From 1880d4982efd73f39dc1353d06b27f5c05b8b79e Mon Sep 17 00:00:00 2001 From: Stavros Kois <47820033+stavros-k@users.noreply.github.com> Date: Thu, 2 Jan 2025 23:34:20 +0200 Subject: [PATCH] feat(common): add traefik middlewares (#30529) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit **Description** ⚒️ Fixes # **⚙️ Type of change** - [x] ⚙️ Feature/App addition - [ ] 🪛 Bugfix - [ ] ⚠️ Breaking change (fix or feature that would cause existing functionality to not work as expected) - [ ] 🔃 Refactor of current code **🧪 How Has This Been Tested?** **📃 Notes:** **✔️ Checklist:** - [x] ⚖️ My code follows the style guidelines of this project - [x] 👀 I have performed a self-review of my own code - [x] #️⃣ I have commented my code, particularly in hard-to-understand areas - [x] 📄 I have made corresponding changes to the documentation - [x] ⚠️ My changes generate no new warnings - [x] 🧪 I have added tests to this description that prove my fix is effective or that my feature works - [x] ⬆️ I increased versions for any altered app according to semantic versioning - [x] I made sure the title starts with `feat(chart-name):`, `fix(chart-name):` or `chore(chart-name):` **➕ App addition** If this PR is an app addition please make sure you have done the following. - [ ] 🖼️ I have added an icon in the Chart's root directory called `icon.png` --- _Please don't blindly check all the boxes. Read them and only check those that apply. Those checkboxes are there for the reviewer to see what is this all about and the status of this PR with a quick glance._ --- .github/workflows/common-tests.yaml | 3 +- charts/library/common-test/Chart.yaml | 2 +- .../tests/traefik/metadata_test.yaml | 132 +++ .../traefik/middleware_addPrefix_test.yaml | 37 + .../traefik/middleware_basicAuth_test.yaml | 81 ++ .../traefik/middleware_buffering_test.yaml | 71 ++ .../tests/traefik/middleware_chain_test.yaml | 42 + .../traefik/middleware_compress_test.yaml | 22 + .../traefik/middleware_contentType_test.yaml | 22 + .../traefik/middleware_forwardAuth_test.yaml | 106 ++ .../traefik/middleware_headers_test.yaml | 119 +++ .../traefik/middleware_ipAllowList_test.yaml | 62 ++ .../middleware_pluginBouncer_test.yaml | 177 ++++ .../middleware_pluginGeoblock_test.yaml | 101 ++ .../middleware_pluginModSecurity_test.yaml | 57 ++ .../traefik/middleware_pluginRealIP_test.yaml | 61 ++ ...are_pluginRewriteResponseHeaders_test.yaml | 125 +++ .../middleware_pluginThemePark_test.yaml | 77 ++ .../traefik/middleware_rateLimit_test.yaml | 35 + .../middleware_redirectRegex_test.yaml | 69 ++ .../middleware_redirectScheme_test.yaml | 52 + .../middleware_replacePathRegex_test.yaml | 51 + .../traefik/middleware_replacePath_test.yaml | 37 + .../tests/traefik/middleware_retry_test.yaml | 39 + .../tests/traefik/middleware_stripPrefix.yaml | 57 ++ .../middleware_stripPrefixRegex_test.yaml | 41 + .../common-test/tests/traefik/name_test.yaml | 57 ++ .../tests/traefik/validation_test.yaml | 103 ++ charts/library/common/Chart.yaml | 2 +- .../class/traefik-middleware/_middleware.tpl | 46 + .../templates/lib/traefik/_middlewares.tpl | 58 ++ .../templates/lib/traefik/_validation.tpl | 23 + .../lib/traefik/middlewares/_addPrefix.tpl | 12 + .../lib/traefik/middlewares/_basicAuth.tpl | 35 + .../lib/traefik/middlewares/_buffering.tpl | 12 + .../lib/traefik/middlewares/_chain.tpl | 25 + .../lib/traefik/middlewares/_compress.tpl | 7 + .../lib/traefik/middlewares/_contentType.tpl | 7 + .../lib/traefik/middlewares/_forwardAuth.tpl | 58 ++ .../lib/traefik/middlewares/_headers.tpl | 128 +++ .../lib/traefik/middlewares/_ipAllowList.tpl | 38 + .../traefik/middlewares/_pluginBouncer.tpl | 70 ++ .../traefik/middlewares/_pluginGeoblock.tpl | 37 + .../middlewares/_pluginModSecurity.tpl | 21 + .../lib/traefik/middlewares/_pluginRealIP.tpl | 22 + .../_pluginRewriteResponseHeaders.tpl | 40 + .../traefik/middlewares/_pluginThemePark.tpl | 30 + .../lib/traefik/middlewares/_rateLimit.tpl | 13 + .../traefik/middlewares/_redirectRegex.tpl | 22 + .../traefik/middlewares/_redirectScheme.tpl | 18 + .../lib/traefik/middlewares/_replacePath.tpl | 11 + .../traefik/middlewares/_replacePathRegex.tpl | 15 + .../lib/traefik/middlewares/_retry.tpl | 12 + .../lib/traefik/middlewares/_stripPrefix.tpl | 21 + .../traefik/middlewares/_stripPrefixRegex.tpl | 14 + .../common/templates/loader/_apply.tpl | 3 + .../templates/spawner/traefik/_middleware.tpl | 48 + charts/library/common/values.yaml | 14 + containers/apps/traefik/Dockerfile | 4 +- cspell.config.yaml | 46 +- website/cspell.config.yaml | 70 -- website/src/content/docs/common/index.md | 77 +- .../docs/common/middlewares/add-prefix.md | 58 ++ .../docs/common/middlewares/basic-auth.md | 152 +++ .../docs/common/middlewares/buffering.md | 146 +++ .../content/docs/common/middlewares/chain.md | 105 ++ .../docs/common/middlewares/compress.md | 33 + .../docs/common/middlewares/content-type.md | 33 + .../docs/common/middlewares/forward-auth.md | 207 ++++ .../docs/common/middlewares/headers.md | 748 ++++++++++++++ .../content/docs/common/middlewares/index.md | 273 +++++ .../docs/common/middlewares/ip-allow-list.md | 136 +++ .../docs/common/middlewares/plugin-bouncer.md | 958 ++++++++++++++++++ .../common/middlewares/plugin-geoblock.md | 397 ++++++++ .../common/middlewares/plugin-mod-security.md | 130 +++ .../docs/common/middlewares/plugin-real-ip.md | 86 ++ .../plugin-rewrite-response-headers.md | 163 +++ .../common/middlewares/plugin-theme-park.md | 158 +++ .../docs/common/middlewares/rate-limit.md | 82 ++ .../docs/common/middlewares/redirect-regex.md | 106 ++ .../common/middlewares/redirect-scheme.md | 82 ++ .../common/middlewares/replace-path-regex.md | 82 ++ .../docs/common/middlewares/replace-path.md | 58 ++ .../content/docs/common/middlewares/retry.md | 82 ++ .../common/middlewares/strip-prefix-regex.md | 62 ++ .../docs/common/middlewares/strip-prefix.md | 86 ++ 86 files changed, 7205 insertions(+), 115 deletions(-) create mode 100644 charts/library/common-test/tests/traefik/metadata_test.yaml create mode 100644 charts/library/common-test/tests/traefik/middleware_addPrefix_test.yaml create mode 100644 charts/library/common-test/tests/traefik/middleware_basicAuth_test.yaml create mode 100644 charts/library/common-test/tests/traefik/middleware_buffering_test.yaml create mode 100644 charts/library/common-test/tests/traefik/middleware_chain_test.yaml create mode 100644 charts/library/common-test/tests/traefik/middleware_compress_test.yaml create mode 100644 charts/library/common-test/tests/traefik/middleware_contentType_test.yaml create mode 100644 charts/library/common-test/tests/traefik/middleware_forwardAuth_test.yaml create mode 100644 charts/library/common-test/tests/traefik/middleware_headers_test.yaml create mode 100644 charts/library/common-test/tests/traefik/middleware_ipAllowList_test.yaml create mode 100644 charts/library/common-test/tests/traefik/middleware_pluginBouncer_test.yaml create mode 100644 charts/library/common-test/tests/traefik/middleware_pluginGeoblock_test.yaml create mode 100644 charts/library/common-test/tests/traefik/middleware_pluginModSecurity_test.yaml create mode 100644 charts/library/common-test/tests/traefik/middleware_pluginRealIP_test.yaml create mode 100644 charts/library/common-test/tests/traefik/middleware_pluginRewriteResponseHeaders_test.yaml create mode 100644 charts/library/common-test/tests/traefik/middleware_pluginThemePark_test.yaml create mode 100644 charts/library/common-test/tests/traefik/middleware_rateLimit_test.yaml create mode 100644 charts/library/common-test/tests/traefik/middleware_redirectRegex_test.yaml create mode 100644 charts/library/common-test/tests/traefik/middleware_redirectScheme_test.yaml create mode 100644 charts/library/common-test/tests/traefik/middleware_replacePathRegex_test.yaml create mode 100644 charts/library/common-test/tests/traefik/middleware_replacePath_test.yaml create mode 100644 charts/library/common-test/tests/traefik/middleware_retry_test.yaml create mode 100644 charts/library/common-test/tests/traefik/middleware_stripPrefix.yaml create mode 100644 charts/library/common-test/tests/traefik/middleware_stripPrefixRegex_test.yaml create mode 100644 charts/library/common-test/tests/traefik/name_test.yaml create mode 100644 charts/library/common-test/tests/traefik/validation_test.yaml create mode 100644 charts/library/common/templates/class/traefik-middleware/_middleware.tpl create mode 100644 charts/library/common/templates/lib/traefik/_middlewares.tpl create mode 100644 charts/library/common/templates/lib/traefik/_validation.tpl create mode 100644 charts/library/common/templates/lib/traefik/middlewares/_addPrefix.tpl create mode 100644 charts/library/common/templates/lib/traefik/middlewares/_basicAuth.tpl create mode 100644 charts/library/common/templates/lib/traefik/middlewares/_buffering.tpl create mode 100644 charts/library/common/templates/lib/traefik/middlewares/_chain.tpl create mode 100644 charts/library/common/templates/lib/traefik/middlewares/_compress.tpl create mode 100644 charts/library/common/templates/lib/traefik/middlewares/_contentType.tpl create mode 100644 charts/library/common/templates/lib/traefik/middlewares/_forwardAuth.tpl create mode 100644 charts/library/common/templates/lib/traefik/middlewares/_headers.tpl create mode 100644 charts/library/common/templates/lib/traefik/middlewares/_ipAllowList.tpl create mode 100644 charts/library/common/templates/lib/traefik/middlewares/_pluginBouncer.tpl create mode 100644 charts/library/common/templates/lib/traefik/middlewares/_pluginGeoblock.tpl create mode 100644 charts/library/common/templates/lib/traefik/middlewares/_pluginModSecurity.tpl create mode 100644 charts/library/common/templates/lib/traefik/middlewares/_pluginRealIP.tpl create mode 100644 charts/library/common/templates/lib/traefik/middlewares/_pluginRewriteResponseHeaders.tpl create mode 100644 charts/library/common/templates/lib/traefik/middlewares/_pluginThemePark.tpl create mode 100644 charts/library/common/templates/lib/traefik/middlewares/_rateLimit.tpl create mode 100644 charts/library/common/templates/lib/traefik/middlewares/_redirectRegex.tpl create mode 100644 charts/library/common/templates/lib/traefik/middlewares/_redirectScheme.tpl create mode 100644 charts/library/common/templates/lib/traefik/middlewares/_replacePath.tpl create mode 100644 charts/library/common/templates/lib/traefik/middlewares/_replacePathRegex.tpl create mode 100644 charts/library/common/templates/lib/traefik/middlewares/_retry.tpl create mode 100644 charts/library/common/templates/lib/traefik/middlewares/_stripPrefix.tpl create mode 100644 charts/library/common/templates/lib/traefik/middlewares/_stripPrefixRegex.tpl create mode 100644 charts/library/common/templates/spawner/traefik/_middleware.tpl delete mode 100644 website/cspell.config.yaml create mode 100644 website/src/content/docs/common/middlewares/add-prefix.md create mode 100644 website/src/content/docs/common/middlewares/basic-auth.md create mode 100644 website/src/content/docs/common/middlewares/buffering.md create mode 100644 website/src/content/docs/common/middlewares/chain.md create mode 100644 website/src/content/docs/common/middlewares/compress.md create mode 100644 website/src/content/docs/common/middlewares/content-type.md create mode 100644 website/src/content/docs/common/middlewares/forward-auth.md create mode 100644 website/src/content/docs/common/middlewares/headers.md create mode 100644 website/src/content/docs/common/middlewares/index.md create mode 100644 website/src/content/docs/common/middlewares/ip-allow-list.md create mode 100644 website/src/content/docs/common/middlewares/plugin-bouncer.md create mode 100644 website/src/content/docs/common/middlewares/plugin-geoblock.md create mode 100644 website/src/content/docs/common/middlewares/plugin-mod-security.md create mode 100644 website/src/content/docs/common/middlewares/plugin-real-ip.md create mode 100644 website/src/content/docs/common/middlewares/plugin-rewrite-response-headers.md create mode 100644 website/src/content/docs/common/middlewares/plugin-theme-park.md create mode 100644 website/src/content/docs/common/middlewares/rate-limit.md create mode 100644 website/src/content/docs/common/middlewares/redirect-regex.md create mode 100644 website/src/content/docs/common/middlewares/redirect-scheme.md create mode 100644 website/src/content/docs/common/middlewares/replace-path-regex.md create mode 100644 website/src/content/docs/common/middlewares/replace-path.md create mode 100644 website/src/content/docs/common/middlewares/retry.md create mode 100644 website/src/content/docs/common/middlewares/strip-prefix-regex.md create mode 100644 website/src/content/docs/common/middlewares/strip-prefix.md diff --git a/.github/workflows/common-tests.yaml b/.github/workflows/common-tests.yaml index baa94cf3cdc..a5d0e973498 100644 --- a/.github/workflows/common-tests.yaml +++ b/.github/workflows/common-tests.yaml @@ -20,7 +20,6 @@ on: workflow_dispatch: jobs: - check_changes: runs-on: ubuntu-latest outputs: @@ -81,7 +80,7 @@ jobs: name: Unit Tests runs-on: ubuntu-24.04 env: - helmUnitVersion: 0.5.0 + helmUnitVersion: 