $mw.referrerPolicy }} + {{- end -}} + + {{- if $mw.permissionsPolicy }} + permissionsPolicy: {{ $mw.permissionsPolicy }} + {{- end -}} + + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "isDevelopment" "value" $mw.isDevelopment) | nindent 4 }} +{{- end -}} diff --git a/charts/library/common/templates/lib/traefik/middlewares/_ipAllowList.tpl b/charts/library/common/templates/lib/traefik/middlewares/_ipAllowList.tpl new file mode 100644 index 00000000000..ff7fba78d2b --- /dev/null +++ b/charts/library/common/templates/lib/traefik/middlewares/_ipAllowList.tpl @@ -0,0 +1,38 @@ +{{- define "tc.v1.common.class.traefik.middleware.ipAllowList" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $mw := $objectData.data -}} + + {{- if $mw.sourceRange -}} + {{- if not (kindIs "slice" $mw.sourceRange) -}} + {{- fail (printf "Middleware (ip-allow-list) - Expected [sourceRange] to be a list, but got [%s]" (kindOf $mw.sourceRange)) -}} + {{- end -}} + {{- end -}} + + {{- if $mw.ipStrategy -}} + {{- if $mw.ipStrategy.excludedIPs -}} + {{- if not (kindIs "slice" $mw.ipStrategy.excludedIPs) -}} + {{- fail (printf "Middleware (ip-allow-list) - Expected [ipStrategy.excludedIPs] to be a list, but got [%s]" (kindOf $mw.ipStrategy.excludedIPs)) -}} + {{- end -}} + {{- end -}} + {{- end }} + ipAllowList: + {{- if $mw.sourceRange }} + sourceRange: + {{- range $mw.sourceRange }} + - {{ . | quote }} + {{- end }} + {{- end -}} + + {{- if $mw.ipStrategy }} + ipStrategy: + {{- include "tc.v1.common.class.traefik.middleware.helper.int" (dict "key" "depth" "value" $mw.ipStrategy.depth) | nindent 6 }} + {{- if $mw.ipStrategy.excludedIPs }} + excludedIPs: + {{- range $mw.ipStrategy.excludedIPs }} + - {{ . | quote }} + {{- end }} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/charts/library/common/templates/lib/traefik/middlewares/_pluginBouncer.tpl b/charts/library/common/templates/lib/traefik/middlewares/_pluginBouncer.tpl new file mode 100644 index 00000000000..bcffed434af --- /dev/null +++ b/charts/library/common/templates/lib/traefik/middlewares/_pluginBouncer.tpl @@ -0,0 +1,70 @@ +{{- define "tc.v1.common.class.traefik.middleware.pluginBouncer" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $mw := $objectData.data -}} + + {{/* This has to match with the name of the plugin given on the traefik CLI */}} + {{- $mwName := "bouncer" -}} + {{- if $mw.pluginName -}} + {{- $mwName = $mw.pluginName -}} + {{- end -}} + {{- if not (hasKey $mw "enabled") -}} + {{- fail "Middleware (plugin-bouncer) - Expected [enabled] to be set" -}} + {{- end -}} + {{- if not (kindIs "bool" $mw.enabled) -}} + {{- fail (printf "Middleware (plugin-bouncer) - Expected [enabled] to be a boolean, but got [%s]" (kindOf $mw.enabled)) -}} + {{- end }} + plugin: + {{ $mwName }}: + enabled: {{ $mw.enabled }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "logLevel" "value" $mw.logLevel) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.int" (dict "key" "updateIntervalSeconds" "value" $mw.updateIntervalSeconds) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.int" (dict "key" "updateMaxFailure" "value" $mw.updateMaxFailure) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.int" (dict "key" "defaultDecisionSeconds" "value" $mw.defaultDecisionSeconds) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.int" (dict "key" "httpTimeoutSeconds" "value" $mw.httpTimeoutSeconds) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "crowdsecMode" "value" $mw.crowdsecMode) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "crowdsecAppsecEnabled" "value" $mw.crowdsecAppsecEnabled) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "crowdsecAppsecHost" "value" $mw.crowdsecAppsecHost) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "crowdsecAppsecFailureBlock" "value" $mw.crowdsecAppsecFailureBlock) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "crowdsecAppsecUnreachableBlock" "value" $mw.crowdsecAppsecUnreachableBlock) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "crowdsecLapiKey" "value" $mw.crowdsecLapiKey) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "crowdsecLapiHost" "value" $mw.crowdsecLapiHost) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "crowdsecLapiScheme" "value" $mw.crowdsecLapiScheme) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "crowdsecLapiTLSInsecureVerify" "value" $mw.crowdsecLapiTLSInsecureVerify) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "crowdsecCapiMachineId" "value" $mw.crowdsecCapiMachineId) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "crowdsecCapiPassword" "value" $mw.crowdsecCapiPassword) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "forwardedHeadersCustomName" "value" $mw.forwardedHeadersCustomName) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "remediationHeadersCustomName" "value" $mw.remediationHeadersCustomName) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "redisCacheEnabled" "value" $mw.redisCacheEnabled) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "redisCacheHost" "value" $mw.redisCacheHost) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "redisCachePassword" "value" $mw.redisCachePassword) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "redisCacheDatabase" "value" $mw.redisCacheDatabase) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "crowdsecLapiTLSCertificateAuthority" "value" $mw.crowdsecLapiTLSCertificateAuthority) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "crowdsecLapiTLSCertificateBouncer" "value" $mw.crowdsecLapiTLSCertificateBouncer) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "crowdsecLapiTLSCertificateBouncerKey" "value" $mw.crowdsecLapiTLSCertificateBouncerKey) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "captchaProvider" "value" $mw.captchaProvider) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "captchaSiteKey" "value" $mw.captchaSiteKey) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "captchaSecretKey" "value" $mw.captchaSecretKey) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.int" (dict "key" "captchaGracePeriodSeconds" "value" $mw.captchaGracePeriodSeconds) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "captchaHTMLFilePath" "value" $mw.captchaHTMLFilePath) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "banHTMLFilePath" "value" $mw.banHTMLFilePath) | nindent 6 }} + {{- if $mw.crowdsecCapiScenarios }} + crowdsecCapiScenarios: + {{- range $mw.crowdsecCapiScenarios }} + - {{ . | quote }} + {{- end }} + {{- end -}} + {{- if $mw.forwardedHeadersTrustedIPs }} + forwardedHeadersTrustedIPs: + {{- range $mw.forwardedHeadersTrustedIPs }} + - {{ . | quote }} + {{- end }} + {{- end -}} + {{- if $mw.clientTrustedIPs }} + clientTrustedIPs: + {{- range $mw.clientTrustedIPs }} + - {{ . | quote }} + {{- end }} + {{- end -}} +{{- end -}} diff --git a/charts/library/common/templates/lib/traefik/middlewares/_pluginGeoblock.tpl b/charts/library/common/templates/lib/traefik/middlewares/_pluginGeoblock.tpl new file mode 100644 index 00000000000..50cdbb6c197 --- /dev/null +++ b/charts/library/common/templates/lib/traefik/middlewares/_pluginGeoblock.tpl @@ -0,0 +1,37 @@ +{{- define "tc.v1.common.class.traefik.middleware.pluginGeoblock" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $mw := $objectData.data -}} + + {{/* This has to match with the name of the plugin given on the traefik CLI */}} + {{- $mwName := "GeoBlock" -}} + {{- if $mw.pluginName -}} + {{- $mwName = $mw.pluginName -}} + {{- end -}} + {{- if not $mw.api -}} + {{- fail "Middleware (plugin-geoblock) - Expected [api] to be set" -}} + {{- end -}} + {{- if not $mw.countries -}} + {{- fail "Middleware (plugin-geoblock) - Expected [countries] to be set" -}} + {{- end }} + plugin: + {{ $mwName }}: + api: {{ $mw.api }} + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "allowLocalRequests" "value" $mw.allowLocalRequests) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "logLocalRequests" "value" $mw.logLocalRequests) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "logAllowedRequests" "value" $mw.logAllowedRequests) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "logApiRequests" "value" $mw.logApiRequests) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.int" (dict "key" "apiTimeoutMs" "value" $mw.apiTimeoutMs) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.int" (dict "key" "cacheSize" "value" $mw.cacheSize) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "forceMonthlyUpdate" "value" $mw.forceMonthlyUpdate) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "allowUnknownCountries" "value" $mw.allowUnknownCountries) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "unknownCountryApiResponse" "value" $mw.unknownCountryApiResponse) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "blackListMode" "value" $mw.blackListMode) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "silentStartUp" "value" $mw.silentStartUp) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "addCountryHeader" "value" $mw.addCountryHeader) | nindent 6 }} + countries: + {{- range $mw.countries }} + - {{ . | quote }} + {{- end }} +{{- end -}} diff --git a/charts/library/common/templates/lib/traefik/middlewares/_pluginModSecurity.tpl b/charts/library/common/templates/lib/traefik/middlewares/_pluginModSecurity.tpl new file mode 100644 index 00000000000..1e4aaa88feb --- /dev/null +++ b/charts/library/common/templates/lib/traefik/middlewares/_pluginModSecurity.tpl @@ -0,0 +1,21 @@ +{{- define "tc.v1.common.class.traefik.middleware.pluginModSecurity" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $mw := $objectData.data -}} + + {{/* This has to match with the name of the plugin given on the traefik CLI */}} + {{- $mwName := "traefik-modsecurity-plugin" -}} + {{- if $mw.pluginName -}} + {{- $mwName = $mw.pluginName -}} + {{- end -}} + + {{- if not $mw.modSecurityUrl -}} + {{- fail "Middleware (modsecurity) - Expected [modSecurityUrl] to be set" -}} + {{- end }} + plugin: + {{ $mwName }}: + modSecurityUrl: {{ $mw.modSecurityUrl }} + {{- include "tc.v1.common.class.traefik.middleware.helper.int" (dict "key" "timeoutMillis" "value" $mw.timeoutMillis) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.int" (dict "key" "maxBodySize" "value" $mw.maxBodySize) | nindent 6 }} +{{- end -}} diff --git a/charts/library/common/templates/lib/traefik/middlewares/_pluginRealIP.tpl b/charts/library/common/templates/lib/traefik/middlewares/_pluginRealIP.tpl new file mode 100644 index 00000000000..5f7bd7ececf --- /dev/null +++ b/charts/library/common/templates/lib/traefik/middlewares/_pluginRealIP.tpl @@ -0,0 +1,22 @@ +{{- define "tc.v1.common.class.traefik.middleware.pluginRealIP" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $mw := $objectData.data -}} + + {{/* This has to match with the name of the plugin given on the traefik CLI */}} + {{- $mwName := "traefik-real-ip" -}} + {{- if $mw.pluginName -}} + {{- $mwName = $mw.pluginName -}} + {{- end -}} + + {{- if not $mw.excludednets -}} + {{- fail "Middleware (real-ip) - Expected [excludednets] to be set" -}} + {{- end }} + plugin: + {{ $mwName }}: + excludednets: + {{- range $mw.excludednets }} + - {{ . | quote }} + {{- end }} +{{- end -}} diff --git a/charts/library/common/templates/lib/traefik/middlewares/_pluginRewriteResponseHeaders.tpl b/charts/library/common/templates/lib/traefik/middlewares/_pluginRewriteResponseHeaders.tpl new file mode 100644 index 00000000000..be82a998004 --- /dev/null +++ b/charts/library/common/templates/lib/traefik/middlewares/_pluginRewriteResponseHeaders.tpl @@ -0,0 +1,40 @@ +{{- define "tc.v1.common.class.traefik.middleware.pluginRewriteResponseHeaders" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $mw := $objectData.data -}} + + {{/* This has to match with the name of the plugin given on the traefik CLI */}} + {{- $mwName := "rewriteResponseHeaders" -}} + {{- if $mw.pluginName -}} + {{- $mwName = $mw.pluginName -}} + {{- end -}} + + {{- if not $mw.rewrites -}} + {{- fail "Middleware (rewrite-response-headers) - Expected [rewrites] to be set" -}} + {{- end }} + + {{- if not (kindIs "slice" $mw.rewrites) -}} + {{- fail (printf "Middleware (rewrite-response-headers) - Expected [rewrites] to be a list, but got [%s]" (kindOf $mw.rewrites)) -}} + {{- end }} + + {{- range $index, $config := $mw.rewrites -}} + {{- if not $config.header -}} + {{- fail (printf "Middleware (rewrite-response-headers) - Expected [header] to be set for rewrite [%v]" $index) -}} + {{- end -}} + {{- if not $config.regex -}} + {{- fail (printf "Middleware (rewrite-response-headers) - Expected [regex] to be set for rewrite [%v]" $index) -}} + {{- end -}} + {{- if not $config.replacement -}} + {{- fail (printf "Middleware (rewrite-response-headers) - Expected [replacement] to be set for rewrite [%v]" $index) -}} + {{- end -}} + {{- end }} + plugin: + {{ $mwName }}: + rewrites: + {{- range $index, $rewriteResponseHeader := $mw.rewrites }} + - header: {{ $rewriteResponseHeader.header }} + regex: {{ $rewriteResponseHeader.regex | quote }} + replacement: {{ $rewriteResponseHeader.replacement | quote }} + {{- end }} +{{- end -}} diff --git a/charts/library/common/templates/lib/traefik/middlewares/_pluginThemePark.tpl b/charts/library/common/templates/lib/traefik/middlewares/_pluginThemePark.tpl new file mode 100644 index 00000000000..da3eee75e3c --- /dev/null +++ b/charts/library/common/templates/lib/traefik/middlewares/_pluginThemePark.tpl @@ -0,0 +1,30 @@ +{{- define "tc.v1.common.class.traefik.middleware.pluginThemePark" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $mw := $objectData.data -}} + + {{/* This has to match