0.7.1 strategy: fail-fast: false matrix: diff --git a/charts/library/common-test/Chart.yaml b/charts/library/common-test/Chart.yaml index 83d881bccde..486d4c2d922 100644 --- a/charts/library/common-test/Chart.yaml +++ b/charts/library/common-test/Chart.yaml @@ -7,7 +7,7 @@ apiVersion: v2 appVersion: unknown dependencies: - name: common - version: ~25.3.0 + version: ~25.4.0 repository: file://../common/ condition: "" alias: "" diff --git a/charts/library/common-test/tests/traefik/metadata_test.yaml b/charts/library/common-test/tests/traefik/metadata_test.yaml new file mode 100644 index 00000000000..b8cd46958f5 --- /dev/null +++ b/charts/library/common-test/tests/traefik/metadata_test.yaml @@ -0,0 +1,132 @@ +suite: middlewares metadata test +templates: + - common.yaml +chart: + appVersion: &appVer v9.9.9 +release: + name: test-release-name + namespace: test-release-namespace +tests: + - it: should pass with middlewares created with labels and annotations + set: + label1: label1 + label2: global_label2 + annotation1: annotation1 + annotation2: global_annotation2 + global: + labels: + g_label1: global_label1 + g_label2: "{{ .Values.label2 }}" + annotations: + g_annotation1: global_annotation1 + g_annotation2: "{{ .Values.annotation2 }}" + middlewares: + my-middleware1: + enabled: true + type: buffering + labels: + label1: "{{ .Values.label1 }}" + label2: label2 + annotations: + annotation1: "{{ .Values.annotation1 }}" + annotation2: annotation2 + data: + foo: bar + asserts: + - documentIndex: &middlewareDoc 0 + isKind: + of: Middleware + - documentIndex: *middlewareDoc + equal: + path: metadata.annotations + value: + annotation1: annotation1 + annotation2: annotation2 + g_annotation1: global_annotation1 + g_annotation2: global_annotation2 + - documentIndex: *middlewareDoc + equal: + path: metadata.labels + value: + app: common-test-1.0.0 + release: test-release-name + helm-revision: "0" + helm.sh/chart: common-test-1.0.0 + app.kubernetes.io/name: common-test + app.kubernetes.io/instance: test-release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: *appVer + g_label1: global_label1 + g_label2: global_label2 + label1: label1 + label2: label2 + - documentIndex: *middlewareDoc + equal: + path: metadata.namespace + value: test-release-namespace + + - it: should pass with middlewares created with namespace + set: + middlewares: + my-middleware1: + enabled: true + type: buffering + namespace: some-namespace + data: + foo: bar + asserts: + - documentIndex: *middlewareDoc + equal: + path: metadata.namespace + value: some-namespace + + - it: should pass with middlewares created with object namespace from tpl + set: + key: some-namespace + middlewares: + my-middleware1: + enabled: true + type: buffering + namespace: "{{ .Values.key }}" + data: + foo: bar + asserts: + - documentIndex: *middlewareDoc + equal: + path: metadata.namespace + value: some-namespace + + - it: should pass with middlewares created with namespace from global with tpl + set: + key: global-namespace + global: + namespace: "{{ .Values.key }}" + middlewares: + my-middleware1: + enabled: true + type: buffering + data: + foo: bar + asserts: + - documentIndex: *middlewareDoc + equal: + path: metadata.namespace + value: global-namespace + + - it: should pass with middlewares created with namespace from root with tpl + set: + key: local-namespace + namespace: "{{ .Values.key }}" + global: + namespace: global-namespace + middlewares: + my-middleware1: + enabled: true + type: buffering + data: + foo: bar + asserts: + - documentIndex: *middlewareDoc + equal: + path: metadata.namespace + value: local-namespace diff --git a/charts/library/common-test/tests/traefik/middleware_addPrefix_test.yaml b/charts/library/common-test/tests/traefik/middleware_addPrefix_test.yaml new file mode 100644 index 00000000000..f414ef4da51 --- /dev/null +++ b/charts/library/common-test/tests/traefik/middleware_addPrefix_test.yaml @@ -0,0 +1,37 @@ +suite: add-prefix middleware test +templates: + - common.yaml +release: + name: test-release-name + namespace: test-release-namespace +tests: + - it: should pass with all set + set: + middlewares: + my-middleware1: + enabled: true + type: add-prefix + data: + prefix: some-prefix + asserts: + - documentIndex: &middlewareDoc 0 + isKind: + of: Middleware + - documentIndex: *middlewareDoc + equal: + path: spec + value: + addPrefix: + prefix: some-prefix + + - it: should fail with missing prefix + set: + middlewares: + my-middleware1: + enabled: true + type: add-prefix + data: + foo: bar + asserts: + - failedTemplate: + errorMessage: Middleware (add-prefix) - Expected [prefix] to be set diff --git a/charts/library/common-test/tests/traefik/middleware_basicAuth_test.yaml b/charts/library/common-test/tests/traefik/middleware_basicAuth_test.yaml new file mode 100644 index 00000000000..825eae38f05 --- /dev/null +++ b/charts/library/common-test/tests/traefik/middleware_basicAuth_test.yaml @@ -0,0 +1,81 @@ +suite: basicAuth middleware test +templates: + - common.yaml +release: + name: test-release-name + namespace: test-release-namespace +tests: + - it: should pass with all set + set: + middlewares: + my-middleware1: + enabled: true + type: basic-auth + data: + secret: some-secret + my-middleware2: + enabled: true + type: basic-auth + data: + users: + - username: some-username + password: some-password + - username: some-other-username + password: some-other-password + asserts: + - documentIndex: &middlewareDoc 0 + isKind: + of: Middleware + - documentIndex: *middlewareDoc + equal: + path: spec + value: + basicAuth: + secret: some-secret + - documentIndex: &otherMiddlewareDoc 1 + isKind: + of: Middleware + - documentIndex: *otherMiddlewareDoc + equal: + path: spec + value: + basicAuth: + secret: test-release-name-common-test-my-middleware2 + - documentIndex: &secretDoc 2 + isKind: + of: Secret + - documentIndex: *secretDoc + equal: + path: metadata.name + value: test-release-name-common-test-my-middleware2 + - documentIndex: *secretDoc + matchRegex: + path: stringData.users + pattern: some-username:.+\nsome-other-username:.+ + + - it: should fail with missing both users and secret + set: + middlewares: + my-middleware1: + enabled: true + type: basic-auth + data: + foo: bar + asserts: + - failedTemplate: + errorMessage: Middleware (basic-auth) - Expected at least one of [users] or [secret] to be set + + - it: should fail with both secret and users set + set: + middlewares: + my-middleware1: + enabled: true + type: basic-auth + data: + secret: some-secret + users: + - username: some-username + password: some-password + asserts: + - failedTemplate: + errorMessage: Middleware (basic-auth) - Expected either [users] or [secret] to be set, but not both diff --git a/charts/library/common-test/tests/traefik/middleware_buffering_test.yaml b/charts/library/common-test/tests/traefik/middleware_buffering_test.yaml new file mode 100644 index 00000000000..a561eb65942 --- /dev/null +++ b/charts/library/common-test/tests/traefik/middleware_buffering_test.yaml @@ -0,0 +1,71 @@ +suite: buffering middleware test +templates: + - common.yaml +release: + name: test-release-name + namespace: test-release-namespace +tests: + - it: should pass with all set + set: + middlewares: + my-middleware1: + enabled: true + type: buffering + data: + maxRequestBodyBytes: 1024 + memRequestBodyBytes: 1024 + maxResponseBodyBytes: 1024 + memResponseBodyBytes: 1024 + retryExpression: some-expression + asserts: + - documentIndex: &middlewareDoc 0 + isKind: + of: Middleware + - documentIndex: *middlewareDoc + equal: + path: spec + value: + buffering: + maxRequestBodyBytes: 1024 + memRequestBodyBytes: 1024 + maxResponseBodyBytes: 1024 + memResponseBodyBytes: 1024 + retryExpression: "some-expression" + + - it: should pass with only maxRequestBodyBytes set + set: + middlewares: + my-middleware1: + enabled: true + type: buffering + data: + maxRequestBodyBytes: 1024 + asserts: + - documentIndex: *middlewareDoc + equal: + path: spec + value: + buffering: + maxRequestBodyBytes: 1024 + + - it: should render 0 and non-null values + set: + middlewares: + my-middleware1: + enabled: true + type: buffering + data: + maxRequestBodyBytes: 0 + memRequestBodyBytes: null + maxResponseBodyBytes: 1024 + memResponseBodyBytes: 1024 + retryExpression: "" + asserts: + - documentIndex: *middlewareDoc + equal: + path: spec + value: + buffering: + maxRequestBodyBytes: 0 + maxResponseBodyBytes: 1024 + memResponseBodyBytes: 1024 diff --git a/charts/library/common-test/tests/traefik/middleware_chain_test.yaml b/charts/library/common-test/tests/traefik/middleware_chain_test.yaml new file mode 100644 index 00000000000..36d7dbce6ad --- /dev/null +++ b/charts/library/common-test/tests/traefik/middleware_chain_test.yaml @@ -0,0 +1,42 @@ +suite: chain middleware test +templates: + - common.yaml +release: + name: test-release-name + namespace: test-release-namespace +tests: + - it: should pass with all set + set: + middlewares: + my-middleware1: + enabled: true + type: chain + data: + middlewares: + - name: some-name + expandObjectName: false + - name: some-other-name + asserts: + - documentIndex: &middlewareDoc 0 + isKind: + of: Middleware + - documentIndex: *middlewareDoc + equal: + path: spec + value: + chain: + middlewares: + - name: some-name + - name: test-release-name-common-test-some-other-name + + - it: should fail with missing middlewares + set: + middlewares: + my-middleware1: + enabled: true + type: chain + data: + middlewares: [] + asserts: + - failedTemplate: + errorMessage: Middleware (chain) - Expected [middlewares] to be set diff --git a/charts/library/common-test/tests/traefik/middleware_compress_test.yaml b/charts/library/common-test/tests/traefik/middleware_compress_test.yaml new file mode 100644 index 00000000000..82c18e5dca9 --- /dev/null +++ b/charts/library/common-test/tests/traefik/middleware_compress_test.yaml @@ -0,0 +1,22 @@ +suite: compress middleware test +templates: + - common.yaml +release: + name: test-release-name + namespace: test-release-namespace +tests: + - it: should pass with all set + set: + middlewares: + my-middleware1: + enabled: true + type: compress + asserts: + - documentIndex: &middlewareDoc 0 + isKind: + of: Middleware + - documentIndex: *middlewareDoc + equal: + path: spec + value: + compress: {} diff --git a/charts/library/common-test/tests/traefik/middleware_contentType_test.yaml b/charts/library/common-test/tests/traefik/middleware_contentType_test.yaml new file mode 100644 index 00000000000..54ac83d7ce2 --- /dev/null +++ b/charts/library/common-test/tests/traefik/middleware_contentType_test.yaml @@ -0,0 +1,22 @@ +suite: contentType middleware test +templates: + - common.yaml +release: + name: test-release-name + namespace: test-release-namespace +tests: + - it: should pass with all set + set: + middlewares: + my-middleware1: + enabled: true + type: content-type + asserts: + - documentIndex: &middlewareDoc 0 + isKind: + of: Middleware + - documentIndex: *middlewareDoc + equal: + path: spec + value: + contentType: {} diff --git a/charts/library/common-test/tests/traefik/middleware_forwardAuth_test.yaml b/charts/library/common-test/tests/traefik/middleware_forwardAuth_test.yaml new file mode 100644 index 00000000000..7ead0b55add --- /dev/null +++ b/charts/library/common-test/tests/traefik/middleware_forwardAuth_test.yaml @@ -0,0 +1,106 @@ +suite: forward-auth middleware test +templates: + - common.yaml +release: + name: test-release-name + namespace: test-release-namespace +tests: + - it: should pass with values + set: + middlewares: + my-middleware1: + enabled: true + type: forward-auth + data: + address: some-address + authResponseHeadersRegex: some-regex + trustForwardHeader: true + authResponseHeaders: + - some-header + authRequestHeaders: + - some-header + tls: + insecureSkipVerify: true + asserts: + - documentIndex: &middlewareDoc 0 + isKind: + of: Middleware + - documentIndex: *middlewareDoc + equal: + path: spec + value: + forwardAuth: + address: some-address + authResponseHeadersRegex: some-regex + trustForwardHeader: true + authResponseHeaders: + - some-header + authRequestHeaders: + - some-header + tls: + insecureSkipVerify: true + + - it: should fail with missing address + set: + middlewares: + my-middleware1: + enabled: true + type: forward-auth + data: + authResponseHeadersRegex: some-regex + asserts: + - failedTemplate: + errorMessage: Middleware (forward-auth) - Expected [address] to be set + + - it: should fail with invalid authResponseHeaders + set: + middlewares: + my-middleware1: + enabled: true + type: forward-auth + data: + address: some-address + authResponseHeaders: some-header + asserts: + - failedTemplate: + errorMessage: Middleware (forward-auth) - Expected [authResponseHeaders] to be a list, but got [string] + + - it: should fail with invalid authRequestHeaders + set: + middlewares: + my-middleware1: + enabled: true + type: forward-auth + data: + address: some-address + authRequestHeaders: some-header + asserts: + - failedTemplate: + errorMessage: Middleware (forward-auth) - Expected [authRequestHeaders] to be a list, but got [string] + + - it: should fail with invalid