with the name of the plugin given on the traefik CLI */}} + {{- $mwName := "traefik-themepark" -}} + {{- if $mw.pluginName -}} + {{- $mwName = $mw.pluginName -}} + {{- end -}} + + {{- if not $mw.app -}} + {{- fail "Middleware (themepark) - Expected [app] to be set" -}} + {{- end -}} + {{- if not $mw.theme -}} + {{- fail "Middleware (themepark) - Expected [theme] to be set" -}} + {{- end }} + plugin: + {{ $mwName }}: + app: {{ $mw.app }} + theme: {{ $mw.theme }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "baseUrl" "value" $mw.baseUrl) | nindent 6 }} + {{- if $mw.addons }} + addons: + {{- range $mw.addons }} + - {{ . | quote }} + {{- end }} + {{- end -}} +{{- end -}} diff --git a/charts/library/common/templates/lib/traefik/middlewares/_rateLimit.tpl b/charts/library/common/templates/lib/traefik/middlewares/_rateLimit.tpl new file mode 100644 index 00000000000..5fad37d66f9 --- /dev/null +++ b/charts/library/common/templates/lib/traefik/middlewares/_rateLimit.tpl @@ -0,0 +1,13 @@ +{{- define "tc.v1.common.class.traefik.middleware.rateLimit" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $mw := $objectData.data -}} + + {{- if and (not $mw.average) (not $mw.burst) -}} + {{- fail "Middleware (rate-limit) - Expected either [average] or [burst] to be set" -}} + {{- end }} + rateLimit: + {{- include "tc.v1.common.class.traefik.middleware.helper.int" (dict "key" "average" "value" $mw.average) | nindent 4 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.int" (dict "key" "burst" "value" $mw.burst) | nindent 4 }} +{{- end -}} diff --git a/charts/library/common/templates/lib/traefik/middlewares/_redirectRegex.tpl b/charts/library/common/templates/lib/traefik/middlewares/_redirectRegex.tpl new file mode 100644 index 00000000000..cde75e705ab --- /dev/null +++ b/charts/library/common/templates/lib/traefik/middlewares/_redirectRegex.tpl @@ -0,0 +1,22 @@ +{{- define "tc.v1.common.class.traefik.middleware.redirectRegex" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $mw := $objectData.data -}} + {{- if not $mw.regex -}} + {{- fail "Middleware (redirect-regex) - Expected [regex] to be set" -}} + {{- end -}} + {{- if not $mw.replacement -}} + {{- fail "Middleware (redirect-regex) - Expected [replacement] to be set" -}} + {{- end -}} + + {{- if hasKey $mw "permanent" -}} + {{- if not (kindIs "bool" $mw.permanent) -}} + {{- fail (printf "Middleware (redirect-regex) - Expected [permanent] to be a boolean, but got [%s]" (kindOf $mw.permanent)) -}} + {{- end -}} + {{- end }} + redirectRegex: + regex: {{ $mw.regex }} + replacement: {{ $mw.replacement }} + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "permanent" "value" $mw.permanent) | nindent 4 }} +{{- end -}} diff --git a/charts/library/common/templates/lib/traefik/middlewares/_redirectScheme.tpl b/charts/library/common/templates/lib/traefik/middlewares/_redirectScheme.tpl new file mode 100644 index 00000000000..8f8a062a276 --- /dev/null +++ b/charts/library/common/templates/lib/traefik/middlewares/_redirectScheme.tpl @@ -0,0 +1,18 @@ +{{- define "tc.v1.common.class.traefik.middleware.redirectScheme" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $mw := $objectData.data -}} + {{- if not $mw.scheme -}} + {{- fail "Middleware (redirect-scheme) - Expected [scheme] to be set" -}} + {{- end -}} + + {{- if hasKey $mw "permanent" -}} + {{- if not (kindIs "bool" $mw.permanent) -}} + {{- fail (printf "Middleware (redirect-scheme) - Expected [permanent] to be a boolean, but got [%s]" (kindOf $mw.permanent)) -}} + {{- end -}} + {{- end }} + redirectScheme: + scheme: {{ $mw.scheme }} + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "permanent" "value" $mw.permanent) | nindent 4 }} +{{- end -}} diff --git a/charts/library/common/templates/lib/traefik/middlewares/_replacePath.tpl b/charts/library/common/templates/lib/traefik/middlewares/_replacePath.tpl new file mode 100644 index 00000000000..b7db73e2418 --- /dev/null +++ b/charts/library/common/templates/lib/traefik/middlewares/_replacePath.tpl @@ -0,0 +1,11 @@ +{{- define "tc.v1.common.class.traefik.middleware.replacePath" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $mw := $objectData.data -}} + {{- if not $mw.path -}} + {{- fail "Middleware (replace-path) - Expected [path] to be set" -}} + {{- end }} + replacePath: + path: {{ $mw.path }} +{{- end -}} diff --git a/charts/library/common/templates/lib/traefik/middlewares/_replacePathRegex.tpl b/charts/library/common/templates/lib/traefik/middlewares/_replacePathRegex.tpl new file mode 100644 index 00000000000..a2416b98cbe --- /dev/null +++ b/charts/library/common/templates/lib/traefik/middlewares/_replacePathRegex.tpl @@ -0,0 +1,15 @@ +{{- define "tc.v1.common.class.traefik.middleware.replacePathRegex" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $mw := $objectData.data -}} + {{- if not $mw.regex -}} + {{- fail "Middleware (replace-path-regex) - Expected [regex] to be set" -}} + {{- end -}} + {{- if not $mw.replacement -}} + {{- fail "Middleware (replace-path-regex) - Expected [replacement] to be set" -}} + {{- end }} + replacePathRegex: + regex: {{ $mw.regex }} + replacement: {{ $mw.replacement }} +{{- end -}} diff --git a/charts/library/common/templates/lib/traefik/middlewares/_retry.tpl b/charts/library/common/templates/lib/traefik/middlewares/_retry.tpl new file mode 100644 index 00000000000..76d8b580401 --- /dev/null +++ b/charts/library/common/templates/lib/traefik/middlewares/_retry.tpl @@ -0,0 +1,12 @@ +{{- define "tc.v1.common.class.traefik.middleware.retry" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $mw := $objectData.data -}} + {{- if not $mw.attempts -}} + {{- fail "Middleware (retry) - Expected [attempts] to be set" -}} + {{- end }} + retry: + attempts: {{ $mw.attempts }} + {{- include "tc.v1.common.class.traefik.middleware.helper.int" (dict "key" "initialInterval" "value" $mw.initialInterval) | nindent 4 }} +{{- end -}} diff --git a/charts/library/common/templates/lib/traefik/middlewares/_stripPrefix.tpl b/charts/library/common/templates/lib/traefik/middlewares/_stripPrefix.tpl new file mode 100644 index 00000000000..55a733ca598 --- /dev/null +++ b/charts/library/common/templates/lib/traefik/middlewares/_stripPrefix.tpl @@ -0,0 +1,21 @@ +{{- define "tc.v1.common.class.traefik.middleware.stripPrefix" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $mw := $objectData.data -}} + {{- if not $mw.prefix -}} + {{- fail "Middleware (strip-prefix) - Expected [prefix] to be set" -}} + {{- end -}} + + {{- if hasKey $mw "forceSlash" -}} + {{- if not (kindIs "bool" $mw.forceSlash) -}} + {{- fail (printf "Middleware (strip-prefix) - Expected [forceSlash] to be a boolean, but got [%s]" (kindOf $mw.forceSlash)) -}} + {{- end -}} + {{- end }} + stripPrefix: + prefix: + {{- range $mw.prefix }} + - {{ . | quote }} + {{- end -}} + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "forceSlash" "value" $mw.forceSlash) | nindent 4 }} +{{- end -}} diff --git a/charts/library/common/templates/lib/traefik/middlewares/_stripPrefixRegex.tpl b/charts/library/common/templates/lib/traefik/middlewares/_stripPrefixRegex.tpl new file mode 100644 index 00000000000..9d49959885f --- /dev/null +++ b/charts/library/common/templates/lib/traefik/middlewares/_stripPrefixRegex.tpl @@ -0,0 +1,14 @@ +{{- define "tc.v1.common.class.traefik.middleware.stripPrefixRegex" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $mw := $objectData.data -}} + {{- if not $mw.regex -}} + {{- fail "Middleware (strip-prefix-regex) - Expected [regex] to be set" -}} + {{- end }} + stripPrefixRegex: + regex: + {{- range $mw.regex }} + - {{ . | quote }} + {{- end -}} +{{- end -}} diff --git a/charts/library/common/templates/loader/_apply.tpl b/charts/library/common/templates/loader/_apply.tpl index b024475f283..9269a9bd2f6 100644 --- a/charts/library/common/templates/loader/_apply.tpl +++ b/charts/library/common/templates/loader/_apply.tpl @@ -46,6 +46,9 @@ {{/* Render volumeSnapshotClass(s) */}} {{- include "tc.v1.common.spawner.volumesnapshotclass" . | nindent 0 -}} + {{/* Render Middleware(s) */}} + {{- include "tc.v1.common.spawner.traefik.middleware" . | nindent 0 -}} + {{/* Render ingress(s) */}} {{- include "tc.v1.common.spawner.ingress" . | nindent 0 -}} diff --git a/charts/library/common/templates/spawner/traefik/_middleware.tpl b/charts/library/common/templates/spawner/traefik/_middleware.tpl new file mode 100644 index 00000000000..60d4addc740 --- /dev/null +++ b/charts/library/common/templates/spawner/traefik/_middleware.tpl @@ -0,0 +1,48 @@ +{{/* Traefik Middleware Spawner */}} +{{/* Call this template: +{{ include "tc.v1.common.spawner.configmap" $ -}} +*/}} + +{{- define "tc.v1.common.spawner.traefik.middleware" -}} + {{- $fullname := include "tc.v1.common.lib.chart.names.fullname" $ -}} + + {{- range $name, $middleware := .Values.middlewares -}} + + {{- $enabled := (include "tc.v1.common.lib.util.enabled" (dict + "rootCtx" $ "objectData" $middleware + "name" $name "caller" "Middleware" + "key" "middlewares")) -}} + + {{- if eq $enabled "true" -}} + + {{/* Create a copy of the middleware */}} + {{- $objectData := (mustDeepCopy $middleware) -}} + + {{- $objectName := $name -}} + + {{- $expandName := (include "tc.v1.common.lib.util.expandName" (dict + "rootCtx" $ "objectData" $objectData + "name" $name "caller" "Middleware" + "key" "middlewares")) -}} + + {{- if eq $expandName "true" -}} + {{- $objectName = (printf "%s-%s" $fullname $name) -}} + {{- end -}} + + {{/* Perform validations */}} {{/* Middleware have a max name length of 253 */}} + {{- include "tc.v1.common.lib.chart.names.validation" (dict "name" $objectName "length" 253) -}} + {{- include "tc.v1.common.lib.traefik.middleware.validation" (dict "objectData" $objectData) -}} + {{- include "tc.v1.common.lib.metadata.validation" (dict "objectData" $objectData "caller" "Middleware") -}} + + {{/* Set the name of the middleware */}} + {{- $_ := set $objectData "name" $objectName -}} + {{- $_ := set $objectData "shortName" $name -}} + + {{/* Call class to create the object */}} + {{- include "tc.v1.common.class.traefik.middleware" (dict "rootCtx" $ "objectData" $objectData) -}} + + {{- end -}} + + {{- end -}} + +{{- end -}} diff --git a/charts/library/common/values.yaml b/charts/library/common/values.yaml index c173002a879..6fadbd240ec 100644 --- a/charts/library/common/values.yaml +++ b/charts/library/common/values.yaml @@ -235,6 +235,20 @@ credentials: # ## Is used in cases where things are encrypted by a backup utility # encrKey: "" +middlewares: {} +# basic-auth: +# type: basicAuth +# data: +# # middleware specific data ie +# users: +# - username: user1 +# password: password1 +# some-other-middleware: +# type: someOtherMiddleware +# data: +# # middleware specific data ie +# someOtherMiddlewareData: someOtherMiddlewareData + # -- (docs/persistence/README.md) persistence: shared: diff --git a/containers/apps/traefik/Dockerfile b/containers/apps/traefik/Dockerfile index 74ad6b89bd0..9b245216def 100644 --- a/containers/apps/traefik/Dockerfile +++ b/containers/apps/traefik/Dockerfile @@ -10,7 +10,7 @@ FROM alpine:3.21.0@sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f8 # Theme Park ARG TC_PLUGIN_REPO_THEME_PARK=github.com/packruler/traefik-themepark -ARG TC_PLUGIN_VERSION_THEME_PARK_VERSION=v1.4.0 +ARG TC_PLUGIN_VERSION_THEME_PARK_VERSION=v1.4.2 # GeoBlock ARG TC_PLUGIN_REPO_GEOBLOCK=github.com/PascalMinder/geoblock ARG TC_PLUGIN_VERSION_GEOBLOCK_VERSION=v0.2.8 @@ -22,7 +22,7 @@ ARG TC_PLUGIN_REPO_MODSECURITY=github.com/acouvreur/traefik-modsecurity-plugin ARG TC_PLUGIN_VERSION_MODSECURITY_VERSION=v1.3.0 # Crowdsec ARG TC_PLUGIN_REPO_CROWDSEC_BOUNCER=github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin -ARG TC_PLUGIN_VERSION_CROWDSEC_BOUNCER_VERSION=v1.3.0 +ARG TC_PLUGIN_VERSION_CROWDSEC_BOUNCER_VERSION=v1.3.5 # RewriteResponseHeaders ARG TC_PLUGIN_REPO_REWRITERESPONSEHEADERS=github.com/XciD/traefik-plugin-rewrite-headers ARG TC_PLUGIN_VERSION_REWRITERESPONSEHEADERS_VERSION=v0.0.4 diff --git a/cspell.config.yaml b/cspell.config.yaml index 9cd0209b1d4..9f1bb56bdf2 100644 --- a/cspell.config.yaml +++ b/cspell.config.yaml @@ -1,15 +1,18 @@ -version: "0.2" words: - adguard - adlist - airsonic - akadmin - alertmanager + - alfi - aliasgroup - allowtransparency - apitoken - appname - appnamehere + - archivebox + - astro + - astrojs - auditlog - authelia - authentik @@ -17,6 +20,7 @@ words: - authkey - authtoken - autoconnect + - automount - autoplay - autoscan - autosync @@ -25,6 +29,8 @@ words: - basicauthexample - batnoter - bazarr + - bitnami + - bitpushr - blocklists - blocktype - briefkasten @@ -40,14 +46,18 @@ words: - cloudflareddns - cloudnative - clusterissuer + - clustertool - cnpg - codeserver + - codespace + - codespaces - collabora - configfile - configfiles - configmap - containo - cooldown + - crossorigin - crossplay - csgo - cuda @@ -62,9 +72,12 @@ words: - dnat - dnsserver - dnsservers + - dockerhub - dockerized - docspell + - downscaling - drac + - dragonfish - duplicati - dynmap - ebgp @@ -72,6 +85,7 @@ words: - emby - entrypoints - eptgmk + - excludednets - exif - filebrowser - fireshare @@ -80,13 +94,17 @@ words: - flemarr - flemmarr - flushtables + - fluxcd - forcegc - forwardauth - fowner + - frontmatter - fullname + - geoblock - geoip - geoipupdate - gibibyte + - gitops - gluster - goauthentik - gotify @@ -100,6 +118,7 @@ words: - honeybadger - hostnames - hostpath + - htpasswd - hyperconverged - hyperthread - iban @@ -112,10 +131,13 @@ words: - integrationsenabled - inventree - ipaddr + - iscsi - ixcert - ixsystems - jackett - jacobalberty + - jagr + - jagrbombs - jailman - javaprefs - jellyfin @@ -127,8 +149,11 @@ words: - kimai - kiwix - kjeld + - kofeh - komga + - kqmaverick - kube + - kubeapps - kubeconfig - kubectl - kubernetes @@ -160,6 +185,7 @@ words: - mbit - mediafiles - memfs + - merch - mergerfs - meshcentral - meshroom @@ -171,6 +197,7 @@ words: - middlewaretcps - mikrotik - milicpu + - millis - mimetypes - minecraft - miniflux @@ -179,6 +206,7 @@ words: - mkvcleaver - modelstore - modports + - modsecurity - mongosh - mountpoint - mqtt @@ -198,9 +226,11 @@ words: - nodeports - nohardlinks - noisedash + - noob - nordigen - noreply - notebookbar + - notoriosly - odbc - oidc - omada @@ -208,6 +238,7 @@ words: - organizr - ornias - ovpn + - pagefind - passwrd - penpot - pgadmin @@ -216,14 +247,17 @@ words: - pihole - plainhost - plaxt + - playform - playout - plex - plextraktsync - portainer + - postgreqsql - preconfigured - prefs - preload - proto + - prowlarr - proxyhttp - proxyhttps - proxying @@ -259,6 +293,7 @@ words: - sabnzbd - schouten - scipy + - sdimovv - seafile - selfsigned - sendgrid @@ -271,6 +306,10 @@ words: - setgid - setuid - sgateway + - shadofall + - shoutout + - showstealers + - sidero - signup - smallblock - snmp @@ -285,6 +324,7 @@ words: - ssvnc - starttls - statefulset + - statefulsets - staticdhcpleases - staticfiles - statping @@ -302,10 +342,12 @@ words: - tccr - tcdbinfo - teamspeak + - templating - testpassword - testuser - thanos - themenamehere + - themepark - tlsoptions - tlsstores - totp @@ -320,6 +362,7 @@ words: - umami - unet - unifi + - upscaling - upsnap - upstreams - userspace @@ -341,6 +384,7 @@ words: - weejewel - wger - whisparr + - xstar - xsystems - zabbix - zerotier diff --git a/website/cspell.config.yaml b/website/cspell.config.yaml deleted file mode 100644 index db909b2b836..00000000000 --- a/website/cspell.config.yaml +++ /dev/null @@ -1,70 +0,0 @@ -words: - - alfi - - APPNAME - - archivebox - - astro - - astrojs - - automount - - Bitnami - - bitpushr - - cloudnative - - clusterissuer - - Clustertool - - CNPG - - codespace - - Codespaces - - Collabora - - configmap - - crossorigin - - Dockerhub - - downscaling - - Dragonfish - - fluxcd - - frontmatter - - gitops - - heavyscript - - hyperconverged - - iscsi - - Jagr - - jagrbombs - - Jailman - - Jellyfin - - Kjeld - - kofeh - - kqmaverick - - kubeapps - - Merch - - metallb - - Minio - - mountpoint - - Nextcloud - - Noob - - notoriosly - - ornias - - pagefind - - Photoprism - - Pihole - - playform - - Postgreqsql - - preconfigured - - Prowlarr - - PVCPATH - - Radarr - - Schouten - - sdimovv - - shadofall - - shoutout - - showstealers - - Sidero - - statefulset - - statefulsets - - Syncthing - - tailscale - - TCCR - - templating - - Traefik - - truecharts - - upscaling - - Vaultwarden - - Xstar - - Xsystems diff --git a/website/src/content/docs/common/index.md b/website/src/content/docs/common/index.md index 51f192e5e8e..749d994baca 100644 --- a/website/src/content/docs/common/index.md +++ b/website/src/content/docs/common/index.md @@ -39,8 +39,8 @@ See more info about global values [here](/common/global) | ---------- | ----------------------------------- | | Key | `global` | | Type | `map` | -| Required | ❌ | -| Helm `tpl` | ❌ | +| Required | ❌ | +| Helm `tpl` | ❌ | | Default | See [here](/common/global#defaults) | Example @@ -65,8 +65,8 @@ The fallback defaults are used when a value is not defined in the chart. | ---------- | --------------------------------------------- | | Key | `fallbackDefaults` | | Type | `map` | -| Required | ❌ | -| Helm `tpl` | ❌ | +| Required | ❌ | +| Helm `tpl` | ❌ | | Default | See [here](/common/fallbackdefaults#defaults) | --- @@ -79,8 +79,8 @@ Define kubernetes resources, 1 per list item, tpl will be resolved | ---------- | ------------------ | | Key | `extraTpl` | | Type | `list` of `string` | -| Required | ❌ | -| Helm `tpl` | ✅ | +| Required | ❌ | +| Helm `tpl` | ✅ | | Default | `[]` | Example @@ -103,8 +103,8 @@ Contains specific settings for helm charts containing or using system | ---------- | ---------- | | Key | `operator` | | Type | `map` | -| Required | ❌ | -| Helm `tpl` | ❌ | +| Required | ❌ | +| Helm `tpl` | ❌ | Default @@ -138,8 +138,8 @@ Adds a configmap in the operator's namespace to register the chart as an operato | ---------- | ------------------- | | Key | `operator.register` | | Type | `bool` | -| Required | ❌ | -| Helm `tpl` | ❌ | +| Required | ❌ | +| Helm `tpl` | ❌ | | Default | `false` | Example @@ -159,8 +159,8 @@ Contains specific settings for verifying system | ---------- | ----------------- | | Key | `operator.verify` | | Type | `map` | -| Required | ❌ | -| Helm `tpl` | ❌ | +| Required | ❌ | +| Helm `tpl` | ❌ | Default @@ -192,8 +192,8 @@ Enables or disables the verification of system | ---------- | ------------------------- | | Key | `operator.verify.enabled` | | Type | `bool` | -| Required | ❌ | -| Helm `tpl` | ❌ | +| Required | ❌ | +| Helm `tpl` | ❌ | | Default | `true` | Example @@ -214,8 +214,8 @@ Additional system to verify | ---------- | ---------------------------------- | | Key | `operator.verify.additionalsystem` | | Type | `list` of `string` | -| Required | ❌ | -| Helm `tpl` | ❌ | +| Required | ❌ | +| Helm `tpl` | ❌ | | Default | `[]` | Example @@ -244,8 +244,8 @@ See more info about podOptions [here](/common/podoptions) | ---------- | --------------------------------------- | | Key | `podOptions` | | Type | `map` | -| Required | ❌ | -| Helm `tpl` | ❌ | +| Required | ❌ | +| Helm `tpl` | ❌ | | Default | See [here](/common/podoptions#defaults) | Example @@ -287,8 +287,8 @@ See more info about containerOptions [here](/common/containeroptions) | ---------- | --------------------------------------------- | | Key | `containerOptions` | | Type | `map` | -| Required | ❌ | -| Helm `tpl` | ❌ | +| Required | ❌ | +| Helm `tpl` | ❌ | | Default | See [here](/common/containeroptions#defaults) | Example @@ -309,8 +309,8 @@ Timezone that is used everywhere applicable, unless overridden at the container | ---------- | ----- | | Key | `TZ` | | Type | `map` | -| Required | ✅ | -| Helm `tpl` | ❌ | +| Required | ✅ | +| Helm `tpl` | ❌ | | Default | `UTC` | Example @@ -347,8 +347,8 @@ Resources apply to **EACH** container, not to the pod as a whole. | ---------- | -------------------------------------- | | Key | `resources` | | Type | `map` | -| Required | ✅ | -| Helm `tpl` | ❌ | +| Required | ✅ | +| Helm `tpl` | ❌ | | Default | See [here](/common/resources#defaults) | Example @@ -379,8 +379,8 @@ See more info about securityContext [here](/common/securitycontext) | ---------- | -------------------------------------------- | | Key | `securityContext` | | Type | `map` | -| Required | ✅ | -| Helm `tpl` | ❌ | +| Required | ✅ | +| Helm `tpl` | ❌ | | Default | See [here](/common/securitycontext#defaults) | Example @@ -455,8 +455,8 @@ Defines the image details | ---------- | ------- | | Key | `image` | | Type | `map` | -| Required | ✅ | -| Helm `tpl` | ❌ | +| Required | ✅ | +| Helm `tpl` | ❌ | Default @@ -486,8 +486,8 @@ Defines the image repository | ---------- | ------------------ | | Key | `image.repository` | | Type | `string` | -| Required | ✅ | -| Helm `tpl` | ❌ | +| Required | ✅ | +| Helm `tpl` | ❌ | | Default | `""` | Example @@ -507,8 +507,8 @@ Defines the image tag | ---------- | ----------- | | Key | `image.tag` | | Type | `string` | -| Required | ✅ | -| Helm `tpl` | ❌ | +| Required | ✅ | +| Helm `tpl` | ❌ | | Default | `""` | Example @@ -528,8 +528,8 @@ Defines the image pull policy | ---------- | ------------------ | | Key | `image.pullPolicy` | | Type | `string` | -| Required | ✅ | -| Helm `tpl` | ❌ | +| Required | ✅ | +| Helm `tpl` | ❌ | | Default | `IfNotPresent` | Example @@ -545,26 +545,27 @@ image: - [certificate](/common/certificate) - [configmap](/common/configmap) -- [container](/common/container/) +- [container](/common/container) - [containerOptions](/common/containeroptions) - [imagePullSecret](/common/imagepullsecret) - [ingress](/common/ingress) +- [middlewares](/common/middlewares) - [notes](/common/notes) -- [persistence](/common/persistence/) +- [persistence](/common/persistence) - [podDisruptionBudget](/common/poddisruptionbudget) - [priorityClass](/common/priorityclass) - [rbac](/common/rbac) - [resources](/common/resources) - [secret](/common/secret) - [securityContext](/common/securitycontext) -- [service](/common/service/) +- [service](/common/service) - [serviceAccount](/common/serviceaccount) - [storageClass](/common/storageclass) - [volumeSnapshot](/common/volumesnapshot) - [volumeSnapshotClass](/common/volumesnapshotclass) - [webhook](/common/webhook) - [webhook](/common/webhook) -- [workload](/common/workload/) +- [workload](/common/workload) --- diff --git a/website/src/content/docs/common/middlewares/add-prefix.md b/website/src/content/docs/common/middlewares/add-prefix.md new file mode 100644 index 00000000000..a65c3b3f5d1 --- /dev/null +++ b/website/src/content/docs/common/middlewares/add-prefix.md @@ -0,0 +1,58 @@ +--- +title: Add Prefix Middleware +--- + +:::note + +- Examples under each key are only to be used as a placement guide +- See the [Full Examples](/common/middlewares/add-prefix#full-examples) section for complete examples. +- Upstream documentation for this middleware can be found [here](https://doc.traefik.io/traefik/middlewares/http/addprefix) + +::: + +## Appears in + +- `.Values.middlewares.$name.data` + +:::tip + +- See available middleware keys [here](/common/middlewares). +- This options apply only when `type: add-prefix`. + +::: + +--- + +## `prefix` + +Define the prefix + +| | | +| ---------- | ------------------------------- | +| Key | `middlewares.$name.data.prefix` | +| Type | `string` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + prefix: some-prefix +``` + +--- + +## Full Examples + +```yaml +middlewares: + middleware-name: + enabled: true + type: add-prefix + data: + prefix: some-prefix +``` diff --git a/website/src/content/docs/common/middlewares/basic-auth.md b/website/src/content/docs/common/middlewares/basic-auth.md new file mode 100644 index 00000000000..0e18bfd276c --- /dev/null +++ b/website/src/content/docs/common/middlewares/basic-auth.md @@ -0,0 +1,152 @@ +--- +title: Basic Auth Middleware +--- + +:::note + +- Examples under each key are only to be used as a placement guide +- See the [Full Examples](/common/middlewares/basic-auth#full-examples) section for complete examples. +- Upstream documentation for this middleware can be found [here](https://doc.traefik.io/traefik/middlewares/http/basicauth) + +::: + +## Appears in + +- `.Values.middlewares.$name.data` + +:::tip + +- See available middleware keys [here](/common/middlewares). +- This options apply only when `type: basic-auth`. + +::: + +--- + +## `users` + +Define the users + +:::note + +If this is set, the `secret` key must not be set. + +::: + +| | | +| ---------- | ------------------------------ | +| Key | `middlewares.$name.data.users` | +| Type | `list` of `map` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + users: + - username: some-username + password: some-password +``` + +--- + +### `users[].username` + +Define the username + +| | | +| ---------- | --------------------------------------- | +| Key | `middlewares.$name.data.users.username` | +| Type | `string` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + users: + - username: some-username + password: some-password +``` + +--- + +### `users[].password` + +Define the password + +| | | +| ---------- | --------------------------------------- | +| Key | `middlewares.$name.data.users.password` | +| Type | `string` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + users: + - username: some-username + password: some-password +``` + +--- + +## `secret` + +Define the secret + +:::note + +If this is set, the `users` key must not be set. + +::: + +| | | +| ---------- | ------------------------------- | +| Key | `middlewares.$name.data.secret` | +| Type | `string` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + secret: some-secret +``` + +--- + +## Full Examples + +```yaml +middlewares: + middleware-name1: + enabled: true + type: basic-auth + data: + users: + - username: some-username + password: some-password + middleware-name2: + enabled: true + type: basic-auth + data: + secret: some-secret +``` diff --git a/website/src/content/docs/common/middlewares/buffering.md b/website/src/content/docs/common/middlewares/buffering.md new file mode 100644 index 00000000000..5ae7eeae0c6 --- /dev/null +++ b/website/src/content/docs/common/middlewares/buffering.md @@ -0,0 +1,146 @@ +--- +title: Buffering Middleware +--- + +:::note + +- Examples under each key are only to be used as a placement guide +- See the [Full Examples](/common/middlewares/buffering#full-examples) section for complete examples. +- Upstream documentation for this middleware can be found [here](https://doc.traefik.io/traefik/middlewares/http/buffering) + +::: + +## Appears in + +- `.Values.middlewares.$name.data` + +:::tip + +- See available middleware keys [here](/common/middlewares). +- This options apply only when `type: buffering`. + +::: + +--- + +## `maxRequestBodyBytes` + +Define the maxRequestBodyBytes + +| | | +| ---------- | -------------------------------------------- | +| Key | `middlewares.$name.data.maxRequestBodyBytes` | +| Type | `int` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + maxRequestBodyBytes: 1024 +``` + +--- + +## `memRequestBodyBytes` + +Define the memRequestBodyBytes + +| | | +| ---------- | -------------------------------------------- | +| Key | `middlewares.$name.data.memRequestBodyBytes` | +| Type | `int` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +```yaml +middlewares: + middleware-name: + data: + memRequestBodyBytes: 1024 +``` + +--- + +## `maxResponseBodyBytes` + +Define the maxResponseBodyBytes + +| | | +| ---------- | --------------------------------------------- | +| Key | `middlewares.$name.data.maxResponseBodyBytes` | +| Type | `int` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +```yaml +middlewares: + middleware-name: + data: + maxResponseBodyBytes: 1024 +``` + +--- + +## `memResponseBodyBytes` + +Define the memResponseBodyBytes + +| | | +| ---------- | --------------------------------------------- | +| Key | `middlewares.$name.data.memResponseBodyBytes` | +| Type | `int` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +```yaml +middlewares: + middleware-name: + data: + memResponseBodyBytes: 1024 +``` + +--- + +## `retryExpression` + +Define the retryExpression + +| | | +| ---------- | ---------------------------------------- | +| Key | `middlewares.$name.data.retryExpression` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +```yaml +middlewares: + middleware-name: + data: + retryExpression: "some-expression" +``` + +--- + +## Full Examples + +```yaml +middlewares: + middleware-name: + enabled: true + type: buffering + data: + maxRequestBodyBytes: 1024 + memRequestBodyBytes: 1024 + maxResponseBodyBytes: 1024 + memResponseBodyBytes: 1024 + retryExpression: "some-expression" +``` diff --git a/website/src/content/docs/common/middlewares/chain.md b/website/src/content/docs/common/middlewares/chain.md new file mode 100644 index 00000000000..ddf2b7ef7bb --- /dev/null +++ b/website/src/content/docs/common/middlewares/chain.md @@ -0,0 +1,105 @@ +--- +title: Chain Middleware +--- + +:::note + +- Examples under each key are only to be used as a placement guide +- See the [Full Examples](/common/middlewares/chain#full-examples) section for complete examples. +- Upstream documentation for this middleware can be found [here](https://doc.traefik.io/traefik/middlewares/http/chain) + +::: + +## Appears in + +- `.Values.middlewares.$name.data` + +:::tip + +- See available middleware keys [here](/common/middlewares). +- This options apply only when `type: chain`. + +::: + +--- + +## `middlewares` + +Define the middlewares + +| | | +| ---------- | ------------------------------------ | +| Key | `middlewares.$name.data.middlewares` | +| Type | `list` of `map` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + middlewares: [] +``` + +--- + +### `middlewares[].name` + +Define the middleware name + +| | | +| ---------- | ----------------------------------------- | +| Key | `middlewares.$name.data.middlewares.name` | +| Type | `string` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + middlewares: + - name: some-name +``` + +--- + +### `middlewares[].expandObjectName` + +Define the middleware expandObjectName + +| | | +| ---------- | ----------------------------------------------------- | +| Key | `middlewares.$name.data.middlewares.expandObjectName` | +| Type | `bool` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | `true` | + +Example + +```yaml +middlewares: + middleware-name: + data: + middlewares: + - name: some-name + expandObjectName: false +``` + +--- + +## Full Examples + +```yaml +middlewares: + middleware-name: + enabled: true + type: compress +``` diff --git a/website/src/content/docs/common/middlewares/compress.md b/website/src/content/docs/common/middlewares/compress.md new file mode 100644 index 00000000000..94d2dfb44bf --- /dev/null +++ b/website/src/content/docs/common/middlewares/compress.md @@ -0,0 +1,33 @@ +--- +title: Compress Middleware +--- + +:::note + +- Examples under each key are only to be used as a placement guide +- See the [Full Examples](/common/middlewares/compress#full-examples) section for complete examples. +- Upstream documentation for this middleware can be found [here](https://doc.traefik.io/traefik/middlewares/http/compress) + +::: + +## Appears in + +- `.Values.middlewares.$name.data` + +:::tip + +- See available middleware keys [here](/common/middlewares). +- This options apply only when `type: compress`. + +::: + +--- + +## Full Examples + +```yaml +middlewares: + middleware-name: + enabled: true + type: compress +``` diff --git a/website/src/content/docs/common/middlewares/content-type.md b/website/src/content/docs/common/middlewares/content-type.md new file mode 100644 index 00000000000..66d4e1e2159 --- /dev/null +++ b/website/src/content/docs/common/middlewares/content-type.md @@ -0,0 +1,33 @@ +--- +title: Content Type Middleware +--- + +:::note + +- Examples under each key are only to be used as a placement guide +- See the [Full Examples](/common/middlewares/content-type#full-examples) section for complete examples. +- Upstream documentation for this middleware can be found [here](https://doc.traefik.io/traefik/middlewares/http/contenttype) + +::: + +## Appears in + +- `.Values.middlewares.$name.data` + +:::tip + +- See available middleware keys [here](/common/middlewares). +- This options apply only when `type: content-type`. + +::: + +--- + +## Full Examples + +```yaml +middlewares: + middleware-name: + enabled: true + type: content-type +``` diff --git a/website/src/content/docs/common/middlewares/forward-auth.md b/website/src/content/docs/common/middlewares/forward-auth.md new file mode 100644 index 00000000000..162caa81fc1 --- /dev/null +++ b/website/src/content/docs/common/middlewares/forward-auth.md @@ -0,0 +1,207 @@ +--- +title: Forward Auth Middleware +--- + +:::note + +- Examples under each key are only to be used as a placement guide +- See the [Full Examples](/common/middlewares/forward-auth#full-examples) section for complete examples. +- Upstream documentation for this middleware can be found [here](https://doc.traefik.io/traefik/middlewares/http/forwardauth) + +::: + +## Appears in + +- `.Values.middlewares.$name.data` + +:::tip + +- See available middleware keys [here](/common/middlewares). +- This options apply only when `type: forward-auth`. + +::: + +--- + +## `address` + +Define the address + +| | | +| ---------- | -------------------------------- | +| Key | `middlewares.$name.data.address` | +| Type | `string` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + address: some-address +``` + +--- + +## `authResponseHeadersRegex` + +Define the authResponseHeadersRegex + +| | | +| ---------- | ------------------------------------------------- | +| Key | `middlewares.$name.data.authResponseHeadersRegex` | +| Type | `string` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + authResponseHeadersRegex: some-regex +``` + +--- + +## `trustForwardHeader` + +Define the trustForwardHeader + +| | | +| ---------- | ------------------------------------------- | +| Key | `middlewares.$name.data.trustForwardHeader` | +| Type | `bool` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | `false` | + +Example + +```yaml +middlewares: + middleware-name: + data: + trustForwardHeader: true +``` + +--- + +## `authResponseHeaders` + +Define the authResponseHeaders + +| | | +| ---------- | -------------------------------------------- | +| Key | `middlewares.$name.data.authResponseHeaders` | +| Type | `list` of `string` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | `[]` | + +Example + +```yaml +middlewares: + middleware-name: + data: + authResponseHeaders: + - some-header +``` + +--- + +## `authRequestHeaders` + +Define the authRequestHeaders + +| | | +| ---------- | ------------------------------------------- | +| Key | `middlewares.$name.data.authRequestHeaders` | +| Type | `list` of `string` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | `[]` | + +Example + +```yaml +middlewares: + middleware-name: + data: + authRequestHeaders: + - some-header +``` + +--- + +## `tls` + +Define the tls + +| | | +| ---------- | ---------------------------- | +| Key | `middlewares.$name.data.tls` | +| Type | `map` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | `{}` | + +Example + +```yaml +middlewares: + middleware-name: + data: + tls: {} +``` + +--- + +### `tls.insecureSkipVerify` + +Define the tls.insecureSkipVerify + +| | | +| ---------- | ----------------------------------------------- | +| Key | `middlewares.$name.data.tls.insecureSkipVerify` | +| Type | `bool` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | `false` | + +Example + +```yaml +middlewares: + middleware-name: + data: + tls: + insecureSkipVerify: true +``` + +--- + +## Full Examples + +```yaml +middlewares: + middleware-name: + enabled: true + type: forward-auth + data: + address: some-address + authResponseHeadersRegex: some-regex + trustForwardHeader: true + authResponseHeaders: + - some-header + authRequestHeaders: + - some-header + tls: + insecureSkipVerify: true +``` diff --git a/website/src/content/docs/common/middlewares/headers.md b/website/src/content/docs/common/middlewares/headers.md new file mode 100644 index 00000000000..7ee8017db78 --- /dev/null +++ b/website/src/content/docs/common/middlewares/headers.md @@ -0,0 +1,748 @@ +--- +title: Headers Middleware +--- + +:::note + +- Examples under each key are only to be used as a placement guide +- See the [Full Examples](/common/middlewares/headers#full-examples) section for complete examples. +- Upstream documentation for this middleware can be found [here](https://doc.traefik.io/traefik/middlewares/http/headers) + +::: + +## Appears in + +- `.Values.middlewares.$name.data` + +:::tip + +- See available middleware keys [here](/common/middlewares). +- This options apply only when `type: headers`. + +::: + +--- + +## `customRequestHeaders` + +Define the customRequestHeaders + +| | | +| ---------- | --------------------------------------------- | +| Key | `middlewares.$name.data.customRequestHeaders` | +| Type | `map` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + customRequestHeaders: + some-name: some-value + some-other-name: some-other-value +``` + +--- + +## `customResponseHeaders` + +Define the customResponseHeaders + +| | | +| ---------- | ---------------------------------------------- | +| Key | `middlewares.$name.data.customResponseHeaders` | +| Type | `map` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + customResponseHeaders: + some-name: some-value + some-other-name: some-other-value +``` + +--- + +## `accessControlAllowCredentials` + +Define the accessControlAllowCredentials + +| | | +| ---------- | ------------------------------------------------------ | +| Key | `middlewares.$name.data.accessControlAllowCredentials` | +| Type | `bool` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + accessControlAllowCredentials: true +``` + +--- + +## `accessControlAllowHeaders` + +Define the accessControlAllowHeaders + +| | | +| ---------- | -------------------------------------------------- | +| Key | `middlewares.$name.data.accessControlAllowHeaders` | +| Type | `list` of `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + accessControlAllowHeaders: + - some-header + - some-other-header +``` + +--- + +## `accessControlAllowMethods` + +Define the accessControlAllowMethods + +| | | +| ---------- | -------------------------------------------------- | +| Key | `middlewares.$name.data.accessControlAllowMethods` | +| Type | `list` of `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + accessControlAllowMethods: + - GET + - POST + - PUT + - DELETE +``` + +--- + +## `accessControlAllowOriginList` + +Define the accessControlAllowOriginList + +| | | +| ---------- | ----------------------------------------------------- | +| Key | `middlewares.$name.data.accessControlAllowOriginList` | +| Type | `list` of `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + accessControlAllowOriginList: + - some-origin + - some-other-origin +``` + +--- + +## `accessControlAllowOriginListRegex` + +Define the accessControlAllowOriginListRegex + +| | | +| ---------- | ----------------------------------------------------- | +| Key | `middlewares.$name.data.accessControlAllowOriginList` | +| Type | `list` of `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + accessControlAllowOriginListRegex: + - some-origin-regex + - some-other-origin-regex +``` + +--- + +## `accessControlExposeHeaders` + +Define the accessControlExposeHeaders + +| | | +| ---------- | --------------------------------------------------- | +| Key | `middlewares.$name.data.accessControlExposeHeaders` | +| Type | `list` of `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + accessControlExposeHeaders: + - some-header + - some-other-header +``` + +--- + +## `accessControlMaxAge` + +Define the accessControlMaxAge + +| | | +| ---------- | -------------------------------------------- | +| Key | `middlewares.$name.data.accessControlMaxAge` | +| Type | `int` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + accessControlMaxAge: 1000 +``` + +--- + +## `addVaryHeader` + +Define the addVaryHeader + +| | | +| ---------- | -------------------------------------- | +| Key | `middlewares.$name.data.addVaryHeader` | +| Type | `bool` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + addVaryHeader: true +``` + +--- + +## `allowedHosts` + +Define the allowedHosts + +| | | +| ---------- | ------------------------------------- | +| Key | `middlewares.$name.data.allowedHosts` | +| Type | `list` of `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + allowedHosts: + - some-host + - some-other-host +``` + +--- + +## `hostsProxyHeaders` + +Define the hostsProxyHeaders + +| | | +| ---------- | ------------------------------------------ | +| Key | `middlewares.