tls.insecureSkipVerify + set: + middlewares: + my-middleware1: + enabled: true + type: forward-auth + data: + address: some-address + tls: + insecureSkipVerify: some-value + asserts: + - failedTemplate: + errorMessage: Middleware (forward-auth) - Expected [tls.insecureSkipVerify] to be a boolean, but got [string] + + - it: should fail with invalid trustForwardHeader + set: + middlewares: + my-middleware1: + enabled: true + type: forward-auth + data: + address: some-address + trustForwardHeader: some-value + asserts: + - failedTemplate: + errorMessage: Middleware (forward-auth) - Expected [trustForwardHeader] to be a boolean, but got [string] diff --git a/charts/library/common-test/tests/traefik/middleware_headers_test.yaml b/charts/library/common-test/tests/traefik/middleware_headers_test.yaml new file mode 100644 index 00000000000..dc25d25f5c5 --- /dev/null +++ b/charts/library/common-test/tests/traefik/middleware_headers_test.yaml @@ -0,0 +1,119 @@ +suite: headers middleware test +templates: + - common.yaml +release: + name: test-release-name + namespace: test-release-namespace +tests: + - it: should pass with all set + set: + middlewares: + my-middleware1: + enabled: true + type: headers + data: + customRequestHeaders: + some-name: some-value + some-other-name: some-other-value + customResponseHeaders: + some-name: some-value + some-other-name: some-other-value + accessControlAllowCredentials: true + accessControlAllowHeaders: + - some-header + - some-other-header + accessControlAllowMethods: + - GET + - DELETE + accessControlAllowOriginList: + - some-origin + - some-other-origin + accessControlAllowOriginListRegex: + - some-origin-regex + - some-other-origin-regex + accessControlExposeHeaders: + - some-header + - some-other-header + accessControlMaxAge: 1000 + addVaryHeader: true + allowedHosts: + - some-host + - some-other-host + hostsProxyHeaders: + - some-header + - some-other-header + sslProxyHeaders: + some-header: some-value + some-other-header: some-other-value + stsSeconds: 1000 + stsIncludeSubdomains: true + stsPreload: true + forceSTSHeader: true + frameDeny: true + customFrameOptionsValue: some-value + contentTypeNosniff: true + browserXssFilter: true + customBrowserXSSValue: some-value + contentSecurityPolicy: some-value + contentSecurityPolicyReportOnly: true + publicKey: some-public-key + referrerPolicy: some-referrer-policy + permissionsPolicy: some-permissions-policy + isDevelopment: true + asserts: + - documentIndex: &middlewareDoc 0 + isKind: + of: Middleware + - documentIndex: *middlewareDoc + equal: + path: spec + value: + headers: + customRequestHeaders: + some-name: some-value + some-other-name: some-other-value + customResponseHeaders: + some-name: some-value + some-other-name: some-other-value + accessControlAllowCredentials: true + accessControlAllowHeaders: + - some-header + - some-other-header + accessControlAllowMethods: + - GET + - DELETE + accessControlAllowOriginList: + - some-origin + - some-other-origin + accessControlAllowOriginListRegex: + - some-origin-regex + - some-other-origin-regex + accessControlExposeHeaders: + - some-header + - some-other-header + accessControlMaxAge: 1000 + addVaryHeader: true + allowedHosts: + - some-host + - some-other-host + hostsProxyHeaders: + - some-header + - some-other-header + sslProxyHeaders: + some-header: some-value + some-other-header: some-other-value + stsSeconds: 1000 + stsIncludeSubdomains: true + stsPreload: true + forceSTSHeader: true + frameDeny: true + customFrameOptionsValue: some-value + contentTypeNosniff: true + browserXssFilter: true + customBrowserXSSValue: some-value + contentSecurityPolicy: some-value + contentSecurityPolicyReportOnly: true + publicKey: some-public-key + referrerPolicy: some-referrer-policy + permissionsPolicy: some-permissions-policy + isDevelopment: true diff --git a/charts/library/common-test/tests/traefik/middleware_ipAllowList_test.yaml b/charts/library/common-test/tests/traefik/middleware_ipAllowList_test.yaml new file mode 100644 index 00000000000..ad9a306b1ab --- /dev/null +++ b/charts/library/common-test/tests/traefik/middleware_ipAllowList_test.yaml @@ -0,0 +1,62 @@ +suite: ip-allow-list middleware test +templates: + - common.yaml +release: + name: test-release-name + namespace: test-release-namespace +tests: + - it: should pass with all set + set: + middlewares: + my-middleware1: + enabled: true + type: ip-allow-list + data: + sourceRange: + - some-source-range + ipStrategy: + depth: 1 + excludedIPs: + - some-excluded-ip + asserts: + - documentIndex: &middlewareDoc 0 + isKind: + of: Middleware + - documentIndex: *middlewareDoc + equal: + path: spec + value: + ipAllowList: + sourceRange: + - some-source-range + ipStrategy: + depth: 1 + excludedIPs: + - some-excluded-ip + + - it: should fail with invalid sourceRange + set: + middlewares: + my-middleware1: + enabled: true + type: ip-allow-list + data: + sourceRange: some-source-range + asserts: + - failedTemplate: + errorMessage: Middleware (ip-allow-list) - Expected [sourceRange] to be a list, but got [string] + + - it: should fail with invalid ipStrategy.excludedIPs + set: + middlewares: + my-middleware1: + enabled: true + type: ip-allow-list + data: + sourceRange: + - some-source-range + ipStrategy: + excludedIPs: some-excluded-ip + asserts: + - failedTemplate: + errorMessage: Middleware (ip-allow-list) - Expected [ipStrategy.excludedIPs] to be a list, but got [string] diff --git a/charts/library/common-test/tests/traefik/middleware_pluginBouncer_test.yaml b/charts/library/common-test/tests/traefik/middleware_pluginBouncer_test.yaml new file mode 100644 index 00000000000..27cb81665d0 --- /dev/null +++ b/charts/library/common-test/tests/traefik/middleware_pluginBouncer_test.yaml @@ -0,0 +1,177 @@ +suite: plugin-bouncer middleware test +templates: + - common.yaml +release: + name: test-release-name + namespace: test-release-namespace +tests: + - it: should pass with all set + set: + middlewares: + my-middleware1: + enabled: true + type: plugin-bouncer + data: + enabled: true + logLevel: DEBUG + updateIntervalSeconds: 60 + updateMaxFailure: 0 + defaultDecisionSeconds: 60 + httpTimeoutSeconds: 10 + crowdsecMode: live + crowdsecAppsecEnabled: false + crowdsecAppsecHost: crowdsec:7422 + crowdsecAppsecFailureBlock: true + crowdsecAppsecUnreachableBlock: true + crowdsecLapiKey: privateKey-foo + crowdsecLapiHost: crowdsec:8080 + crowdsecLapiScheme: http + crowdsecLapiTLSInsecureVerify: false + crowdsecCapiMachineId: login + crowdsecCapiPassword: password + crowdsecCapiScenarios: + - crowdsecurity/http-path-traversal-probing + - crowdsecurity/http-xss-probing + - crowdsecurity/http-generic-bf + forwardedHeadersTrustedIPs: + - 10.0.10.23/32 + - 10.0.20.0/24 + clientTrustedIPs: + - 192.168.1.0/24 + forwardedHeadersCustomName: X-Custom-Header + remediationHeadersCustomName: cs-remediation + redisCacheEnabled: false + redisCacheHost: "redis:6379" + redisCachePassword: password + redisCacheDatabase: "5" + crowdsecLapiTLSCertificateAuthority: |- + -----BEGIN CERTIFICATE----- + MIIEBzCCAu+gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVT + ... + Q0veeNzBQXg1f/JxfeA39IDIX1kiCf71tGlT + -----END CERTIFICATE----- + crowdsecLapiTLSCertificateBouncer: |- + -----BEGIN CERTIFICATE----- + MIIEHjCCAwagAwIBAgIUOBTs1eqkaAUcPplztUr2xRapvNAwDQYJKoZIhvcNAQEL + ... + RaXAnYYUVRblS1jmePemh388hFxbmrpG2pITx8B5FMULqHoj11o2Rl0gSV6tHIHz + N2U= + -----END CERTIFICATE----- + crowdsecLapiTLSCertificateBouncerKey: |- + -----BEGIN RSA PRIVATE KEY----- + MIIEogIBAAKCAQEAtYQnbJqifH+ZymePylDxGGLIuxzcAUU4/ajNj+qRAdI/Ux3d + ... + ic5cDRo6/VD3CS3MYzyBcibaGaV34nr0G/pI+KEqkYChzk/PZRA= + -----END RSA PRIVATE KEY----- + captchaProvider: hcaptcha + captchaSiteKey: FIXME + captchaSecretKey: FIXME + captchaGracePeriodSeconds: 1800 + captchaHTMLFilePath: /captcha.html + banHTMLFilePath: /ban.html + asserts: + - documentIndex: &middlewareDoc 0 + equal: + path: spec + value: + plugin: + bouncer: + enabled: true + logLevel: DEBUG + updateIntervalSeconds: 60 + updateMaxFailure: 0 + defaultDecisionSeconds: 60 + httpTimeoutSeconds: 10 + crowdsecMode: live + crowdsecAppsecEnabled: false + crowdsecAppsecHost: crowdsec:7422 + crowdsecAppsecFailureBlock: true + crowdsecAppsecUnreachableBlock: true + crowdsecLapiKey: privateKey-foo + crowdsecLapiHost: crowdsec:8080 + crowdsecLapiScheme: http + crowdsecLapiTLSInsecureVerify: false + crowdsecCapiMachineId: login + crowdsecCapiPassword: password + crowdsecCapiScenarios: + - crowdsecurity/http-path-traversal-probing + - crowdsecurity/http-xss-probing + - crowdsecurity/http-generic-bf + forwardedHeadersTrustedIPs: + - 10.0.10.23/32 + - 10.0.20.0/24 + clientTrustedIPs: + - 192.168.1.0/24 + forwardedHeadersCustomName: X-Custom-Header + remediationHeadersCustomName: cs-remediation + redisCacheEnabled: false + redisCacheHost: "redis:6379" + redisCachePassword: password + redisCacheDatabase: "5" + crowdsecLapiTLSCertificateAuthority: |- + -----BEGIN CERTIFICATE----- + MIIEBzCCAu+gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVT + ... + Q0veeNzBQXg1f/JxfeA39IDIX1kiCf71tGlT + -----END CERTIFICATE----- + crowdsecLapiTLSCertificateBouncer: |- + -----BEGIN CERTIFICATE----- + MIIEHjCCAwagAwIBAgIUOBTs1eqkaAUcPplztUr2xRapvNAwDQYJKoZIhvcNAQEL + ... + RaXAnYYUVRblS1jmePemh388hFxbmrpG2pITx8B5FMULqHoj11o2Rl0gSV6tHIHz + N2U= + -----END CERTIFICATE----- + crowdsecLapiTLSCertificateBouncerKey: |- + -----BEGIN RSA PRIVATE KEY----- + MIIEogIBAAKCAQEAtYQnbJqifH+ZymePylDxGGLIuxzcAUU4/ajNj+qRAdI/Ux3d + ... + ic5cDRo6/VD3CS3MYzyBcibaGaV34nr0G/pI+KEqkYChzk/PZRA= + -----END RSA PRIVATE KEY----- + captchaProvider: hcaptcha + captchaSiteKey: FIXME + captchaSecretKey: FIXME + captchaGracePeriodSeconds: 1800 + captchaHTMLFilePath: /captcha.html + banHTMLFilePath: /ban.html + + - it: should pass with pluginName set + set: + middlewares: + my-middleware1: + enabled: true + type: plugin-bouncer + data: + pluginName: traefik-bouncer-test + enabled: true + asserts: + - documentIndex: *middlewareDoc + equal: + path: spec + value: + plugin: + traefik-bouncer-test: + enabled: true + + - it: should fail with missing enabled + set: + middlewares: + my-middleware1: + enabled: true + type: plugin-bouncer + data: + foo: bar + asserts: + - failedTemplate: + errorMessage: Middleware (plugin-bouncer) - Expected [enabled] to be set + + - it: should fail with invalid enabled + set: + middlewares: + my-middleware1: + enabled: true + type: plugin-bouncer + data: + enabled: some-value + asserts: + - failedTemplate: + errorMessage: Middleware (plugin-bouncer) - Expected [enabled] to be a boolean, but got [string] diff --git a/charts/library/common-test/tests/traefik/middleware_pluginGeoblock_test.yaml b/charts/library/common-test/tests/traefik/middleware_pluginGeoblock_test.yaml new file mode 100644 index 00000000000..6a457a6712e --- /dev/null +++ b/charts/library/common-test/tests/traefik/middleware_pluginGeoblock_test.yaml @@ -0,0 +1,101 @@ +suite: plugin-geoblock middleware test +templates: + - common.yaml +release: + name: test-release-name + namespace: test-release-namespace +tests: + - it: should pass with all set + set: + middlewares: + my-middleware1: + enabled: true + type: plugin-geoblock + data: + api: https://api.geoblock.org/v2/geoblock + allowLocalRequests: true + logLocalRequests: true + logAllowedRequests: true + logApiRequests: true + apiTimeoutMs: 1000 + cacheSize: 1000 + forceMonthlyUpdate: true + allowUnknownCountries: true + unknownCountryApiResponse: some-value + blackListMode: true + silentStartUp: true + addCountryHeader: true + countries: + - some-country + - some-other-country + asserts: + - documentIndex: &middlewareDoc 0 + equal: + path: spec + value: + plugin: + GeoBlock: + allowLocalRequests: true + logLocalRequests: true + logAllowedRequests: true + logApiRequests: true + api: https://api.geoblock.org/v2/geoblock + apiTimeoutMs: 1000 + cacheSize: 1000 + forceMonthlyUpdate: true + allowUnknownCountries: true + unknownCountryApiResponse: some-value + blackListMode: true + silentStartUp: true + addCountryHeader: true + countries: + - some-country + - some-other-country + + - it: should pass with pluginName set + set: + middlewares: + my-middleware1: + enabled: true + type: plugin-geoblock + data: + pluginName: traefik-geoblock-test + api: https://api.geoblock.org/v2/geoblock + countries: + - some-country + - some-other-country + asserts: + - documentIndex: *middlewareDoc + equal: + path: spec + value: + plugin: + traefik-geoblock-test: + api: https://api.geoblock.org/v2/geoblock + countries: + - some-country + - some-other-country + + - it: should fail with missing api + set: + middlewares: + my-middleware1: + enabled: true + type: plugin-geoblock + data: + foo: bar + asserts: + - failedTemplate: + errorMessage: Middleware (plugin-geoblock) - Expected [api] to be set + + - it: should fail with missing countries + set: + middlewares: + my-middleware1: + enabled: true + type: plugin-geoblock + data: + api: https://api.geoblock.org/v2/geoblock + asserts: + - failedTemplate: + errorMessage: Middleware (plugin-geoblock) - Expected [countries] to be set diff --git a/charts/library/common-test/tests/traefik/middleware_pluginModSecurity_test.yaml