$name.data.hostsProxyHeaders` | +| Type | `list` of `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + hostsProxyHeaders: + - some-header + - some-other-header +``` + +--- + +## `sslProxyHeaders` + +Define the sslProxyHeaders + +| | | +| ---------- | ---------------------------------------- | +| Key | `middlewares.$name.data.sslProxyHeaders` | +| Type | `map` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + sslProxyHeaders: + some-header: some-value + some-other-header: some-other-value +``` + +--- + +## `stsSeconds` + +Define the stsSeconds + +| | | +| ---------- | ----------------------------------- | +| Key | `middlewares.$name.data.stsSeconds` | +| Type | `int` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + stsSeconds: 1000 +``` + +--- + +## `stsIncludeSubdomains` + +Define the stsIncludeSubdomains + +| | | +| ---------- | --------------------------------------------- | +| Key | `middlewares.$name.data.stsIncludeSubdomains` | +| Type | `bool` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + stsIncludeSubdomains: true +``` + +--- + +## `stsPreload` + +Define the stsPreload + +| | | +| ---------- | ----------------------------------- | +| Key | `middlewares.$name.data.stsPreload` | +| Type | `bool` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + stsPreload: true +``` + +--- + +## `forceSTSHeader` + +Define the forceSTSHeader + +| | | +| ---------- | --------------------------------------- | +| Key | `middlewares.$name.data.forceSTSHeader` | +| Type | `bool` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + forceSTSHeader: true +``` + +--- + +## `frameDeny` + +Define the frameDeny + +| | | +| ---------- | ---------------------------------- | +| Key | `middlewares.$name.data.frameDeny` | +| Type | `bool` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + frameDeny: true +``` + +--- + +## `customFrameOptionsValue` + +Define the customFrameOptionsValue + +| | | +| ---------- | ------------------------------------------------ | +| Key | `middlewares.$name.data.customFrameOptionsValue` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + customFrameOptionsValue: some-value +``` + +--- + +## `contentTypeNosniff` + +Define the contentTypeNosniff + +| | | +| ---------- | ------------------------------------------- | +| Key | `middlewares.$name.data.contentTypeNosniff` | +| Type | `bool` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + contentTypeNosniff: true +``` + +--- + +## `browserXssFilter` + +Define the browserXssFilter + +| | | +| ---------- | ----------------------------------------- | +| Key | `middlewares.$name.data.browserXssFilter` | +| Type | `bool` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + browserXssFilter: true +``` + +--- + +## `customBrowserXSSValue` + +Define the customBrowserXSSValue + +| | | +| ---------- | ---------------------------------------------- | +| Key | `middlewares.$name.data.customBrowserXSSValue` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + customBrowserXSSValue: some-value +``` + +--- + +## `contentSecurityPolicy` + +Define the contentSecurityPolicy + +| | | +| ---------- | ---------------------------------------------- | +| Key | `middlewares.$name.data.contentSecurityPolicy` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + contentSecurityPolicy: some-value +``` + +--- + +## `contentSecurityPolicyReportOnly` + +Define the contentSecurityPolicyReportOnly + +| | | +| ---------- | ---------------------------------------------- | +| Key | `middlewares.$name.data.contentSecurityPolicy` | +| Type | `bool` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + contentSecurityPolicyReportOnly: true +``` + +--- + +## `publicKey` + +Define the publicKey + +| | | +| ---------- | ---------------------------------- | +| Key | `middlewares.$name.data.publicKey` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + publicKey: some-public-key +``` + +--- + +## `referrerPolicy` + +Define the referrerPolicy + +| | | +| ---------- | --------------------------------------- | +| Key | `middlewares.$name.data.referrerPolicy` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + referrerPolicy: some-referrer-policy +``` + +--- + +## `permissionsPolicy` + +Define the permissionsPolicy + +| | | +| ---------- | ------------------------------------------ | +| Key | `middlewares.$name.data.permissionsPolicy` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + permissionsPolicy: some-permissions-policy +``` + +--- + +## `isDevelopment` + +Define the isDevelopment + +| | | +| ---------- | -------------------------------------- | +| Key | `middlewares.$name.data.isDevelopment` | +| Type | `bool` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + isDevelopment: true +``` + +--- + +## Full Examples + +```yaml +middlewares: + middleware-name: + enabled: true + type: headers + data: + customRequestHeaders: + some-name: some-value + some-other-name: some-other-value + customResponseHeaders: + some-name: some-value + some-other-name: some-other-value + accessControlAllowCredentials: true + accessControlAllowHeaders: + - some-header + - some-other-header + accessControlAllowMethods: + - GET + - DELETE + accessControlAllowOriginList: + - some-origin + - some-other-origin + accessControlAllowOriginListRegex: + - some-origin-regex + - some-other-origin-regex + accessControlExposeHeaders: + - some-header + - some-other-header + accessControlMaxAge: 1000 + addVaryHeader: true + allowedHosts: + - some-host + - some-other-host + hostsProxyHeaders: + - some-header + - some-other-header + sslProxyHeaders: + some-header: some-value + some-other-header: some-other-value + stsSeconds: 1000 + stsIncludeSubdomains: true + stsPreload: true + forceSTSHeader: true + frameDeny: true + customFrameOptionsValue: some-value + contentTypeNosniff: true + browserXssFilter: true + customBrowserXSSValue: some-value + contentSecurityPolicy: some-value + contentSecurityPolicyReportOnly: true + publicKey: some-public-key + referrerPolicy: some-referrer-policy + permissionsPolicy: some-permissions-policy + isDevelopment: true +``` diff --git a/website/src/content/docs/common/middlewares/index.md b/website/src/content/docs/common/middlewares/index.md new file mode 100644 index 00000000000..d7d031f42b7 --- /dev/null +++ b/website/src/content/docs/common/middlewares/index.md @@ -0,0 +1,273 @@ +--- +title: Middlewares +--- + +:::note + +- Examples under each key are only to be used as a placement guide +- See the [Full Examples](/common/middlewares#full-examples) section for complete examples. + +::: + +## Appears in + +- `.Values.middlewares` + +## Naming scheme + +- `$FullName-$MiddlewareName` (release-name-chart-name-middleware-name) + +:::tip + +- Replace references to `$name` with the actual name you want to use. + +::: + +--- + +## `middlewares` + +Create Middleware objects + +| | | +| ---------- | ------------- | +| Key | `middlewares` | +| Type | `map` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | `{}` | + +Example + +```yaml +middlewares: {} +``` + +--- + +### `$name` + +Define Middleware + +| | | +| ---------- | ------------------- | +| Key | `middlewares.$name` | +| Type | `map` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | `{}` | + +Example + +```yaml +middlewares: + middleware-name: {} +``` + +--- + +#### `enabled` + +Enables or Disables the Configmap + +| | | +| ---------- | ------------------------- | +| Key | `configmap.$name.enabled` | +| Type | `bool` | +| Required | ✅ | +| Helm `tpl` | ✅ | +| Default | `false` | + +Example + +```yaml +middlewares: + middleware-name: + enabled: true +``` + +--- + +#### `expandObjectName` + +Whether to expand (adding the fullname as prefix) the middleware name. + +| | | +| ---------- | ---------------------------------- | +| Key | `configmap.$name.expandObjectName` | +| Type | `bool` | +| Required | ✅ | +| Helm `tpl` | ✅ | +| Default | `true` | + +Example + +```yaml +middlewares: + middleware-name: + expandObjectName: false +``` + +--- + +#### `namespace` + +Define the namespace for this object + +| | | +| ---------- | ----------------------------- | +| Key | `middlewares.$name.namespace` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ✅ | +| Default | `""` | + +Example + +```yaml +middlewares: + middleware-name: + namespace: some-namespace +``` + +--- + +#### `type` + +Define the type for this object + +Available types: + +- [add-prefix](/common/middlewares/add-prefix) +- [basic-auth](/common/middlewares/basic-auth) +- [buffering](/common/middlewares/buffering) +- [chain](/common/middlewares/chain) +- [compress](/common/middlewares/compress) +- [content-type](/common/middlewares/content-type) +- [forward-auth](/common/middlewares/forward-auth) +- [headers](/common/middlewares/headers) +- [ip-allow-list](/common/middlewares/ip-allow-list) +- [plugin-bouncer](/common/middlewares/plugin-bouncer) +- [plugin-geoblock](/common/middlewares/plugin-geoblock) +- [plugin-mod-security](/common/middlewares/plugin-mod-security) +- [plugin-real-ip](/common/middlewares/plugin-real-ip) +- [plugin-rewrite-response-headers](/common/middlewares/plugin-rewrite-response-headers) +- [plugin-theme-park](/common/middlewares/plugin-theme-park) +- [rate-limit](/common/middlewares/rate-limit) +- [redirect-regex](/common/middlewares/redirect-regex) +- [redirect-scheme](/common/middlewares/redirect-scheme) +- [replace-path-regex](/common/middlewares/replace-path-regex) +- [replace-path](/common/middlewares/replace-path) +- [retry](/common/middlewares/retry) +- [strip-prefix-regex](/common/middlewares/strip-prefix-regex) +- [strip-prefix](/common/middlewares/strip-prefix) + +| | | +| ---------- | ------------------------ | +| Key | `middlewares.$name.type` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | `""` | + +Example + +```yaml +middlewares: + middleware-name: + type: buffering +``` + +--- + +#### `labels` + +Additional labels for middleware + +| | | +| ---------- | -------------------------- | +| Key | `middlewares.$name.labels` | +| Type | `map` | +| Required | ❌ | +| Helm `tpl` | ✅ (On value only) | +| Default | `{}` | + +Example + +```yaml +middlewares: + middleware-name: + labels: + key: value +``` + +--- + +#### `annotations` + +Additional annotations for middleware + +| | | +| ---------- | ------------------------------- | +| Key | `middlewares.$name.annotations` | +| Type | `map` | +| Required | ❌ | +| Helm `tpl` | ✅ (On value only) | +| Default | `{}` | + +Example + +```yaml +middlewares: + middleware-name: + annotations: + key: value +``` + +--- + +#### `data` + +Define the data of the middleware + +| | | +| ---------- | ------------------------ | +| Key | `middlewares.$name.data` | +| Type | `map` | +| Required | ✅ | +| Helm `tpl` | ✅ | +| Example | `{}` | + +```yaml +middlewares: + middleware-name: + data: + key: value +``` + +--- + +## Full Examples + +```yaml +middlewares: + middleware-name: + enabled: true + type: buffering + expandObjectName: false + labels: + key: value + keytpl: "{{ .Values.some.value }}" + annotations: + key: value + keytpl: "{{ .Values.some.value }}" + data: + key: value + + other-middleware-name: + enabled: true + type: buffering + namespace: some-namespace + data: + key: value +``` diff --git a/website/src/content/docs/common/middlewares/ip-allow-list.md b/website/src/content/docs/common/middlewares/ip-allow-list.md new file mode 100644 index 00000000000..0221768259d --- /dev/null +++ b/website/src/content/docs/common/middlewares/ip-allow-list.md @@ -0,0 +1,136 @@ +--- +title: IP Allow List Middleware +--- + +:::note + +- Examples under each key are only to be used as a placement guide +- See the [Full Examples](/common/middlewares/ip-allow-list#full-examples) section for complete examples. +- Upstream documentation for this middleware can be found [here](https://doc.traefik.io/traefik/middlewares/http/ipallowlist) + +::: + +## Appears in + +- `.Values.middlewares.$name.data` + +:::tip + +- See available middleware keys [here](/common/middlewares). +- This options apply only when `type: ip-allow-list`. + +::: + +--- + +## `sourceRange` + +Define the sourceRange + +| | | +| ---------- | ------------------------------------ | +| Key | `middlewares.$name.data.sourceRange` | +| Type | `list` of `string` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + sourceRange: + - some-source-range +``` + +--- + +## `ipStrategy` + +Define the ipStrategy + +| | | +| ---------- | ----------------------------------- | +| Key | `middlewares.$name.data.ipStrategy` | +| Type | `map` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | `{}` | + +Example + +```yaml +middlewares: + middleware-name: + data: + ipStrategy: {} +``` + +--- + +### `ipStrategy.depth` + +Define the ipStrategy.depth + +| | | +| ---------- | ----------------------------------------- | +| Key | `middlewares.$name.data.ipStrategy.depth` | +| Type | `int` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + ipStrategy: + depth: 1 +``` + +--- + +### `ipStrategy.excludedIPs` + +Define the ipStrategy.excludedIPs + +| | | +| ---------- | ----------------------------------------------- | +| Key | `middlewares.$name.data.ipStrategy.excludedIPs` | +| Type | `list` of `string` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + ipStrategy: + excludedIPs: + - some-excluded-ip +``` + +--- + +## Full Examples + +```yaml +middlewares: + middleware-name: + enabled: true + type: ip-allow-list + data: + sourceRange: + - some-source-range + ipStrategy: + depth: 1 + excludedIPs: + - some-excluded-ip +``` diff --git a/website/src/content/docs/common/middlewares/plugin-bouncer.md b/website/src/content/docs/common/middlewares/plugin-bouncer.md new file mode 100644 index 00000000000..e21abaf1572 --- /dev/null +++ b/website/src/content/docs/common/middlewares/plugin-bouncer.md @@ -0,0 +1,958 @@ +--- +title: Plugin Bouncer Middleware +--- + +:::note + +- Examples under each key are only to be used as a placement guide +- See the [Full Examples](/common/middlewares/plugin-bouncer#full-examples) section for complete examples. +- Upstream documentation for this middleware can be found [here](github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin) + +::: + +## Appears in + +- `.Values.middlewares.$name.data` + +:::tip + +- See available middleware keys [here](/common/middlewares). +- This options apply only when `type: plugin-bouncer`. + +::: + +--- + +## `pluginName` + +Define the pluginName + +| | | +| ---------- | ----------------------------------- | +| Key | `middlewares.$name.data.pluginName` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | `bouncer` | + +Example + +```yaml +middlewares: + middleware-name: + data: + pluginName: my-plugin-name +``` + +--- + +## `enabled` + +Define the enabled + +| | | +| ---------- | -------------------------------- | +| Key | `middlewares.$name.data.enabled` | +| Type | `bool` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + enabled: true +``` + +--- + +## `logLevel` + +Define the logLevel + +| | | +| ---------- | --------------------------------- | +| Key | `middlewares.$name.data.logLevel` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + logLevel: DEBUG +``` + +--- + +## `updateIntervalSeconds` + +Define the updateIntervalSeconds + +| | | +| ---------- | ---------------------------------------------- | +| Key | `middlewares.$name.data.updateIntervalSeconds` | +| Type | `int` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + updateIntervalSeconds: 60 +``` + +--- + +## `updateMaxFailure` + +Define the updateMaxFailure + +| | | +| ---------- | ----------------------------------------- | +| Key | `middlewares.$name.data.updateMaxFailure` | +| Type | `int` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + updateMaxFailure: 0 +``` + +--- + +## `defaultDecisionSeconds` + +Define the defaultDecisionSeconds + +| | | +| ---------- | ----------------------------------------------- | +| Key | `middlewares.$name.data.defaultDecisionSeconds` | +| Type | `int` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + defaultDecisionSeconds: 60 +``` + +--- + +## `httpTimeoutSeconds` + +Define the httpTimeoutSeconds + +| | | +| ---------- | ------------------------------------------- | +| Key | `middlewares.$name.data.httpTimeoutSeconds` | +| Type | `int` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + httpTimeoutSeconds: 10 +``` + +--- + +## `crowdsecMode` + +Define the crowdsecMode + +| | | +| ---------- | --------------------------------- | +| Key | `middlewares.$name.data.crowdsec` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + crowdsecMode: live +``` + +--- + +## `crowdsecAppsecEnabled` + +Define the crowdsecAppsecEnabled + +| | | +| ---------- | ---------------------------------------------- | +| Key | `middlewares.$name.data.crowdsecAppsecEnabled` | +| Type | `bool` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + crowdsecAppsecEnabled: false +``` + +--- + +## `crowdsecAppsecHost` + +Define the crowdsecAppsecHost + +| | | +| ---------- | ------------------------------------------- | +| Key | `middlewares.$name.data.crowdsecAppsecHost` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + crowdsecAppsecHost: crowdsec:7422 +``` + +--- + +## `crowdsecAppsecFailureBlock` + +Define the crowdsecAppsecFailureBlock + +| | | +| ---------- | --------------------------------------------------- | +| Key | `middlewares.$name.data.crowdsecAppsecFailureBlock` | +| Type | `bool` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + crowdsecAppsecFailureBlock: true +``` + +--- + +## `crowdsecAppsecUnreachableBlock` + +Define the crowdsecAppsecUnreachableBlock + +| | | +| ---------- | ------------------------------------------------------- | +| Key | `middlewares.$name.data.crowdsecAppsecUnreachableBlock` | +| Type | `bool` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + crowdsecAppsecUnreachableBlock: true +``` + +--- + +## `crowdsecLapiKey` + +Define the crowdsecLapiKey + +| | | +| ---------- | ---------------------------------------- | +| Key | `middlewares.$name.data.crowdsecLapiKey` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + crowdsecLapiKey: privateKey-foo +``` + +--- + +## `crowdsecLapiHost` + +Define the crowdsecLapiHost + +| | | +| ---------- | ----------------------------------------- | +| Key | `middlewares.$name.data.crowdsecLapiHost` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + crowdsecLapiHost: crowdsec:8080 +``` + +--- + +## `crowdsecLapiScheme` + +Define the crowdsecLapiScheme + +| | | +| ---------- | --------------------------------- | +| Key | `middlewares.$name.data.crowdsec` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + crowdsecLapiScheme: http +``` + +--- + +## `crowdsecLapiTLSInsecureVerify` + +Define the crowdsecLapiTLSInsecureVerify + +| | | +| ---------- | ------------------------------------------------------ | +| Key | `middlewares.$name.data.crowdsecLapiTLSInsecureVerify` | +| Type | `bool` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + crowdsecLapiTLSInsecureVerify: false +``` + +--- + +## `crowdsecCapiMachineId` + +Define the crowdsecCapiMachineId + +| | | +| ---------- | ---------------------------------------------- | +| Key | `middlewares.$name.data.crowdsecCapiMachineId` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + crowdsecCapiMachineId: login +``` + +--- + +## `crowdsecCapiPassword` + +Define the crowdsecCapiPassword + +| | | +| ---------- | --------------------------------------------- | +| Key | `middlewares.$name.data.crowdsecCapiPassword` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + crowdsecCapiPassword: password +``` + +--- + +## `crowdsecCapiScenarios` + +Define the crowdsecCapiScenarios + +| | | +| ---------- | ---------------------------------------------- | +| Key | `middlewares.$name.data.crowdsecCapiScenarios` | +| Type | `list` of `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + crowdsecCapiScenarios: + - crowdsecurity/http-path-traversal-probing + - crowdsecurity/http-xss-probing + - crowdsecurity/http-generic-bf +``` + +--- + +## `forwardedHeadersTrustedIPs` + +Define the forwardedHeadersTrustedIPs + +| | | +| ---------- | --------------------------------------------------- | +| Key | `middlewares.$name.data.forwardedHeadersTrustedIPs` | +| Type | `list` of `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + forwardedHeadersTrustedIPs: + - 10.0.10.23/32 + - 10.0.20.0/24 +``` + +--- + +## `clientTrustedIPs` + +Define the clientTrustedIPs + +| | | +| ---------- | ----------------------------------------- | +| Key | `middlewares.$name.data.clientTrustedIPs` | +| Type | `list` of `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + clientTrustedIPs: + - 192.168.1.0/24 +``` + +--- + +## `forwardedHeadersCustomName` + +Define the forwardedHeadersCustomName + +| | | +| ---------- | --------------------------------------------------- | +| Key | `middlewares.$name.data.forwardedHeadersCustomName` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + forwardedHeadersCustomName: X-Custom-Header +``` + +--- + +## `remediationHeadersCustomName` + +Define the remediationHeadersCustomName + +| | | +| ---------- | ----------------------------------------------------- | +| Key | `middlewares.$name.data.remediationHeadersCustomName` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + remediationHeadersCustomName: cs-remediation +``` + +--- + +## `redisCacheEnabled` + +Define the redisCacheEnabled + +| | | +| ---------- | ------------------------------------------ | +| Key | `middlewares.$name.data.redisCacheEnabled` | +| Type | `bool` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + redisCacheEnabled: false +``` + +--- + +## `redisCacheHost` + +Define the redisCacheHost + +| | | +| ---------- | --------------------------------------- | +| Key | `middlewares.$name.data.redisCacheHost` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + redisCacheHost: "redis:6379" +``` + +--- + +## `redisCachePassword` + +Define the redisCachePassword + +| | | +| ---------- | ------------------------------------------- | +| Key | `middlewares.$name.data.redisCachePassword` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + redisCachePassword: password +``` + +--- + +## `redisCacheDatabase` + +Define the redisCacheDatabase + +| | | +| ---------- | ------------------------------------------- | +| Key | `middlewares.$name.data.redisCacheDatabase` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + redisCacheDatabase: "5" +``` + +--- + +## `crowdsecLapiTLSCertificateAuthority` + +Define the crowdsecLapiTLSCertificateAuthority + +| | | +| ---------- | ------------------------------------------------------------ | +| Key | `middlewares.$name.data.crowdsecLapiTLSCertificateAuthority` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + crowdsecLapiTLSCertificateAuthority: |- + -----BEGIN CERTIFICATE----- + MIIEBzCCAu+gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVT + ... + Q0veeNzBQXg1f/JxfeA39IDIX1kiCf71tGlT + -----END CERTIFICATE----- +``` + +--- + +## `crowdsecLapiTLSCertificateBouncer` + +Define the crowdsecLapiTLSCertificateBouncer + +| | | +| ---------- | ---------------------------------------------------------- | +| Key | `middlewares.$name.data.crowdsecLapiTLSCertificateBouncer` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + crowdsecLapiTLSCertificateBouncer: |- + -----BEGIN CERTIFICATE----- + MIIEHjCCAwagAwIBAgIUOBTs1eqkaAUcPplztUr2xRapvNAwDQYJKoZIhvcNAQEL + ... + RaXAnYYUVRblS1jmePemh388hFxbmrpG2pITx8B5FMULqHoj11o2Rl0gSV6tHIHz + N2U= + -----END CERTIFICATE----- +``` + +--- + +## `crowdsecLapiTLSCertificateBouncerKey` + +Define the crowdsecLapiTLSCertificateBouncerKey + +| | | +| ---------- | ------------------------------------------------------------- | +| Key | `middlewares.$name.data.crowdsecLapiTLSCertificateBouncerKey` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + crowdsecLapiTLSCertificateBouncerKey: |- + -----BEGIN RSA PRIVATE KEY----- + MIIEogIBAAKCAQEAtYQnbJqifH+ZymePylDxGGLIuxzcAUU4/ajNj+qRAdI/Ux3d + ... + ic5cDRo6/VD3CS3MYzyBcibaGaV34nr0G/pI+KEqkYChzk/PZRA= + -----END RSA PRIVATE KEY----- +``` + +--- + +## `captchaProvider` + +Define the captchaProvider + +| | | +| ---------- | ---------------------------------------- | +| Key | `middlewares.$name.data.captchaProvider` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + captchaProvider: hcaptcha +``` + +--- + +## `captchaSiteKey` + +Define the captchaSiteKey + +| | | +| ---------- | --------------------------------------- | +| Key | `middlewares.$name.data.captchaSiteKey` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + captchaSiteKey: FIXME +``` + +--- + +## `captchaSecretKey` + +Define the captchaSecretKey + +| | | +| ---------- | ----------------------------------------- | +| Key | `middlewares.$name.data.captchaSecretKey` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + captchaSecretKey: FIXME +``` + +--- + +## `captchaGracePeriodSeconds` + +Define the captchaGracePeriodSeconds + +| | | +| ---------- | -------------------------------------------------- | +| Key | `middlewares.$name.data.captchaGracePeriodSeconds` | +| Type | `int` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + captchaGracePeriodSeconds: 1800 +``` + +--- + +## `captchaHTMLFilePath` + +Define the captchaHTMLFilePath + +| | | +| ---------- | -------------------------------------------- | +| Key | `middlewares.$name.data.captchaHTMLFilePath` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + captchaHTMLFilePath: /captcha.html +``` + +--- + +## `banHTMLFilePath` + +Define the banHTMLFilePath + +| | | +| ---------- | ---------------------------------------- | +| Key | `middlewares.$name.data.banHTMLFilePath` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + banHTMLFilePath: /ban.html +``` + +--- + +## `captchaHTMLFilePath` + +Define the captchaHTMLFilePath + +| | | +| ---------- | -------------------------------------------- | +| Key | `middlewares.$name.data.captchaHTMLFilePath` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + captchaHTMLFilePath: /captcha.html +``` + +--- + +## Full Examples + +```yaml +middlewares: + middleware-name: + enabled: true + type: plugin-bouncer + data: + enabled: true + logLevel: DEBUG + updateIntervalSeconds: 60 + updateMaxFailure: 0 + defaultDecisionSeconds: 60 + httpTimeoutSeconds: 10 + crowdsecMode: live + crowdsecAppsecEnabled: false + crowdsecAppsecHost: crowdsec:7422 + crowdsecAppsecFailureBlock: true + crowdsecAppsecUnreachableBlock: true + crowdsecLapiKey: privateKey-foo + crowdsecLapiHost: crowdsec:8080 + crowdsecLapiScheme: http + crowdsecLapiTLSInsecureVerify: false + crowdsecCapiMachineId: login + crowdsecCapiPassword: password + crowdsecCapiScenarios: + - crowdsecurity/http-path-traversal-probing + - crowdsecurity/http-xss-probing + - crowdsecurity/http-generic-bf + forwardedHeadersTrustedIPs: + - 10.0.10.23/32 + - 10.0.20.0/24 + clientTrustedIPs: + - 192.168.1.0/24 + forwardedHeadersCustomName: X-Custom-Header + remediationHeadersCustomName: cs-remediation + redisCacheEnabled: false + redisCacheHost: "redis:6379" + redisCachePassword: password + redisCacheDatabase: "5" + crowdsecLapiTLSCertificateAuthority: |- + -----BEGIN CERTIFICATE----- + MIIEBzCCAu+gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVT + ... + Q0veeNzBQXg1f/JxfeA39IDIX1kiCf71tGlT + -----END CERTIFICATE----- + crowdsecLapiTLSCertificateBouncer: |- + -----BEGIN CERTIFICATE----- + MIIEHjCCAwagAwIBAgIUOBTs1eqkaAUcPplztUr2xRapvNAwDQYJKoZIhvcNAQEL + ... + RaXAnYYUVRblS1jmePemh388hFxbmrpG2pITx8B5FMULqHoj11o2Rl0gSV6tHIHz + N2U= + -----END CERTIFICATE----- + captchaProvider: hcaptcha + captchaSiteKey: FIXME + captchaSecretKey: FIXME + captchaGracePeriodSeconds: 1800 + captchaHTMLFilePath: /captcha.html + banHTMLFilePath: /ban.html +``` diff --git a/website/src/content/docs/common/middlewares/plugin-geoblock.md b/website/src/content/docs/common/middlewares/plugin-geoblock.md new file mode 100644 index 00000000000..7d3510d7388 --- /dev/null +++ b/website/src/content/docs/common/middlewares/plugin-geoblock.md @@ -0,0 +1,397 @@ +--- +title: Plugin Geoblock Middleware +--- + +:::note + +- Examples under each key are only to be used as a placement guide +- See the [Full Examples](/common/middlewares/plugin-geoblock#full-examples) section for complete examples. +- Upstream documentation for this middleware can be found [here](https://github.com/PascalMinder/geoblock) + +::: + +## Appears in + +- `.Values.middlewares.$name.data` + +:::tip + +- See available middleware keys [here](/common/middlewares). +- This options apply only when `type: plugin-geoblock`. + +::: + +--- + +## `pluginName` + +Define the pluginName + +| | | +| ---------- | ----------------------------------- | +| Key | `middlewares.$name.data.pluginName` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | `GeoBlock` | + +Example + +```yaml +middlewares: + middleware-name: + data: + pluginName: my-plugin-name +``` + +--- + +## `api` + +Define the api + +| | | +| ---------- | ---------------------------- | +| Key | `middlewares.$name.data.api` | +| Type | `string` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + api: https://api.geoblock.org/v2/geoblock +``` + +--- + +## `allowLocalRequests` + +Define the allowLocalRequests + +| | | +| ---------- | ------------------------------------------- | +| Key | `middlewares.$name.data.allowLocalRequests` | +| Type | `bool` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + allowLocalRequests: true +``` + +--- + +## `logLocalRequests` + +Define the logLocalRequests + +| | | +| ---------- | ----------------------------------------- | +| Key | `middlewares.$name.data.logLocalRequests` | +| Type | `bool` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + logLocalRequests: true +``` + +--- + +## `logAllowedRequests` + +Define the logAllowedRequests + +| | | +| ---------- | ------------------------------------------- | +| Key | `middlewares.$name.data.logAllowedRequests` | +| Type | `bool` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + logAllowedRequests: true +``` + +--- + +## `logApiRequests` + +Define the logApiRequests + +| | | +| ---------- | --------------------------------------- | +| Key | `middlewares.$name.data.logApiRequests` | +| Type | `bool` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + logApiRequests: true +``` + +--- + +## `apiTimeoutMs` + +Define the apiTimeoutMs + +| | | +| ---------- | ------------------------------------- | +| Key | `middlewares.$name.data.apiTimeoutMs` | +| Type | `int` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + apiTimeoutMs: 1000 +``` + +--- + +## `cacheSize` + +Define the cacheSize + +| | | +| ---------- | ---------------------------------- | +| Key | `middlewares.$name.data.cacheSize` | +| Type | `int` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + cacheSize: 1000 +``` + +--- + +## `forceMonthlyUpdate` + +Define the forceMonthlyUpdate + +| | | +| ---------- | ------------------------------------------- | +| Key | `middlewares.$name.data.forceMonthlyUpdate` | +| Type | `bool` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + forceMonthlyUpdate: true +``` + +--- + +## `allowUnknownCountries` + +Define the allowUnknownCountries + +| | | +| ---------- | ---------------------------------------------- | +| Key | `middlewares.$name.data.allowUnknownCountries` | +| Type | `bool` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + allowUnknownCountries: true +``` + +--- + +## `unknownCountryApiResponse` + +Define the unknownCountryApiResponse + +| | | +| ---------- | -------------------------------------------------- | +| Key | `middlewares.$name.data.unknownCountryApiResponse` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + unknownCountryApiResponse: some-value +``` + +--- + +## `blackListMode` + +Define the blackListMode + +| | | +| ---------- | -------------------------------------- | +| Key | `middlewares.$name.data.blackListMode` | +| Type | `bool` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + blackListMode: true +``` + +--- + +## `silentStartUp` + +Define the silentStartUp + +| | | +| ---------- | -------------------------------------- | +| Key | `middlewares.$name.data.silentStartUp` | +| Type | `bool` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + silentStartUp: true +``` + +--- + +## `addCountryHeader` + +Define the addCountryHeader + +| | | +| ---------- | ----------------------------------------- | +| Key | `middlewares.$name.data.addCountryHeader` | +| Type | `bool` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + addCountryHeader: true +``` + +--- + +## `countries` + +Define the countries + +| | | +| ---------- | ---------------------------------- | +| Key | `middlewares.$name.data.countries` | +| Type | `list` of `string` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + countries: + - some-country + - some-other-country +``` + +--- + +## Full Examples + +```yaml +middlewares: + middleware-name: + enabled: true + type: plugin-geoblock + data: + api: https://api.geoblock.org/v2/geoblock + allowLocalRequests: true + logLocalRequests: true + logAllowedRequests: true + logApiRequests: true + apiTimeoutMs: 1000 + cacheSize: 1000 + forceMonthlyUpdate: true + allowUnknownCountries: true + unknownCountryApiResponse: some-value + blackListMode: some-value + silentStartUp: true + addCountryHeader: true + countries: + - some-country + - some-other-country +``` diff --git a/website/src/content/docs/common/middlewares/plugin-mod-security.md b/website/src/content/docs/common/middlewares/plugin-mod-security.md new file mode 100644 index 00000000000..9763e372149 --- /dev/null +++ b/website/src/content/docs/common/middlewares/plugin-mod-security.md @@ -0,0 +1,130 @@ +--- +title: Plugin Mod Security Middleware +--- + +:::note + +- Examples under each key are only to be used as a placement guide +- See the [Full Examples](/common/middlewares/plugin-mod-security#full-examples) section for complete examples. +- Upstream documentation for this middleware can be found [here](https://github.com/acouvreur/traefik-modsecurity-plugin) + +::: + +## Appears in + +- `.Values.middlewares.$name.data` + +:::tip + +- See available middleware keys [here](/common/middlewares). +- This options apply only when `type: plugin-mod-security`. + +::: + +--- + +## `pluginName` + +Define the pluginName + +| | | +| ---------- | ----------------------------------- | +| Key | `middlewares.$name.data.pluginName` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | `traefik-modsecurity-plugin` | + +Example + +```yaml +middlewares: + middleware-name: + data: + pluginName: my-plugin-name +``` + +--- + +## `modSecurityUrl` + +Define the modSecurityUrl + +| | | +| ---------- | --------------------------------------- | +| Key | `middlewares.$name.data.modSecurityUrl` | +| Type | `string` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + modSecurityUrl: https://example.com +``` + +--- + +## `timeoutMillis` + +Define the timeoutMillis + +| | | +| ---------- | -------------------------------------- | +| Key | `middlewares.$name.data.timeoutMillis` | +| Type | `int` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + timeoutMillis: 1000 +``` + +--- + +## `maxBodySize` + +Define the maxBodySize + +| | | +| ---------- | ------------------------------------ | +| Key | `middlewares.$name.data.maxBodySize` | +| Type | `int` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + maxBodySize: 1024 +``` + +--- + +## Full Examples + +```yaml +middlewares: + middleware-name: + enabled: true + type: plugin-mod-security + data: + pluginName: my-plugin-name + modSecurityUrl: https://example.com + timeoutMillis: 1000 + maxBodySize: 1024 +``` diff --git a/website/src/content/docs/common/middlewares/plugin-real-ip.md b/website/src/content/docs/common/middlewares/plugin-real-ip.md new file mode 100644 index 00000000000..48ccf661f82 --- /dev/null +++ b/website/src/content/docs/common/middlewares/plugin-real-ip.md @@ -0,0 +1,86 @@ +--- +title: Plugin Real IP Middleware +--- + +:::note + +- Examples under each key are only to be used as a placement guide +- See the [Full Examples](/common/middlewares/plugin-theme-park#full-examples) section for complete examples. +- Upstream documentation for this middleware can be found [here](https://github.com/jramsgz/traefik-real-ip) + +::: + +## Appears in + +- `.Values.middlewares.$name.data` + +:::tip + +- See available middleware keys [here](/common/middlewares). +- This options apply only when `type: plugin-real-ip`. + +::: + +--- + +## `pluginName` + +Define the pluginName + +| | | +| ---------- | ----------------------------------- | +| Key | `middlewares.$name.data.pluginName` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | `traefik-real-ip` | + +Example + +```yaml +middlewares: + middleware-name: + data: + pluginName: my-plugin-name +``` + +--- + +## `excludednets` + +Define the excludednets + +| | | +| ---------- | ------------------------------------- | +| Key | `middlewares.$name.data.excludednets` | +| Type | `list` of `string` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + excludednets: + - some-excluded-net + - some-other-excluded-net +``` + +--- + +## Full Examples + +```yaml +middlewares: + middleware-name: + enabled: true + type: plugin-real-ip + data: + pluginName: my-plugin-name + excludednets: + - some-excluded-net + - some-other-excluded-net +``` diff --git a/website/src/content/docs/common/middlewares/plugin-rewrite-response-headers.md b/website/src/content/docs/common/middlewares/plugin-rewrite-response-headers.md new file mode 100644 index 00000000000..be8527ec0eb --- /dev/null +++ b/website/src/content/docs/common/middlewares/plugin-rewrite-response-headers.md @@ -0,0 +1,163 @@ +--- +title: Plugin Rewrite Response Headers Middleware +--- + +:::note + +- Examples under each key are only to be used as a placement guide +- See the [Full Examples](/common/middlewares/plugin-rewrite-response-headers#full-examples) section for complete examples. +- Upstream documentation for this middleware can be found [here](https://github.com/XciD/traefik-plugin-rewrite-headers/) + +::: + +## Appears in + +- `.Values.middlewares.$name.data` + +:::tip + +- See available middleware keys [here](/common/middlewares). +- This options apply only when `type: plugin-rewrite-response-headers`. + +::: + +--- + +## `pluginName` + +Define the pluginName + +| | | +| ---------- | ----------------------------------- | +| Key | `middlewares.$name.data.pluginName` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | `rewriteResponseHeaders` | + +Example + +```yaml +middlewares: + middleware-name: + data: + pluginName: my-plugin-name +``` + +--- + +## `rewrites` + +Define the rewrites + +| | | +| ---------- | --------------------------------- | +| Key | `middlewares.$name.data.rewrites` | +| Type | `list` of `map` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + rewrites: + - header: some-header + regex: some-regex + replacement: some-replacement +``` + +--- + +### `rewrites[].header` + +Define the header + +| | | +| ---------- | ---------------------------------------- | +| Key | `middlewares.$name.data.rewrites.header` | +| Type | `string` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + rewrites: + - header: some-header +``` + +--- + +### `rewrites[].regex` + +Define the regex + +| | | +| ---------- | ------------------------------ | +| Key | `middlewares.$name.data.regex` | +| Type | `string` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + rewrites: + - regex: some-regex +``` + +--- + +### `rewrites[].replacement` + +Define the replacement + +| | | +| ---------- | ------------------------------------ | +| Key | `middlewares.$name.data.replacement` | +| Type | `string` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + rewrites: + - replacement: some-replacement +``` + +--- + +## Full Examples + +```yaml +middlewares: + middleware-name: + enabled: true + type: plugin-rewrite-response-headers + data: + pluginName: my-plugin-name + rewrites: + - header: some-header + regex: some-regex + replacement: some-replacement + - header: some-other-header + regex: some-other-regex + replacement: some-other-replacement +``` diff --git a/website/src/content/docs/common/middlewares/plugin-theme-park.md b/website/src/content/docs/common/middlewares/plugin-theme-park.md new file mode 100644 index 00000000000..9a2d96a3748 --- /dev/null +++ b/website/src/content/docs/common/middlewares/plugin-theme-park.md @@ -0,0 +1,158 @@ +--- +title: Plugin Theme Park Middleware +--- + +:::note + +- Examples under each key are only to be used as a placement guide +- See the [Full Examples](/common/middlewares/plugin-theme-park#full-examples) section for complete examples. +- Upstream documentation for this middleware can be found [here](https://github.com/packruler/traefik-themepark) + +::: + +## Appears in + +- `.Values.middlewares.$name.data` + +:::tip + +- See available middleware keys [here](/common/middlewares). +- This options apply only when `type: plugin-theme-park`. + +::: + +--- + +## `pluginName` + +Define the pluginName + +| | | +| ---------- | ----------------------------------- | +| Key | `middlewares.$name.data.pluginName` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | `traefik-themepark` | + +Example + +```yaml +middlewares: + middleware-name: + data: + pluginName: my-plugin-name +``` + +--- + +## `app` + +Define the app + +| | | +| ---------- | ---------------------------- | +| Key | `middlewares.$name.data.app` | +| Type | `string` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + app: sonarr +``` + +--- + +## `theme` + +Define the theme + +| | | +| ---------- | ------------------------------ | +| Key | `middlewares.$name.data.theme` | +| Type | `string` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + theme: dark +``` + +--- + +## `baseUrl` + +Define the baseUrl + +| | | +| ---------- | -------------------------------- | +| Key | `middlewares.$name.data.baseUrl` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + baseUrl: https://example.com +``` + +--- + +## `addons` + +Define the addons + +| | | +| ---------- | ------------------------------- | +| Key | `middlewares.$name.data.addons` | +| Type | `list` of `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + addons: + - some-addon + - some-other-addon +``` + +--- + +## Full Examples + +```yaml +middlewares: + middleware-name: + enabled: true + type: plugin-theme-park + data: + pluginName: my-plugin-name + app: sonarr + theme: dark + baseUrl: https://example.com + addons: + - some-addon + - some-other-addon +``` diff --git a/website/src/content/docs/common/middlewares/rate-limit.md b/website/src/content/docs/common/middlewares/rate-limit.md new file mode 100644 index 00000000000..d3b8d31d7ce --- /dev/null +++ b/website/src/content/docs/common/middlewares/rate-limit.md @@ -0,0 +1,82 @@ +--- +title: Rate Limit Middleware +--- + +:::note + +- Examples under each key are only to be used as a placement guide +- See the [Full Examples](/common/middlewares/rate-limit#full-examples) section for complete examples. +- Upstream documentation for this middleware can be found [here](https://doc.traefik.io/traefik/middlewares/http/ratelimit) + +::: + +## Appears in + +- `.Values.middlewares.$name.data` + +:::tip + +- See available middleware keys [here](/common/middlewares). +- This options apply only when `type: rate-limit`. + +::: + +--- + +## `average` + +Define the average rate limit + +| | | +| ---------- | -------------------------------- | +| Key | `middlewares.$name.data.average` | +| Type | `int` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + average: 1000 +``` + +--- + +## `burst` + +Define the burst rate limit + +| | | +| ---------- | ------------------------------ | +| Key | `middlewares.$name.data.burst` | +| Type | `int` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + burst: 1000 +``` + +--- + +## Full Examples + +```yaml +middlewares: + middleware-name: + enabled: true + type: rate-limit + data: + average: 1000 + burst: 1000 +``` diff --git a/website/src/content/docs/common/middlewares/redirect-regex.md b/website/src/content/docs/common/middlewares/redirect-regex.md new file mode 100644 index 00000000000..fca5a1d841b --- /dev/null +++ b/website/src/content/docs/common/middlewares/redirect-regex.md @@ -0,0 +1,106 @@ +--- +title: Redirect Regex Middleware +--- + +:::note + +- Examples under each key are only to be used as a placement guide +- See the [Full Examples](/common/middlewares/redirect-regex#full-examples) section for complete examples. +- Upstream documentation for this middleware can be found [here](https://doc.traefik.io/traefik/middlewares/http/redirectregex) + +::: + +## Appears in + +- `.Values.middlewares.$name.data` + +:::tip + +- See available middleware keys [here](/common/middlewares). +- This options apply only when `type: redirect-regex`. + +::: + +--- + +## `regex` + +Define the regex + +| | | +| ---------- | ------------------------------ | +| Key | `middlewares.$name.data.regex` | +| Type | `string` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + regex: some-regex +``` + +--- + +## `replacement` + +Define the replacement + +| | | +| ---------- | ------------------------------------ | +| Key | `middlewares.$name.data.replacement` | +| Type | `string` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + replacement: some-replacement +``` + +--- + +## `permanent` + +Define the permanent + +| | | +| ---------- | ---------------------------------- | +| Key | `middlewares.$name.data.permanent` | +| Type | `bool` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + permanent: true +``` + +--- + +## Full Examples + +```yaml +middlewares: + middleware-name: + enabled: true + type: redirect-regex + data: + regex: some-regex + replacement: some-replacement + permanent: true +``` diff --git a/website/src/content/docs/common/middlewares/redirect-scheme.md b/website/src/content/docs/common/middlewares/redirect-scheme.md new file mode 100644 index 00000000000..00f2585d6f3 --- /dev/null +++ b/website/src/content/docs/common/middlewares/redirect-scheme.md @@ -0,0 +1,82 @@ +--- +title: Redirect Scheme Middleware +--- + +:::note + +- Examples under each key are only to be used as a placement guide +- See the [Full Examples](/common/middlewares/redirect-scheme#full-examples) section for complete examples. +- Upstream documentation for this middleware can be found [here](https://doc.traefik.io/traefik/middlewares/http/redirectscheme) + +::: + +## Appears in + +- `.Values.middlewares.$name.data` + +:::tip + +- See available middleware keys [here](/common/middlewares). +- This options apply only when `type: redirect-scheme`. + +::: + +--- + +## `scheme` + +Define the scheme + +| | | +| ---------- | ------------------------------- | +| Key | `middlewares.$name.data.scheme` | +| Type | `string` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + scheme: https +``` + +--- + +## `permanent` + +Define the permanent + +| | | +| ---------- | ---------------------------------- | +| Key | `middlewares.$name.data.permanent` | +| Type | `bool` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + permanent: true +``` + +--- + +## Full Examples + +```yaml +middlewares: + middleware-name: + enabled: true + type: redirect-scheme + data: + scheme: https + permanent: true +``` diff --git a/website/src/content/docs/common/middlewares/replace-path-regex.md b/website/src/content/docs/common/middlewares/replace-path-regex.md new file mode 100644 index 00000000000..a355c3e139f --- /dev/null +++ b/website/src/content/docs/common/middlewares/replace-path-regex.md @@ -0,0 +1,82 @@ +--- +title: Replace Path Regex Middleware +--- + +:::note + +- Examples under each key are only to be used as a placement guide +- See the [Full Examples](/common/middlewares/replace-path-regex#full-examples) section for complete examples. +- Upstream documentation for this middleware can be found [here](https://doc.traefik.io/traefik/middlewares/http/replacepathregex) + +::: + +## Appears in + +- `.Values.middlewares.$name.data` + +:::tip + +- See available middleware keys [here](/common/middlewares). +- This options apply only when `type: replace-path-regex`. + +::: + +--- + +## `regex` + +Define the regex + +| | | +| ---------- | ------------------------------ | +| Key | `middlewares.$name.data.regex` | +| Type | `string` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + regex: /some-path +``` + +--- + +## `replacement` + +Define the replacement + +| | | +| ---------- | ------------------------------------ | +| Key | `middlewares.$name.data.replacement` | +| Type | `string` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + replacement: /some-replacement +``` + +--- + +## Full Examples + +```yaml +middlewares: + middleware-name: + enabled: true + type: replace-path-regex + data: + regex: /some-path + replacement: /some-replacement +``` diff --git a/website/src/content/docs/common/middlewares/replace-path.md b/website/src/content/docs/common/middlewares/replace-path.md new file mode 100644 index 00000000000..db1859af426 --- /dev/null +++ b/website/src/content/docs/common/middlewares/replace-path.md @@ -0,0 +1,58 @@ +--- +title: Replace Path Middleware +--- + +:::note + +- Examples under each key are only to be used as a placement guide +- See the [Full Examples](/common/middlewares/replace-path#full-examples) section for complete examples. +- Upstream documentation for this middleware can be found [here](https://doc.traefik.io/traefik/middlewares/http/replacepath) + +::: + +## Appears in + +- `.Values.middlewares.$name.data` + +:::tip + +- See available middleware keys [here](/common/middlewares). +- This options apply only when `type: replace-path`. + +::: + +--- + +## `path` + +Define the path + +| | | +| ---------- | ----------------------------- | +| Key | `middlewares.$name.data.path` | +| Type | `string` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + path: /some-path +``` + +--- + +## Full Examples + +```yaml +middlewares: + middleware-name: + enabled: true + type: replace-path + data: + path: /some-path +``` diff --git a/website/src/content/docs/common/middlewares/retry.md b/website/src/content/docs/common/middlewares/retry.md new file mode 100644 index 00000000000..641d8528c73 --- /dev/null +++ b/website/src/content/docs/common/middlewares/retry.md @@ -0,0 +1,82 @@ +--- +title: Retry Middleware +--- + +:::note + +- Examples under each key are only to be used as a placement guide +- See the [Full Examples](/common/middlewares/retry#full-examples) section for complete examples. +- Upstream documentation for this middleware can be found [here](https://doc.traefik.io/traefik/middlewares/http/retry) + +::: + +## Appears in + +- `.Values.middlewares.$name.data` + +:::tip + +- See available middleware keys [here](/common/middlewares). +- This options apply only when `type: retry`. + +::: + +--- + +## `attempts` + +Define the path + +| | | +| ---------- | --------------------------------- | +| Key | `middlewares.$name.data.attempts` | +| Type | `string` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + attempts: 3 +``` + +--- + +## `initialInterval` + +Define the initialInterval + +| | | +| ---------- | ---------------------------------------- | +| Key | `middlewares.$name.data.initialInterval` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + initialInterval: 1000 +``` + +--- + +## Full Examples + +```yaml +middlewares: + middleware-name: + enabled: true + type: retry + data: + attempts: 3 + initialInterval: 1000 +``` diff --git a/website/src/content/docs/common/middlewares/strip-prefix-regex.md b/website/src/content/docs/common/middlewares/strip-prefix-regex.md new file mode 100644 index 00000000000..76403a8bcc1 --- /dev/null +++ b/website/src/content/docs/common/middlewares/strip-prefix-regex.md @@ -0,0 +1,62 @@ +--- +title: Strip Prefix Regex Middleware +--- + +:::note + +- Examples under each key are only to be used as a placement guide +- See the [Full Examples](/common/middlewares/strip-prefix-regex#full-examples) section for complete examples. +- Upstream documentation for this middleware can be found [here](https://doc.traefik.io/traefik/middlewares/http/stripprefixregex) + +::: + +## Appears in + +- `.Values.middlewares.$name.data` + +:::tip + +- See available middleware keys [here](/common/middlewares). +- This options apply only when `type: strip-prefix-regex`. + +::: + +--- + +## `regex` + +Define the regexes + +| | | +| ---------- | ------------------------------ | +| Key | `middlewares.$name.data.regex` | +| Type | `list` of `string` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + regex: + - some-regex + - some-other-regex +``` + +--- + +## Full Examples + +```yaml +middlewares: + middleware-name: + enabled: true + type: strip-prefix-regex + data: + regex: + - some-regex + - some-other-regex +``` diff --git a/website/src/content/docs/common/middlewares/strip-prefix.md b/website/src/content/docs/common/middlewares/strip-prefix.md new file mode 100644 index 00000000000..08785406561 --- /dev/null +++ b/website/src/content/docs/common/middlewares/strip-prefix.md @@ -0,0 +1,86 @@ +--- +title: Strip Prefix Middleware +--- + +:::note + +- Examples under each key are only to be used as a placement guide +- See the [Full Examples](/common/middlewares/strip-prefix#full-examples) section for complete examples. +- Upstream documentation for this middleware can be found [here](https://doc.traefik.io/traefik/middlewares/http/stripprefix) + +::: + +## Appears in + +- `.Values.middlewares.$name.data` + +:::tip + +- See available middleware keys [here](/common/middlewares). +- This options apply only when `type: strip-prefix`. + +::: + +--- + +## `prefix` + +Define the prefixes + +| | | +| ---------- | ------------------------------- | +| Key | `middlewares.$name.data.prefix` | +| Type | `list` of `string` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + prefix: + - /some-prefix + - /some-other-prefix +``` + +--- + +## `forceSlash` + +Define the forceSlash + +| | | +| ---------- | ----------------------------------- | +| Key | `middlewares.$name.data.forceSlash` | +| Type | `bool` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + forceSlash: true +``` + +--- + +## Full Examples + +```yaml +middlewares: + middleware-name: + enabled: true + type: strip-prefix + data: + prefix: + - /some-prefix + - /some-other-prefix + forceSlash: true +```