b/charts/library/common-test/tests/traefik/middleware_pluginModSecurity_test.yaml new file mode 100644 index 00000000000..14f63a6a707 --- /dev/null +++ b/charts/library/common-test/tests/traefik/middleware_pluginModSecurity_test.yaml @@ -0,0 +1,57 @@ +suite: plugin-mod-security middleware test +templates: + - common.yaml +release: + name: test-release-name + namespace: test-release-namespace +tests: + - it: should pass with all set + set: + middlewares: + my-middleware1: + enabled: true + type: plugin-mod-security + data: + modSecurityUrl: some-url + timeoutMillis: 1000 + maxBodySize: 1024 + asserts: + - documentIndex: &middlewareDoc 0 + equal: + path: spec + value: + plugin: + traefik-modsecurity-plugin: + modSecurityUrl: some-url + timeoutMillis: 1000 + maxBodySize: 1024 + + - it: should pass with pluginName set + set: + middlewares: + my-middleware1: + enabled: true + type: plugin-mod-security + data: + pluginName: traefik-mod-security-test + modSecurityUrl: some-url + asserts: + - documentIndex: *middlewareDoc + equal: + path: spec + value: + plugin: + traefik-mod-security-test: + modSecurityUrl: some-url + + - it: should fail with missing modSecurityUrl + set: + middlewares: + my-middleware1: + enabled: true + type: plugin-mod-security + data: + foo: bar + asserts: + - failedTemplate: + errorMessage: Middleware (modsecurity) - Expected [modSecurityUrl] to be set diff --git a/charts/library/common-test/tests/traefik/middleware_pluginRealIP_test.yaml b/charts/library/common-test/tests/traefik/middleware_pluginRealIP_test.yaml new file mode 100644 index 00000000000..5b1990c95ee --- /dev/null +++ b/charts/library/common-test/tests/traefik/middleware_pluginRealIP_test.yaml @@ -0,0 +1,61 @@ +suite: plugin-real-ip middleware test +templates: + - common.yaml +release: + name: test-release-name + namespace: test-release-namespace +tests: + - it: should pass with all set + set: + middlewares: + my-middleware1: + enabled: true + type: plugin-real-ip + data: + excludednets: + - some-excluded-net + - some-other-excluded-net + asserts: + - documentIndex: &middlewareDoc 0 + equal: + path: spec + value: + plugin: + traefik-real-ip: + excludednets: + - some-excluded-net + - some-other-excluded-net + + - it: should pass with pluginName set + set: + middlewares: + my-middleware1: + enabled: true + type: plugin-real-ip + data: + pluginName: traefik-real-ip-test + excludednets: + - some-excluded-net + - some-other-excluded-net + asserts: + - documentIndex: *middlewareDoc + equal: + path: spec + value: + plugin: + traefik-real-ip-test: + excludednets: + - some-excluded-net + - some-other-excluded-net + + - it: should fail with missing excludednets + set: + middlewares: + my-middleware1: + enabled: true + type: plugin-real-ip + data: + foo: bar + asserts: + - failedTemplate: + errorMessage: Middleware (real-ip) - Expected [excludednets] to be set diff --git a/charts/library/common-test/tests/traefik/middleware_pluginRewriteResponseHeaders_test.yaml b/charts/library/common-test/tests/traefik/middleware_pluginRewriteResponseHeaders_test.yaml new file mode 100644 index 00000000000..93c3d91fd47 --- /dev/null +++ b/charts/library/common-test/tests/traefik/middleware_pluginRewriteResponseHeaders_test.yaml @@ -0,0 +1,125 @@ +suite: plugin-rewrite-response-headers middleware test +templates: + - common.yaml +release: + name: test-release-name + namespace: test-release-namespace +tests: + - it: should pass with all set + set: + middlewares: + my-middleware1: + enabled: true + type: plugin-rewrite-response-headers + data: + rewrites: + - header: some-header + regex: some-regex + replacement: some-replacement + - header: some-other-header + regex: some-other-regex + replacement: some-other-replacement + asserts: + - documentIndex: &middlewareDoc 0 + equal: + path: spec + value: + plugin: + rewriteResponseHeaders: + rewrites: + - header: some-header + regex: some-regex + replacement: some-replacement + - header: some-other-header + regex: some-other-regex + replacement: some-other-replacement + + - it: should pass with pluginName set + set: + middlewares: + my-middleware1: + enabled: true + type: plugin-rewrite-response-headers + data: + pluginName: traefik-rewrite-response-headers-test + rewrites: + - header: some-header + regex: some-regex + replacement: some-replacement + asserts: + - documentIndex: *middlewareDoc + equal: + path: spec + value: + plugin: + traefik-rewrite-response-headers-test: + rewrites: + - header: some-header + regex: some-regex + replacement: some-replacement + + - it: should fail with missing header + set: + middlewares: + my-middleware1: + enabled: true + type: plugin-rewrite-response-headers + data: + rewrites: + - regex: some-regex + replacement: some-replacement + asserts: + - failedTemplate: + errorMessage: Middleware (rewrite-response-headers) - Expected [header] to be set for rewrite [0] + + - it: should fail with missing regex + set: + middlewares: + my-middleware1: + enabled: true + type: plugin-rewrite-response-headers + data: + rewrites: + - header: some-header + replacement: some-replacement + asserts: + - failedTemplate: + errorMessage: Middleware (rewrite-response-headers) - Expected [regex] to be set for rewrite [0] + + - it: should fail with missing replacement + set: + middlewares: + my-middleware1: + enabled: true + type: plugin-rewrite-response-headers + data: + rewrites: + - header: some-header + regex: some-regex + asserts: + - failedTemplate: + errorMessage: Middleware (rewrite-response-headers) - Expected [replacement] to be set for rewrite [0] + + - it: should fail with missing rewrites + set: + middlewares: + my-middleware1: + enabled: true + type: plugin-rewrite-response-headers + data: + foo: bar + asserts: + - failedTemplate: + errorMessage: Middleware (rewrite-response-headers) - Expected [rewrites] to be set + + - it: should fail with invalid rewrites + set: + middlewares: + my-middleware1: + enabled: true + type: plugin-rewrite-response-headers + data: + rewrites: some-value + asserts: + - failedTemplate: + errorMessage: Middleware (rewrite-response-headers) - Expected [rewrites] to be a list, but got [string] diff --git a/charts/library/common-test/tests/traefik/middleware_pluginThemePark_test.yaml b/charts/library/common-test/tests/traefik/middleware_pluginThemePark_test.yaml new file mode 100644 index 00000000000..deaad41d96e --- /dev/null +++ b/charts/library/common-test/tests/traefik/middleware_pluginThemePark_test.yaml @@ -0,0 +1,77 @@ +suite: plugin-theme-park middleware test +templates: + - common.yaml +release: + name: test-release-name + namespace: test-release-namespace +tests: + - it: should pass with all set + set: + middlewares: + my-middleware1: + enabled: true + type: plugin-theme-park + data: + app: sonarr + theme: dark + baseUrl: https://example.com + addons: + - some-addon + - some-other-addon + asserts: + - documentIndex: &middlewareDoc 0 + equal: + path: spec + value: + plugin: + traefik-themepark: + app: sonarr + theme: dark + baseUrl: https://example.com + addons: + - some-addon + - some-other-addon + + - it: should pass with pluginName set + set: + middlewares: + my-middleware1: + enabled: true + type: plugin-theme-park + data: + app: sonarr + theme: dark + pluginName: traefik-themepark-test + asserts: + - documentIndex: *middlewareDoc + equal: + path: spec + value: + plugin: + traefik-themepark-test: + app: sonarr + theme: dark + + - it: should fail with missing app + set: + middlewares: + my-middleware1: + enabled: true + type: plugin-theme-park + data: + theme: dark + asserts: + - failedTemplate: + errorMessage: Middleware (themepark) - Expected [app] to be set + + - it: should fail with missing theme + set: + middlewares: + my-middleware1: + enabled: true + type: plugin-theme-park + data: + app: sonarr + asserts: + - failedTemplate: + errorMessage: Middleware (themepark) - Expected [theme] to be set diff --git a/charts/library/common-test/tests/traefik/middleware_rateLimit_test.yaml b/charts/library/common-test/tests/traefik/middleware_rateLimit_test.yaml new file mode 100644 index 00000000000..43732c1cd25 --- /dev/null +++ b/charts/library/common-test/tests/traefik/middleware_rateLimit_test.yaml @@ -0,0 +1,35 @@ +suite: compress middleware test +templates: + - common.yaml +release: + name: test-release-name + namespace: test-release-namespace +tests: + - it: should pass with all set + set: + middlewares: + my-middleware1: + enabled: true + type: rate-limit + data: + average: 1000 + burst: 2000 + asserts: + - documentIndex: &middlewareDoc 0 + equal: + path: spec + value: + rateLimit: + average: 1000 + burst: 2000 + - it: should fail with missing average and burst + set: + middlewares: + my-middleware1: + enabled: true + type: rate-limit + data: + foo: bar + asserts: + - failedTemplate: + errorMessage: Middleware (rate-limit) - Expected either [average] or [burst] to be set diff --git a/charts/library/common-test/tests/traefik/middleware_redirectRegex_test.yaml b/charts/library/common-test/tests/traefik/middleware_redirectRegex_test.yaml new file mode 100644 index 00000000000..e99004aa1c4 --- /dev/null +++ b/charts/library/common-test/tests/traefik/middleware_redirectRegex_test.yaml @@ -0,0 +1,69 @@ +suite: redirectRegex middleware test +templates: + - common.yaml +release: + name: test-release-name + namespace: test-release-namespace +tests: + - it: should pass with all set + set: + middlewares: + my-middleware1: + enabled: true + type: redirect-regex + data: + regex: some-regex + replacement: some-replacement + permanent: true + asserts: + - documentIndex: &middlewareDoc 0 + isKind: + of: Middleware + - documentIndex: *middlewareDoc + equal: + path: spec + value: + redirectRegex: + regex: some-regex + replacement: some-replacement + permanent: true + + - it: should fail with missing regex + set: + middlewares: + my-middleware1: + enabled: true + type: redirect-regex + data: + replacement: some-replacement + permanent: true + asserts: + - failedTemplate: + errorMessage: Middleware (redirect-regex) - Expected [regex] to be set + + - it: should fail with missing replacement + set: + middlewares: + my-middleware1: + enabled: true + type: redirect-regex + data: + regex: some-regex + permanent: true + asserts: + - failedTemplate: + errorMessage: Middleware (redirect-regex) - Expected [replacement] to be set + + - it: should fail with invalid permanent + set: + middlewares: + my-middleware1: + enabled: true + type: redirect-regex + data: + regex: some-regex + replacement: some-replacement + permanent: some-value + asserts: + - failedTemplate: + errorMessage: Middleware (redirect-regex) - Expected [permanent] to be a boolean, but got [string] diff --git a/charts/library/common-test/tests/traefik/middleware_redirectScheme_test.yaml b/charts/library/common-test/tests/traefik/middleware_redirectScheme_test.yaml new file mode 100644 index 00000000000..80d8696d927 --- /dev/null +++ b/charts/library/common-test/tests/traefik/middleware_redirectScheme_test.yaml @@ -0,0 +1,52 @@ +suite: redirectScheme middleware test +templates: + - common.yaml +release: + name: test-release-name + namespace: test-release-namespace +tests: + - it: should pass with all set + set: + middlewares: + my-middleware1: + enabled: true + type: redirect-scheme + data: + scheme: https + permanent: true + asserts: + - documentIndex: &middlewareDoc 0 + isKind: + of: Middleware + - documentIndex: *middlewareDoc + equal: + path: spec + value: + redirectScheme: + scheme: https + permanent: true + + - it: should fail with missing scheme + set: + middlewares: + my-middleware1: + enabled: true + type: redirect-scheme + data: + permanent: true + asserts: + - failedTemplate: + errorMessage: Middleware (redirect-scheme) - Expected [scheme] to be set + + - it: should fail with invalid permanent + set: + middlewares: + my-middleware1: + enabled: true + type: redirect-scheme + data: + scheme: https + permanent: some-value + asserts: + - failedTemplate: + errorMessage: Middleware (redirect-scheme) - Expected [permanent] to be a boolean, but got [string] diff --git a/charts/library/common-test/tests/traefik/middleware_replacePathRegex_test.yaml b/charts/library/common-test/tests/traefik/middleware_replacePathRegex_test.yaml new file mode 100644 index 00000000000..97127272f83 --- /dev/null +++ b/charts/library/common-test/tests/traefik/middleware_replacePathRegex_test.yaml @@ -0,0 +1,51 @@ +suite: replacePathRegex middleware test +templates: + - common.yaml +release: + name: test-release-name + namespace: test-release-namespace +tests: + - it: should pass with all set + set: + middlewares: + my-middleware1: + enabled: true + type: replace-path-regex + data: + regex: /some-path + replacement: /some-replacement + asserts: + - documentIndex: &middlewareDoc 0 + isKind: + of: Middleware + - documentIndex: *middlewareDoc + equal: + path: spec + value: + replacePathRegex: + regex: /some-path + replacement: /some-replacement + + - it: should fail with missing regex + set: + middlewares: + my-middleware1: + enabled: true + type: replace-path-regex + data: + replacement: /some-replacement + asserts: + - failedTemplate: + errorMessage: Middleware (replace-path-regex) - Expected [regex] to be set + + - it: should fail with missing replacement + set: + middlewares: + my-middleware1: + enabled: true + type: replace-path-regex + data: + regex: /some-path + asserts: + - failedTemplate: + errorMessage: Middleware (replace-path-regex) - Expected [replacement] to be set diff --git a/charts/library/common-test/tests/traefik/middleware_replacePath_test.yaml b/charts/library/common-test/tests/traefik/middleware_replacePath_test.yaml new file mode 100644 index 00000000000..319d6eaaf1c --- /dev/null +++ b/charts/library/common-test/tests/traefik/middleware_replacePath_test.yaml @@ -0,0 +1,37 @@ +suite: replacePath middleware test +templates: + - common.yaml +release: + name: test-release-name + namespace: test-release-namespace +tests: + - it: should pass with all set + set: + middlewares: + my-middleware1: + enabled: true + type: replace-path + data: + path: /some-path + asserts: + - documentIndex: &middlewareDoc 0 + isKind: + of: Middleware + - documentIndex: *middlewareDoc + equal: + path: spec + value: + replacePath: + path: /some-path + + - it: should fail with missing path + set: + middlewares: + my-middleware1: + enabled: true + type: replace-path + data: + foo: bar + asserts: + - failedTemplate: + errorMessage: Middleware (replace-path) - Expected [path] to be set diff --git a/charts/library/common-test/tests/traefik/middleware_retry_test.yaml b/charts/library/common-test/tests/traefik/middleware_retry_test.yaml new file mode 100644 index 00000000000..89e194fddfa --- /dev/null +++ b/charts/library/common-test/tests/traefik/middleware_retry_test.yaml @@ -0,0 +1,39 @@ +suite: retry middleware test +templates: + - common.yaml +release: + name: test-release-name + namespace: test-release-namespace +tests: + - it: should pass with all set + set: + middlewares: + my-middleware1: + enabled: true + type: retry + data: + attempts: 3 + initialInterval: 1000 + asserts: + - documentIndex: &middlewareDoc 0 + isKind: + of: Middleware + - documentIndex: *middlewareDoc + equal: + path: spec + value: + retry: + attempts: 3 + initialInterval: 1000 + + - it: should fail with missing attempts + set: + middlewares: + my-middleware1: + enabled: true + type: retry + data: + foo: bar + asserts: + - failedTemplate: + errorMessage: Middleware (retry) - Expected [attempts] to be set diff --git a/charts/library/common-test/tests/traefik/middleware_stripPrefix.yaml b/charts/library/common-test/tests/traefik/middleware_stripPrefix.yaml new file mode 100644 index 00000000000..bb0117c7881 --- /dev/null +++ b/charts/library/common-test/tests/traefik/middleware_stripPrefix.yaml @@ -0,0 +1,57 @@ +suite: stripPrefix middleware test +templates: + - common.yaml +release: + name: test-release-name + namespace: test-release-namespace +tests: + - it: should pass with all set + set: + middlewares: + my-middleware1: + enabled: true + type: strip-prefix + data: + forceSlash: true + prefix: + - /some-prefix + - /some-other-prefix + asserts: + - documentIndex: &middlewareDoc 0 + isKind: + of: Middleware + - documentIndex: *middlewareDoc + equal: + path: spec + value: + stripPrefix: + forceSlash: true + prefix: + - /some-prefix + - /some-other-prefix + + - it: should fail with missing prefix + set: + middlewares: + my-middleware1: + enabled: true + type: strip-prefix + data: + prefix: [] + asserts: + - failedTemplate: + errorMessage: Middleware (strip-prefix) - Expected [prefix] to be set + + - it: should fail with invalid forceSlash + set: + middlewares: + my-middleware1: + enabled: true + type: strip-prefix + data: + prefix: + - /some-prefix + forceSlash: some-value + asserts: + - failedTemplate: + errorMessage: Middleware (strip-prefix) - Expected [forceSlash] to be a boolean, but got [string] diff --git a/charts/library/common-test/tests/traefik/middleware_stripPrefixRegex_test.yaml b/charts/library/common-test/tests/traefik/middleware_stripPrefixRegex_test.yaml new file mode 100644 index 00000000000..eb6729060de --- /dev/null +++ b/charts/library/common-test/tests/traefik/middleware_stripPrefixRegex_test.yaml @@ -0,0 +1,41 @@ +suite: stripPrefixRegex middleware test +templates: + - common.yaml +release: + name: test-release-name + namespace: test-release-namespace +tests: + - it: should pass with all set + set: + middlewares: + my-middleware1: + enabled: true + type: strip-prefix-regex + data: + regex: + - some-regex + - some-other-regex + asserts: + - documentIndex: &middlewareDoc 0 + isKind: + of: Middleware + - documentIndex: *middlewareDoc + equal: + path: spec + value: + stripPrefixRegex: + regex: + - some-regex + - some-other-regex + + - it: should fail with missing regex + set: + middlewares: + my-middleware1: + enabled: true + type: strip-prefix-regex + data: + regex: [] + asserts: + - failedTemplate: + errorMessage: Middleware (strip-prefix-regex) - Expected [regex] to be set diff --git a/charts/library/common-test/tests/traefik/name_test.yaml b/charts/library/common-test/tests/traefik/name_test.yaml new file mode 100644 index 00000000000..ae827842a03 --- /dev/null +++ b/charts/library/common-test/tests/traefik/name_test.yaml @@ -0,0 +1,57 @@ +suite: middleware name test +templates: + - common.yaml +release: + name: test-release-name + namespace: test-release-namespace +tests: + - it: should generate correct name + set: + middlewares: + my-middleware1: + enabled: true + type: buffering + data: + foo: bar + my-middleware2: + enabled: true + type: buffering + data: + foo: bar + my-middleware3: + enabled: true + type: buffering + expandObjectName: false + data: + foo: bar + asserts: + - documentIndex: &middlewareDoc 0 + isKind: + of: Middleware + - documentIndex: *middlewareDoc + isAPIVersion: + of: traefik.io/v1alpha1 + - documentIndex: *middlewareDoc + equal: + path: metadata.name + value: test-release-name-common-test-my-middleware1 + - documentIndex: &otherMiddlewareDoc 1 + isKind: + of: Middleware + - documentIndex: *otherMiddlewareDoc + isAPIVersion: + of: traefik.io/v1alpha1 + - documentIndex: *otherMiddlewareDoc + equal: + path: metadata.name + value: test-release-name-common-test-my-middleware2 + - documentIndex: &otherMiddlewareDoc2 2 + isKind: + of: Middleware + - documentIndex: *otherMiddlewareDoc2 + isAPIVersion: + of: traefik.io/v1alpha1 + - documentIndex: *otherMiddlewareDoc2 + equal: + path: metadata.name + value: my-middleware3 diff --git a/charts/library/common-test/tests/traefik/validation_test.yaml b/charts/library/common-test/tests/traefik/validation_test.yaml new file mode 100644 index 00000000000..396a8ba8ae1 --- /dev/null +++ b/charts/library/common-test/tests/traefik/validation_test.yaml @@ -0,0 +1,103 @@ +suite: middleware validation test +templates: + - common.yaml +release: + name: test-release-name + namespace: test-release-namespace +tests: + - it: should fail with name longer than 253 characters + set: + middlewares: + ? my-middleware-super-long-name-that-is-longer-than-253-characters-my-middleware-super-long-name-that-is-longer-than-253-characters-my-middleware-super-long-name-that-is-longer-than-253-characters-my-middleware-super-long-long-long-long-long-long-long-long-name + : enabled: true + type: buffering + data: + foo: bar + asserts: + - failedTemplate: + errorMessage: Name [test-release-name-common-test-my-middleware-super-long-name-that-is-longer-than-253-characters-my-middleware-super-long-name-that-is-longer-than-253-characters-my-middleware-super-long-name-that-is-longer-than-253-characters-my-middleware-super-long-long-long-long-long-long-long-long-name] is not valid. Must start and end with an alphanumeric lowercase character. It can contain '-'. And must be at most 253 characters. + + - it: should fail with name starting with underscore + set: + middlewares: + _my-middleware: + enabled: true + type: buffering + data: + foo: bar + asserts: + - failedTemplate: + errorMessage: Name [test-release-name-common-test-_my-middleware] is not valid. Must start and end with an alphanumeric lowercase character. It can contain '-'. And must be at most 253 characters. + + - it: should fail with namespace longer than 63 characters + set: + middlewares: + my-middleware: + enabled: true + type: buffering + namespace: my-extra-super-duper-long-name-that-is-longer-than-63-characters + data: + foo: bar + asserts: + - failedTemplate: + errorMessage: Middleware - Namespace [my-extra-super-duper-long-name-that-is-longer-than-63-characters] is not valid. Must start and end with an alphanumeric lowercase character. It can contain '-'. And must be at most 63 characters. + + - it: should fail with labels not a dict + set: + middlewares: + my-middleware: + enabled: true + type: buffering + labels: "not a dict" + data: + foo: bar + asserts: + - failedTemplate: + errorMessage: Middleware - Expected [labels] to be a dictionary, but got [string] + + - it: should fail with annotations not a dict + set: + middlewares: + my-middleware: + enabled: true + type: buffering + annotations: "not a dict" + data: + foo: bar + asserts: + - failedTemplate: + errorMessage: Middleware - Expected [annotations] to be a dictionary, but got [string] + + - it: should fail with data not a dict + set: + middlewares: + my-middleware: + enabled: true + type: buffering + data: "not a dict" + asserts: + - failedTemplate: + errorMessage: Middleware - Expected [data] to be a dictionary, but got [string] + + - it: should fail with empty enabled + set: + middlewares: + my-middleware: + enabled: + data: + foo: bar + asserts: + - failedTemplate: + errorMessage: Middleware - Expected the defined key [enabled] in [middlewares.my-middleware] to not be empty + + - it: should fail with empty type + set: + middlewares: + my-middleware: + enabled: true + type: + data: + foo: bar + asserts: + - failedTemplate: + errorMessage: Middleware - Expected [type] to be set diff --git a/charts/library/common/Chart.yaml b/charts/library/common/Chart.yaml index 1663f337084..fb2550671f8 100644 --- a/charts/library/common/Chart.yaml +++ b/charts/library/common/Chart.yaml @@ -48,4 +48,4 @@ sources: - https://hub.docker.com/_/ - https://hub.docker.com/r/mikefarah/yq type: library -version: 25.3.1 +version: 25.4.0 diff --git a/charts/library/common/templates/class/traefik-middleware/_middleware.tpl b/charts/library/common/templates/class/traefik-middleware/_middleware.tpl new file mode 100644 index 00000000000..1ec5b6d4b07 --- /dev/null +++ b/charts/library/common/templates/class/traefik-middleware/_middleware.tpl @@ -0,0 +1,46 @@ +{{/* Traefik Middleware Class */}} +{{/* Call this template: +{{ include "tc.v1.common.class.traefik.middleware" (dict "rootCtx" $ "objectData" $objectData) }} + +rootCtx: The root context of the chart. +objectData: + name: The name of the middleware. + labels: The labels of the middleware. + annotations: The annotations of the middleware. + data: The data of the middleware. + namespace: The namespace of the middleware. (Optional) +*/}} + +{{- define "tc.v1.common.class.traefik.middleware" -}} + + {{- $rootCtx := .rootCtx -}} + {{- $objectData := .objectData -}} + + {{- $typeClassMap := (include "tc.v1.common.lib.traefik.middlewares.map" $) | fromJson -}} + + {{- if not (hasKey $typeClassMap $objectData.type) -}} + {{- fail (printf "Traefik - Middleware [%s] is not supported. Supported middlewares are [%s]" $objectData.type (keys $typeClassMap | join ", ")) -}} + {{- end }} +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ $objectData.name }} + namespace: {{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $rootCtx "objectData" $objectData "caller" "Middleware") }} + {{- $labels := (mustMerge ($objectData.labels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }} + labels: + {{- . | nindent 4 }} + {{- end -}} + {{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }} + annotations: + {{- . | nindent 4 }} + {{- end }} +spec: + {{- /* + Nothing goes after the include, each middleware can also render other manifests. + For the same reason indentation must be handled by each middleware. + */ -}} + {{- include (get $typeClassMap $objectData.type) (dict "rootCtx" $rootCtx "objectData" $objectData) -}} +{{- end -}} diff --git a/charts/library/common/templates/lib/traefik/_middlewares.tpl b/charts/library/common/templates/lib/traefik/_middlewares.tpl new file mode 100644 index 00000000000..d9479d47d86 --- /dev/null +++ b/charts/library/common/templates/lib/traefik/_middlewares.tpl @@ -0,0 +1,58 @@ +{{- define "tc.v1.common.lib.traefik.middlewares.map" -}} + {{- $typeClassMap := dict + "add-prefix" "tc.v1.common.class.traefik.middleware.addPrefix" + "basic-auth" "tc.v1.common.class.traefik.middleware.basicAuth" + "buffering" "tc.v1.common.class.traefik.middleware.buffering" + "chain" "tc.v1.common.class.traefik.middleware.chain" + "compress" "tc.v1.common.class.traefik.middleware.compress" + "content-type" "tc.v1.common.class.traefik.middleware.contentType" + "forward-auth" "tc.v1.common.class.traefik.middleware.forwardAuth" + "headers" "tc.v1.common.class.traefik.middleware.headers" + "ip-allow-list" "tc.v1.common.class.traefik.middleware.ipAllowList" + "rate-limit" "tc.v1.common.class.traefik.middleware.rateLimit" + "redirect-regex" "tc.v1.common.class.traefik.middleware.redirectRegex" + "redirect-scheme" "tc.v1.common.class.traefik.middleware.redirectScheme" + "replace-path" "tc.v1.common.class.traefik.middleware.replacePath" + "replace-path-regex" "tc.v1.common.class.traefik.middleware.replacePathRegex" + "retry" "tc.v1.common.class.traefik.middleware.retry" + "strip-prefix" "tc.v1.common.class.traefik.middleware.stripPrefix" + "strip-prefix-regex" "tc.v1.common.class.traefik.middleware.stripPrefixRegex" + + "plugin-bouncer" "tc.v1.common.class.traefik.middleware.pluginBouncer" + "plugin-geoblock" "tc.v1.common.class.traefik.middleware.pluginGeoblock" + "plugin-mod-security" "tc.v1.common.class.traefik.middleware.pluginModSecurity" + "plugin-real-ip" "tc.v1.common.class.traefik.middleware.pluginRealIP" + "plugin-rewrite-response-headers" "tc.v1.common.class.traefik.middleware.pluginRewriteResponseHeaders" + "plugin-theme-park" "tc.v1.common.class.traefik.middleware.pluginThemePark" + -}} + + {{- $typeClassMap | toJson -}} +{{- end -}} + +{{/* Only render if its not and has a value of 0 or greater */}} +{{- define "tc.v1.common.class.traefik.middleware.helper.int" -}} + {{- $key := .key -}} + {{- $value := .value -}} + + {{- if and (not (kindIs "invalid" $value)) (ge ($value | int) 0) -}} + {{- $key }}: {{ $value }} + {{- end -}} +{{- end -}} + +{{- define "tc.v1.common.class.traefik.middleware.helper.bool" -}} + {{- $key := .key -}} + {{- $value := .value | toString -}} + + {{- if or (eq $value "true") (eq $value "false") -}} + {{- $key }}: {{ $value }} + {{- end -}} +{{- end -}} + +{{- define "tc.v1.common.class.traefik.middleware.helper.string" -}} + {{- $key := .key -}} + {{- $value := .value | toString -}} + + {{- if and $value (ne $value "") -}} + {{- $key }}: {{ $value | quote }} + {{- end -}} +{{- end -}} diff --git a/charts/library/common/templates/lib/traefik/_validation.tpl b/charts/library/common/templates/lib/traefik/_validation.tpl new file mode 100644 index 00000000000..04426632399 --- /dev/null +++ b/charts/library/common/templates/lib/traefik/_validation.tpl @@ -0,0 +1,23 @@ +{{/* Middleware Validation */}} +{{/* Call this template: +{{ include "tc.v1.common.lib.traefik.middleware.validation" (dict "objectData" $objectData) -}} +objectData: + labels: The labels of the middleware. + annotations: The annotations of the middleware. + data: The data of the middleware. +*/}} + +{{- define "tc.v1.common.lib.traefik.middleware.validation" -}} + {{- $objectData := .objectData -}} + + {{- if not $objectData.type -}} + {{- fail "Middleware - Expected [type] to be set" -}} + {{- end -}} + + {{- if $objectData.data -}} + {{- if not (kindIs "map" $objectData.data) -}} + {{- fail (printf "Middleware - Expected [data] to be a dictionary, but got [%v]" (kindOf $objectData.data)) -}} + {{- end -}} + {{- end -}} + +{{- end -}} diff --git a/charts/library/common/templates/lib/traefik/middlewares/_addPrefix.tpl b/charts/library/common/templates/lib/traefik/middlewares/_addPrefix.tpl new file mode 100644 index 00000000000..61e84808457 --- /dev/null +++ b/charts/library/common/templates/lib/traefik/middlewares/_addPrefix.tpl @@ -0,0 +1,12 @@ +{{- define "tc.v1.common.class.traefik.middleware.addPrefix" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $mw := $objectData.data -}} + + {{- if not $mw.prefix -}} + {{- fail "Middleware (add-prefix) - Expected [prefix] to be set" -}} + {{- end }} + addPrefix: + prefix: {{ $mw.prefix }} +{{- end -}} diff --git a/charts/library/common/templates/lib/traefik/middlewares/_basicAuth.tpl b/charts/library/common/templates/lib/traefik/middlewares/_basicAuth.tpl new file mode 100644 index 00000000000..a9352dff463 --- /dev/null +++ b/charts/library/common/templates/lib/traefik/middlewares/_basicAuth.tpl @@ -0,0 +1,35 @@ +{{- define "tc.v1.common.class.traefik.middleware.basicAuth" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $fullname := include "tc.v1.common.lib.chart.names.fullname" $rootCtx -}} + {{- $mw := $objectData.data -}} + + {{- $secret := $mw.secret | default "" -}} + {{- $users := list -}} + {{- $secretData := dict -}} + + {{- if and $mw.users $mw.secret -}} + {{- fail "Middleware (basic-auth) - Expected either [users] or [secret] to be set, but not both" -}} + {{- end -}} + {{- if and (not $mw.users) (not $mw.secret) -}} + {{- fail "Middleware (basic-auth) - Expected at least one of [users] or [secret] to be set" -}} + {{- end -}} + + {{- if $mw.users -}} + {{- $secret = $objectData.name -}} + {{- range $userData := $mw.users -}} + {{- $users = append $users (htpasswd $userData.username $userData.password) -}} + {{- end -}} + {{- $secretData = (dict + "name" $objectData.name + "labels" ($objectData.labels | default dict) + "annotations" ($objectData.annotations | default dict) + "data" (dict "users" ($users | join "\n"))) -}} + {{- end }} + basicAuth: + secret: {{ $secret }} +{{- if $secretData -}} + {{- include "tc.v1.common.class.secret" (dict "rootCtx" $rootCtx "objectData" $secretData) -}} +{{- end -}} +{{- end -}} diff --git a/charts/library/common/templates/lib/traefik/middlewares/_buffering.tpl b/charts/library/common/templates/lib/traefik/middlewares/_buffering.tpl new file mode 100644 index 00000000000..b56fbf3c6f6 --- /dev/null +++ b/charts/library/common/templates/lib/traefik/middlewares/_buffering.tpl @@ -0,0 +1,12 @@ +{{- define "tc.v1.common.class.traefik.middleware.buffering" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $mw := $objectData.data }} + buffering: + {{- include "tc.v1.common.class.traefik.middleware.helper.int" (dict "key" "maxRequestBodyBytes" "value" $mw.maxRequestBodyBytes) | nindent 4 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.int" (dict "key" "memRequestBodyBytes" "value" $mw.memRequestBodyBytes) | nindent 4 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.int" (dict "key" "maxResponseBodyBytes" "value" $mw.maxResponseBodyBytes) | nindent 4 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.int" (dict "key" "memResponseBodyBytes" "value" $mw.memResponseBodyBytes) | nindent 4 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "retryExpression" "value" $mw.retryExpression) | nindent 4 }} +{{- end -}} diff --git a/charts/library/common/templates/lib/traefik/middlewares/_chain.tpl b/charts/library/common/templates/lib/traefik/middlewares/_chain.tpl new file mode 100644 index 00000000000..a916691187f --- /dev/null +++ b/charts/library/common/templates/lib/traefik/middlewares/_chain.tpl @@ -0,0 +1,25 @@ +{{- define "tc.v1.common.class.traefik.middleware.chain" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $fullname := include "tc.v1.common.lib.chart.names.fullname" $rootCtx -}} + + {{- $mw := $objectData.data -}} + {{- if not $mw.middlewares -}} + {{- fail "Middleware (chain) - Expected [middlewares] to be set" -}} + {{- end }} + chain: + middlewares: + {{- range $m := $mw.middlewares -}} + {{- $objectName := $m.name -}} + {{- $expandName := (include "tc.v1.common.lib.util.expandName" (dict + "rootCtx" $ "objectData" $m "key" "middlewares" + "name" $objectName "caller" "Middleware (chain)" + )) -}} + + {{- if eq $expandName "true" -}} + {{- $objectName = (printf "%s-%s" $fullname $objectName) -}} + {{- end }} + - name: {{ $objectName }} + {{- end -}} +{{- end -}} diff --git a/charts/library/common/templates/lib/traefik/middlewares/_compress.tpl b/charts/library/common/templates/lib/traefik/middlewares/_compress.tpl new file mode 100644 index 00000000000..b908b83b057 --- /dev/null +++ b/charts/library/common/templates/lib/traefik/middlewares/_compress.tpl @@ -0,0 +1,7 @@ +{{- define "tc.v1.common.class.traefik.middleware.compress" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $mw := $objectData.data }} + compress: {} +{{- end -}} diff --git a/charts/library/common/templates/lib/traefik/middlewares/_contentType.tpl b/charts/library/common/templates/lib/traefik/middlewares/_contentType.tpl new file mode 100644 index 00000000000..da994bc7ff4 --- /dev/null +++ b/charts/library/common/templates/lib/traefik/middlewares/_contentType.tpl @@ -0,0 +1,7 @@ +{{- define "tc.v1.common.class.traefik.middleware.contentType" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $mw := $objectData.data }} + contentType: {} +{{- end -}} diff --git a/charts/library/common/templates/lib/traefik/middlewares/_forwardAuth.tpl b/charts/library/common/templates/lib/traefik/middlewares/_forwardAuth.tpl new file mode 100644 index 00000000000..1c79728dfb7 --- /dev/null +++ b/charts/library/common/templates/lib/traefik/middlewares/_forwardAuth.tpl @@ -0,0 +1,58 @@ +{{- define "tc.v1.common.class.traefik.middleware.forwardAuth" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $mw := $objectData.data -}} + + {{- if hasKey $mw "trustForwardHeader" -}} + {{- if not (kindIs "bool" $mw.trustForwardHeader) -}} + {{- fail (printf "Middleware (forward-auth) - Expected [trustForwardHeader] to be a boolean, but got [%s]" (kindOf $mw.trustForwardHeader)) -}} + {{- end -}} + {{- end -}} + + {{- if and $mw.tls (hasKey $mw.tls "insecureSkipVerify") -}} + {{- if not (kindIs "bool" $mw.tls.insecureSkipVerify) -}} + {{- fail (printf "Middleware (forward-auth) - Expected [tls.insecureSkipVerify] to be a boolean, but got [%s]" (kindOf $mw.tls.insecureSkipVerify)) -}} + {{- end -}} + {{- end -}} + + {{- if $mw.authResponseHeaders -}} + {{- if not (kindIs "slice" $mw.authResponseHeaders) -}} + {{- fail (printf "Middleware (forward-auth) - Expected [authResponseHeaders] to be a list, but got [%s]" (kindOf $mw.authResponseHeaders)) -}} + {{- end -}} + {{- end -}} + + {{- with $mw.authRequestHeaders -}} + {{- if not (kindIs "slice" $mw.authRequestHeaders) -}} + {{- fail (printf "Middleware (forward-auth) - Expected [authRequestHeaders] to be a list, but got [%s]" (kindOf $mw.authRequestHeaders)) -}} + {{- end -}} + {{- end -}} + + {{- if not $mw.address -}} + {{- fail "Middleware (forward-auth) - Expected [address] to be set" -}} + {{- end }} + forwardAuth: + address: {{ $mw.address }} + trustForwardHeader: {{ $mw.trustForwardHeader }} + + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "authResponseHeadersRegex" "value" $mw.authResponseHeadersRegex) | nindent 4 }} + + {{- if $mw.authResponseHeaders }} + authResponseHeaders: + {{- range $mw.authResponseHeaders }} + - {{ . | quote }} + {{- end }} + {{- end -}} + + {{- if $mw.authRequestHeaders }} + authRequestHeaders: + {{- range $mw.authRequestHeaders }} + - {{ . | quote }} + {{- end }} + {{- end -}} + + {{- if $mw.tls }} + tls: + insecureSkipVerify: {{ $mw.tls.insecureSkipVerify }} + {{- end -}} +{{- end -}} diff --git a/charts/library/common/templates/lib/traefik/middlewares/_headers.tpl b/charts/library/common/templates/lib/traefik/middlewares/_headers.tpl new file mode 100644 index 00000000000..a39b3b789b1 --- /dev/null +++ b/charts/library/common/templates/lib/traefik/middlewares/_headers.tpl @@ -0,0 +1,128 @@ +{{- define "tc.v1.common.class.traefik.middleware.headers" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $mw := $objectData.data }} + headers: + {{- if $mw.customRequestHeaders }} + customRequestHeaders: + {{- range $k, $v := $mw.customRequestHeaders }} + {{ $k }}: {{ $v }} + {{- end }} + {{- end -}} + + {{- if $mw.customResponseHeaders }} + customResponseHeaders: + {{- range $k, $v := $mw.customResponseHeaders }} + {{ $k }}: {{ $v }} + {{- end }} + {{- end -}} + + {{- if hasKey $mw "accessControlAllowCredentials" }} + accessControlAllowCredentials: {{ $mw.accessControlAllowCredentials }} + {{- end -}} + + {{- if $mw.accessControlAllowHeaders }} + accessControlAllowHeaders: + {{- range $mw.accessControlAllowHeaders }} + - {{ . | quote }} + {{- end }} + {{- end -}} + + {{- if $mw.accessControlAllowMethods }} + accessControlAllowMethods: + {{- range $mw.accessControlAllowMethods }} + - {{ . | quote }} + {{- end }} + {{- end -}} + + {{- if $mw.accessControlAllowOriginList }} + accessControlAllowOriginList: + {{- range $mw.accessControlAllowOriginList }} + - {{ . | quote }} + {{- end }} + {{- end -}} + + {{- if $mw.accessControlAllowOriginListRegex }} + accessControlAllowOriginListRegex: + {{- range $mw.accessControlAllowOriginListRegex }} + - {{ . | quote }} + {{- end }} + {{- end -}} + + {{- if $mw.accessControlExposeHeaders }} + accessControlExposeHeaders: + {{- range $mw.accessControlExposeHeaders }} + - {{ . | quote }} + {{- end }} + {{- end -}} + + {{- if $mw.accessControlMaxAge }} + accessControlMaxAge: {{ $mw.accessControlMaxAge }} + {{- end -}} + + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "addVaryHeader" "value" $mw.addVaryHeader) | nindent 4 }} + + {{- if $mw.allowedHosts }} + allowedHosts: + {{- range $mw.allowedHosts }} + - {{ . | quote }} + {{- end }} + {{- end -}} + + {{- if $mw.hostsProxyHeaders }} + hostsProxyHeaders: + {{- range $mw.hostsProxyHeaders }} + - {{ . | quote }} + {{- end }} + {{- end -}} + + {{- if $mw.sslProxyHeaders }} + sslProxyHeaders: + {{- range $k, $v := $mw.sslProxyHeaders }} + {{ $k }}: {{ $v }} + {{- end }} + {{- end -}} + + {{- if $mw.stsSeconds }} + stsSeconds: {{ $mw.stsSeconds }} + {{- end -}} + + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "stsIncludeSubdomains" "value" $mw.stsIncludeSubdomains) | nindent 4 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "stsPreload" "value" $mw.stsPreload) | nindent 4 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "forceSTSHeader" "value" $mw.forceSTSHeader) | nindent 4 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "frameDeny" "value" $mw.frameDeny) | nindent 4 }} + + {{- if $mw.customFrameOptionsValue }} + customFrameOptionsValue: {{ $mw.customFrameOptionsValue }} + {{- end -}} + + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "contentTypeNosniff" "value" $mw.contentTypeNosniff) | nindent 4 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "browserXssFilter" "value" $mw.browserXssFilter) | nindent 4 }} + + {{- if $mw.customBrowserXSSValue }} + customBrowserXSSValue: {{ $mw.customBrowserXSSValue }} + {{- end -}} + + {{- if $mw.contentSecurityPolicy }} + contentSecurityPolicy: {{ $mw.contentSecurityPolicy }} + {{- end -}} + + {{- if $mw.contentSecurityPolicyReportOnly }} + contentSecurityPolicyReportOnly: {{ $mw.contentSecurityPolicyReportOnly }} + {{- end -}} + + {{- if $mw.publicKey }} + publicKey: {{ $mw.publicKey }} + {{- end -}} + + {{- if $mw.referrerPolicy }} + referrerPolicy: {{ $mw.referrerPolicy }} + {{- end -}} + + {{- if $mw.permissionsPolicy }} + permissionsPolicy: {{ $mw.permissionsPolicy }} + {{- end -}} + + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "isDevelopment" "value" $mw.isDevelopment) | nindent 4 }} +{{- end -}} diff --git a/charts/library/common/templates/lib/traefik/middlewares/_ipAllowList.tpl b/charts/library/common/templates/lib/traefik/middlewares/_ipAllowList.tpl new file mode 100644 index 00000000000..ff7fba78d2b --- /dev/null +++ b/charts/library/common/templates/lib/traefik/middlewares/_ipAllowList.tpl @@ -0,0 +1,38 @@ +{{- define "tc.v1.common.class.traefik.middleware.ipAllowList" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $mw := $objectData.data -}} + + {{- if $mw.sourceRange -}} + {{- if not (kindIs "slice" $mw.sourceRange) -}} + {{- fail (printf "Middleware (ip-allow-list) - Expected [sourceRange] to be a list, but got [%s]" (kindOf $mw.sourceRange)) -}} + {{- end -}} + {{- end -}} + + {{- if $mw.ipStrategy -}} + {{- if $mw.ipStrategy.excludedIPs -}} + {{- if not (kindIs "slice" $mw.ipStrategy.excludedIPs) -}} + {{- fail (printf "Middleware (ip-allow-list) - Expected [ipStrategy.excludedIPs] to be a list, but got [%s]" (kindOf $mw.ipStrategy.excludedIPs)) -}} + {{- end -}} + {{- end -}} + {{- end }} + ipAllowList: + {{- if $mw.sourceRange }} + sourceRange: + {{- range $mw.sourceRange }} + - {{ . | quote }} + {{- end }} + {{- end -}} + + {{- if $mw.ipStrategy }} + ipStrategy: + {{- include "tc.v1.common.class.traefik.middleware.helper.int" (dict "key" "depth" "value" $mw.ipStrategy.depth) | nindent 6 }} + {{- if $mw.ipStrategy.excludedIPs }} + excludedIPs: + {{- range $mw.ipStrategy.excludedIPs }} + - {{ . | quote }} + {{- end }} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/charts/library/common/templates/lib/traefik/middlewares/_pluginBouncer.tpl b/charts/library/common/templates/lib/traefik/middlewares/_pluginBouncer.tpl new file mode 100644 index 00000000000..bcffed434af --- /dev/null +++ b/charts/library/common/templates/lib/traefik/middlewares/_pluginBouncer.tpl @@ -0,0 +1,70 @@ +{{- define "tc.v1.common.class.traefik.middleware.pluginBouncer" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $mw := $objectData.data -}} + + {{/* This has to match with the name of the plugin given on the traefik CLI */}} + {{- $mwName := "bouncer" -}} + {{- if $mw.pluginName -}} + {{- $mwName = $mw.pluginName -}} + {{- end -}} + {{- if not (hasKey $mw "enabled") -}} + {{- fail "Middleware (plugin-bouncer) - Expected [enabled] to be set" -}} + {{- end -}} + {{- if not (kindIs "bool" $mw.enabled) -}} + {{- fail (printf "Middleware (plugin-bouncer) - Expected [enabled] to be a boolean, but got [%s]" (kindOf $mw.enabled)) -}} + {{- end }} + plugin: + {{ $mwName }}: + enabled: {{ $mw.enabled }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "logLevel" "value" $mw.logLevel) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.int" (dict "key" "updateIntervalSeconds" "value" $mw.updateIntervalSeconds) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.int" (dict "key" "updateMaxFailure" "value" $mw.updateMaxFailure) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.int" (dict "key" "defaultDecisionSeconds" "value" $mw.defaultDecisionSeconds) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.int" (dict "key" "httpTimeoutSeconds" "value" $mw.httpTimeoutSeconds) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "crowdsecMode" "value" $mw.crowdsecMode) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "crowdsecAppsecEnabled" "value" $mw.crowdsecAppsecEnabled) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "crowdsecAppsecHost" "value" $mw.crowdsecAppsecHost) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "crowdsecAppsecFailureBlock" "value" $mw.crowdsecAppsecFailureBlock) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "crowdsecAppsecUnreachableBlock" "value" $mw.crowdsecAppsecUnreachableBlock) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "crowdsecLapiKey" "value" $mw.crowdsecLapiKey) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "crowdsecLapiHost" "value" $mw.crowdsecLapiHost) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "crowdsecLapiScheme" "value" $mw.crowdsecLapiScheme) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "crowdsecLapiTLSInsecureVerify" "value" $mw.crowdsecLapiTLSInsecureVerify) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "crowdsecCapiMachineId" "value" $mw.crowdsecCapiMachineId) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "crowdsecCapiPassword" "value" $mw.crowdsecCapiPassword) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "forwardedHeadersCustomName" "value" $mw.forwardedHeadersCustomName) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "remediationHeadersCustomName" "value" $mw.remediationHeadersCustomName) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "redisCacheEnabled" "value" $mw.redisCacheEnabled) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "redisCacheHost" "value" $mw.redisCacheHost) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "redisCachePassword" "value" $mw.redisCachePassword) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "redisCacheDatabase" "value" $mw.redisCacheDatabase) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "crowdsecLapiTLSCertificateAuthority" "value" $mw.crowdsecLapiTLSCertificateAuthority) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "crowdsecLapiTLSCertificateBouncer" "value" $mw.crowdsecLapiTLSCertificateBouncer) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "crowdsecLapiTLSCertificateBouncerKey" "value" $mw.crowdsecLapiTLSCertificateBouncerKey) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "captchaProvider" "value" $mw.captchaProvider) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "captchaSiteKey" "value" $mw.captchaSiteKey) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "captchaSecretKey" "value" $mw.captchaSecretKey) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.int" (dict "key" "captchaGracePeriodSeconds" "value" $mw.captchaGracePeriodSeconds) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "captchaHTMLFilePath" "value" $mw.captchaHTMLFilePath) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "banHTMLFilePath" "value" $mw.banHTMLFilePath) | nindent 6 }} + {{- if $mw.crowdsecCapiScenarios }} + crowdsecCapiScenarios: + {{- range $mw.crowdsecCapiScenarios }} + - {{ . | quote }} + {{- end }} + {{- end -}} + {{- if $mw.forwardedHeadersTrustedIPs }} + forwardedHeadersTrustedIPs: + {{- range $mw.forwardedHeadersTrustedIPs }} + - {{ . | quote }} + {{- end }} + {{- end -}} + {{- if $mw.clientTrustedIPs }} + clientTrustedIPs: + {{- range $mw.clientTrustedIPs }} + - {{ . | quote }} + {{- end }} + {{- end -}} +{{- end -}} diff --git a/charts/library/common/templates/lib/traefik/middlewares/_pluginGeoblock.tpl b/charts/library/common/templates/lib/traefik/middlewares/_pluginGeoblock.tpl new file mode 100644 index 00000000000..50cdbb6c197 --- /dev/null +++ b/charts/library/common/templates/lib/traefik/middlewares/_pluginGeoblock.tpl @@ -0,0 +1,37 @@ +{{- define "tc.v1.common.class.traefik.middleware.pluginGeoblock" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $mw := $objectData.data -}} + + {{/* This has to match with the name of the plugin given on the traefik CLI */}} + {{- $mwName := "GeoBlock" -}} + {{- if $mw.pluginName -}} + {{- $mwName = $mw.pluginName -}} + {{- end -}} + {{- if not $mw.api -}} + {{- fail "Middleware (plugin-geoblock) - Expected [api] to be set" -}} + {{- end -}} + {{- if not $mw.countries -}} + {{- fail "Middleware (plugin-geoblock) - Expected [countries] to be set" -}} + {{- end }} + plugin: + {{ $mwName }}: + api: {{ $mw.api }} + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "allowLocalRequests" "value" $mw.allowLocalRequests) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "logLocalRequests" "value" $mw.logLocalRequests) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "logAllowedRequests" "value" $mw.logAllowedRequests) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "logApiRequests" "value" $mw.logApiRequests) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.int" (dict "key" "apiTimeoutMs" "value" $mw.apiTimeoutMs) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.int" (dict "key" "cacheSize" "value" $mw.cacheSize) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "forceMonthlyUpdate" "value" $mw.forceMonthlyUpdate) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "allowUnknownCountries" "value" $mw.allowUnknownCountries) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "unknownCountryApiResponse" "value" $mw.unknownCountryApiResponse) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "blackListMode" "value" $mw.blackListMode) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "silentStartUp" "value" $mw.silentStartUp) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "addCountryHeader" "value" $mw.addCountryHeader) | nindent 6 }} + countries: + {{- range $mw.countries }} + - {{ . | quote }} + {{- end }} +{{- end -}} diff --git a/charts/library/common/templates/lib/traefik/middlewares/_pluginModSecurity.tpl b/charts/library/common/templates/lib/traefik/middlewares/_pluginModSecurity.tpl new file mode 100644 index 00000000000..1e4aaa88feb --- /dev/null +++ b/charts/library/common/templates/lib/traefik/middlewares/_pluginModSecurity.tpl @@ -0,0 +1,21 @@ +{{- define "tc.v1.common.class.traefik.middleware.pluginModSecurity" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $mw := $objectData.data -}} + + {{/* This has to match with the name of the plugin given on the traefik CLI */}} + {{- $mwName := "traefik-modsecurity-plugin" -}} + {{- if $mw.pluginName -}} + {{- $mwName = $mw.pluginName -}} + {{- end -}} + + {{- if not $mw.modSecurityUrl -}} + {{- fail "Middleware (modsecurity) - Expected [modSecurityUrl] to be set" -}} + {{- end }} + plugin: + {{ $mwName }}: + modSecurityUrl: {{ $mw.modSecurityUrl }} + {{- include "tc.v1.common.class.traefik.middleware.helper.int" (dict "key" "timeoutMillis" "value" $mw.timeoutMillis) | nindent 6 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.int" (dict "key" "maxBodySize" "value" $mw.maxBodySize) | nindent 6 }} +{{- end -}} diff --git a/charts/library/common/templates/lib/traefik/middlewares/_pluginRealIP.tpl b/charts/library/common/templates/lib/traefik/middlewares/_pluginRealIP.tpl new file mode 100644 index 00000000000..5f7bd7ececf --- /dev/null +++ b/charts/library/common/templates/lib/traefik/middlewares/_pluginRealIP.tpl @@ -0,0 +1,22 @@ +{{- define "tc.v1.common.class.traefik.middleware.pluginRealIP" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $mw := $objectData.data -}} + + {{/* This has to match with the name of the plugin given on the traefik CLI */}} + {{- $mwName := "traefik-real-ip" -}} + {{- if $mw.pluginName -}} + {{- $mwName = $mw.pluginName -}} + {{- end -}} + + {{- if not $mw.excludednets -}} + {{- fail "Middleware (real-ip) - Expected [excludednets] to be set" -}} + {{- end }} + plugin: + {{ $mwName }}: + excludednets: + {{- range $mw.excludednets }} + - {{ . | quote }} + {{- end }} +{{- end -}} diff --git a/charts/library/common/templates/lib/traefik/middlewares/_pluginRewriteResponseHeaders.tpl b/charts/library/common/templates/lib/traefik/middlewares/_pluginRewriteResponseHeaders.tpl new file mode 100644 index 00000000000..be82a998004 --- /dev/null +++ b/charts/library/common/templates/lib/traefik/middlewares/_pluginRewriteResponseHeaders.tpl @@ -0,0 +1,40 @@ +{{- define "tc.v1.common.class.traefik.middleware.pluginRewriteResponseHeaders" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $mw := $objectData.data -}} + + {{/* This has to match with the name of the plugin given on the traefik CLI */}} + {{- $mwName := "rewriteResponseHeaders" -}} + {{- if $mw.pluginName -}} + {{- $mwName = $mw.pluginName -}} + {{- end -}} + + {{- if not $mw.rewrites -}} + {{- fail "Middleware (rewrite-response-headers) - Expected [rewrites] to be set" -}} + {{- end }} + + {{- if not (kindIs "slice" $mw.rewrites) -}} + {{- fail (printf "Middleware (rewrite-response-headers) - Expected [rewrites] to be a list, but got [%s]" (kindOf $mw.rewrites)) -}} + {{- end }} + + {{- range $index, $config := $mw.rewrites -}} + {{- if not $config.header -}} + {{- fail (printf "Middleware (rewrite-response-headers) - Expected [header] to be set for rewrite [%v]" $index) -}} + {{- end -}} + {{- if not $config.regex -}} + {{- fail (printf "Middleware (rewrite-response-headers) - Expected [regex] to be set for rewrite [%v]" $index) -}} + {{- end -}} + {{- if not $config.replacement -}} + {{- fail (printf "Middleware (rewrite-response-headers) - Expected [replacement] to be set for rewrite [%v]" $index) -}} + {{- end -}} + {{- end }} + plugin: + {{ $mwName }}: + rewrites: + {{- range $index, $rewriteResponseHeader := $mw.rewrites }} + - header: {{ $rewriteResponseHeader.header }} + regex: {{ $rewriteResponseHeader.regex | quote }} + replacement: {{ $rewriteResponseHeader.replacement | quote }} + {{- end }} +{{- end -}} diff --git a/charts/library/common/templates/lib/traefik/middlewares/_pluginThemePark.tpl b/charts/library/common/templates/lib/traefik/middlewares/_pluginThemePark.tpl new file mode 100644 index 00000000000..da3eee75e3c --- /dev/null +++ b/charts/library/common/templates/lib/traefik/middlewares/_pluginThemePark.tpl @@ -0,0 +1,30 @@ +{{- define "tc.v1.common.class.traefik.middleware.pluginThemePark" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $mw := $objectData.data -}} + + {{/* This has to match with the name of the plugin given on the traefik CLI */}} + {{- $mwName := "traefik-themepark" -}} + {{- if $mw.pluginName -}} + {{- $mwName = $mw.pluginName -}} + {{- end -}} + + {{- if not $mw.app -}} + {{- fail "Middleware (themepark) - Expected [app] to be set" -}} + {{- end -}} + {{- if not $mw.theme -}} + {{- fail "Middleware (themepark) - Expected [theme] to be set" -}} + {{- end }} + plugin: + {{ $mwName }}: + app: {{ $mw.app }} + theme: {{ $mw.theme }} + {{- include "tc.v1.common.class.traefik.middleware.helper.string" (dict "key" "baseUrl" "value" $mw.baseUrl) | nindent 6 }} + {{- if $mw.addons }} + addons: + {{- range $mw.addons }} + - {{ . | quote }} + {{- end }} + {{- end -}} +{{- end -}} diff --git a/charts/library/common/templates/lib/traefik/middlewares/_rateLimit.tpl b/charts/library/common/templates/lib/traefik/middlewares/_rateLimit.tpl new file mode 100644 index 00000000000..5fad37d66f9 --- /dev/null +++ b/charts/library/common/templates/lib/traefik/middlewares/_rateLimit.tpl @@ -0,0 +1,13 @@ +{{- define "tc.v1.common.class.traefik.middleware.rateLimit" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $mw := $objectData.data -}} + + {{- if and (not $mw.average) (not $mw.burst) -}} + {{- fail "Middleware (rate-limit) - Expected either [average] or [burst] to be set" -}} + {{- end }} + rateLimit: + {{- include "tc.v1.common.class.traefik.middleware.helper.int" (dict "key" "average" "value" $mw.average) | nindent 4 }} + {{- include "tc.v1.common.class.traefik.middleware.helper.int" (dict "key" "burst" "value" $mw.burst) | nindent 4 }} +{{- end -}} diff --git a/charts/library/common/templates/lib/traefik/middlewares/_redirectRegex.tpl b/charts/library/common/templates/lib/traefik/middlewares/_redirectRegex.tpl new file mode 100644 index 00000000000..cde75e705ab --- /dev/null +++ b/charts/library/common/templates/lib/traefik/middlewares/_redirectRegex.tpl @@ -0,0 +1,22 @@ +{{- define "tc.v1.common.class.traefik.middleware.redirectRegex" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $mw := $objectData.data -}} + {{- if not $mw.regex -}} + {{- fail "Middleware (redirect-regex) - Expected [regex] to be set" -}} + {{- end -}} + {{- if not $mw.replacement -}} + {{- fail "Middleware (redirect-regex) - Expected [replacement] to be set" -}} + {{- end -}} + + {{- if hasKey $mw "permanent" -}} + {{- if not (kindIs "bool" $mw.permanent) -}} + {{- fail (printf "Middleware (redirect-regex) - Expected [permanent] to be a boolean, but got [%s]" (kindOf $mw.permanent)) -}} + {{- end -}} + {{- end }} + redirectRegex: + regex: {{ $mw.regex }} + replacement: {{ $mw.replacement }} + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "permanent" "value" $mw.permanent) | nindent 4 }} +{{- end -}} diff --git a/charts/library/common/templates/lib/traefik/middlewares/_redirectScheme.tpl b/charts/library/common/templates/lib/traefik/middlewares/_redirectScheme.tpl new file mode 100644 index 00000000000..8f8a062a276 --- /dev/null +++ b/charts/library/common/templates/lib/traefik/middlewares/_redirectScheme.tpl @@ -0,0 +1,18 @@ +{{- define "tc.v1.common.class.traefik.middleware.redirectScheme" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $mw := $objectData.data -}} + {{- if not $mw.scheme -}} + {{- fail "Middleware (redirect-scheme) - Expected [scheme] to be set" -}} + {{- end -}} + + {{- if hasKey $mw "permanent" -}} + {{- if not (kindIs "bool" $mw.permanent) -}} + {{- fail (printf "Middleware (redirect-scheme) - Expected [permanent] to be a boolean, but got [%s]" (kindOf $mw.permanent)) -}} + {{- end -}} + {{- end }} + redirectScheme: + scheme: {{ $mw.scheme }} + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "permanent" "value" $mw.permanent) | nindent 4 }} +{{- end -}} diff --git a/charts/library/common/templates/lib/traefik/middlewares/_replacePath.tpl b/charts/library/common/templates/lib/traefik/middlewares/_replacePath.tpl new file mode 100644 index 00000000000..b7db73e2418 --- /dev/null +++ b/charts/library/common/templates/lib/traefik/middlewares/_replacePath.tpl @@ -0,0 +1,11 @@ +{{- define "tc.v1.common.class.traefik.middleware.replacePath" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $mw := $objectData.data -}} + {{- if not $mw.path -}} + {{- fail "Middleware (replace-path) - Expected [path] to be set" -}} + {{- end }} + replacePath: + path: {{ $mw.path }} +{{- end -}} diff --git a/charts/library/common/templates/lib/traefik/middlewares/_replacePathRegex.tpl b/charts/library/common/templates/lib/traefik/middlewares/_replacePathRegex.tpl new file mode 100644 index 00000000000..a2416b98cbe --- /dev/null +++ b/charts/library/common/templates/lib/traefik/middlewares/_replacePathRegex.tpl @@ -0,0 +1,15 @@ +{{- define "tc.v1.common.class.traefik.middleware.replacePathRegex" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $mw := $objectData.data -}} + {{- if not $mw.regex -}} + {{- fail "Middleware (replace-path-regex) - Expected [regex] to be set" -}} + {{- end -}} + {{- if not $mw.replacement -}} + {{- fail "Middleware (replace-path-regex) - Expected [replacement] to be set" -}} + {{- end }} + replacePathRegex: + regex: {{ $mw.regex }} + replacement: {{ $mw.replacement }} +{{- end -}} diff --git a/charts/library/common/templates/lib/traefik/middlewares/_retry.tpl b/charts/library/common/templates/lib/traefik/middlewares/_retry.tpl new file mode 100644 index 00000000000..76d8b580401 --- /dev/null +++ b/charts/library/common/templates/lib/traefik/middlewares/_retry.tpl @@ -0,0 +1,12 @@ +{{- define "tc.v1.common.class.traefik.middleware.retry" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $mw := $objectData.data -}} + {{- if not $mw.attempts -}} + {{- fail "Middleware (retry) - Expected [attempts] to be set" -}} + {{- end }} + retry: + attempts: {{ $mw.attempts }} + {{- include "tc.v1.common.class.traefik.middleware.helper.int" (dict "key" "initialInterval" "value" $mw.initialInterval) | nindent 4 }} +{{- end -}} diff --git a/charts/library/common/templates/lib/traefik/middlewares/_stripPrefix.tpl b/charts/library/common/templates/lib/traefik/middlewares/_stripPrefix.tpl new file mode 100644 index 00000000000..55a733ca598 --- /dev/null +++ b/charts/library/common/templates/lib/traefik/middlewares/_stripPrefix.tpl @@ -0,0 +1,21 @@ +{{- define "tc.v1.common.class.traefik.middleware.stripPrefix" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $mw := $objectData.data -}} + {{- if not $mw.prefix -}} + {{- fail "Middleware (strip-prefix) - Expected [prefix] to be set" -}} + {{- end -}} + + {{- if hasKey $mw "forceSlash" -}} + {{- if not (kindIs "bool" $mw.forceSlash) -}} + {{- fail (printf "Middleware (strip-prefix) - Expected [forceSlash] to be a boolean, but got [%s]" (kindOf $mw.forceSlash)) -}} + {{- end -}} + {{- end }} + stripPrefix: + prefix: + {{- range $mw.prefix }} + - {{ . | quote }} + {{- end -}} + {{- include "tc.v1.common.class.traefik.middleware.helper.bool" (dict "key" "forceSlash" "value" $mw.forceSlash) | nindent 4 }} +{{- end -}} diff --git a/charts/library/common/templates/lib/traefik/middlewares/_stripPrefixRegex.tpl b/charts/library/common/templates/lib/traefik/middlewares/_stripPrefixRegex.tpl new file mode 100644 index 00000000000..9d49959885f --- /dev/null +++ b/charts/library/common/templates/lib/traefik/middlewares/_stripPrefixRegex.tpl @@ -0,0 +1,14 @@ +{{- define "tc.v1.common.class.traefik.middleware.stripPrefixRegex" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- $mw := $objectData.data -}} + {{- if not $mw.regex -}} + {{- fail "Middleware (strip-prefix-regex) - Expected [regex] to be set" -}} + {{- end }} + stripPrefixRegex: + regex: + {{- range $mw.regex }} + - {{ . | quote }} + {{- end -}} +{{- end -}} diff --git a/charts/library/common/templates/loader/_apply.tpl b/charts/library/common/templates/loader/_apply.tpl index b024475f283..9269a9bd2f6 100644 --- a/charts/library/common/templates/loader/_apply.tpl +++ b/charts/library/common/templates/loader/_apply.tpl @@ -46,6 +46,9 @@ {{/* Render volumeSnapshotClass(s) */}} {{- include "tc.v1.common.spawner.volumesnapshotclass" . | nindent 0 -}} + {{/* Render Middleware(s) */}} + {{- include "tc.v1.common.spawner.traefik.middleware" . | nindent 0 -}} + {{/* Render ingress(s) */}} {{- include "tc.v1.common.spawner.ingress" . | nindent 0 -}} diff --git a/charts/library/common/templates/spawner/traefik/_middleware.tpl b/charts/library/common/templates/spawner/traefik/_middleware.tpl new file mode 100644 index 00000000000..60d4addc740 --- /dev/null +++ b/charts/library/common/templates/spawner/traefik/_middleware.tpl @@ -0,0 +1,48 @@ +{{/* Traefik Middleware Spawner */}} +{{/* Call this template: +{{ include "tc.v1.common.spawner.configmap" $ -}} +*/}} + +{{- define "tc.v1.common.spawner.traefik.middleware" -}} + {{- $fullname := include "tc.v1.common.lib.chart.names.fullname" $ -}} + + {{- range $name, $middleware := .Values.middlewares -}} + + {{- $enabled := (include "tc.v1.common.lib.util.enabled" (dict + "rootCtx" $ "objectData" $middleware + "name" $name "caller" "Middleware" + "key" "middlewares")) -}} + + {{- if eq $enabled "true" -}} + + {{/* Create a copy of the middleware */}} + {{- $objectData := (mustDeepCopy $middleware) -}} + + {{- $objectName := $name -}} + + {{- $expandName := (include "tc.v1.common.lib.util.expandName" (dict + "rootCtx" $ "objectData" $objectData + "name" $name "caller" "Middleware" + "key" "middlewares")) -}} + + {{- if eq $expandName "true" -}} + {{- $objectName = (printf "%s-%s" $fullname $name) -}} + {{- end -}} + + {{/* Perform validations */}} {{/* Middleware have a max name length of 253 */}} + {{- include "tc.v1.common.lib.chart.names.validation" (dict "name" $objectName "length" 253) -}} + {{- include "tc.v1.common.lib.traefik.middleware.validation" (dict "objectData" $objectData) -}} + {{- include "tc.v1.common.lib.metadata.validation" (dict "objectData" $objectData "caller" "Middleware") -}} + + {{/* Set the name of the middleware */}} + {{- $_ := set $objectData "name" $objectName -}} + {{- $_ := set $objectData "shortName" $name -}} + + {{/* Call class to create the object */}} + {{- include "tc.v1.common.class.traefik.middleware" (dict "rootCtx" $ "objectData" $objectData) -}} + + {{- end -}} + + {{- end -}} + +{{- end -}} diff --git a/charts/library/common/values.yaml b/charts/library/common/values.yaml index c173002a879..6fadbd240ec 100644 --- a/charts/library/common/values.yaml +++ b/charts/library/common/values.yaml @@ -235,6 +235,20 @@ credentials: # ## Is used in cases where things are encrypted by a backup utility # encrKey: "" +middlewares: {} +# basic-auth: +# type: basicAuth +# data: +# # middleware specific data ie +# users: +# - username: user1 +# password: password1 +# some-other-middleware: +# type: someOtherMiddleware +# data: +# # middleware specific data ie +# someOtherMiddlewareData: someOtherMiddlewareData + # -- (docs/persistence/README.md) persistence: shared: diff --git a/containers/apps/traefik/Dockerfile b/containers/apps/traefik/Dockerfile index 74ad6b89bd0..9b245216def 100644 --- a/containers/apps/traefik/Dockerfile +++ b/containers/apps/traefik/Dockerfile @@ -10,7 +10,7 @@ FROM alpine:3.21.0@sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f8 # Theme Park ARG TC_PLUGIN_REPO_THEME_PARK=github.com/packruler/traefik-themepark -ARG TC_PLUGIN_VERSION_THEME_PARK_VERSION=v1.4.0 +ARG TC_PLUGIN_VERSION_THEME_PARK_VERSION=v1.4.2 # GeoBlock ARG TC_PLUGIN_REPO_GEOBLOCK=github.com/PascalMinder/geoblock ARG TC_PLUGIN_VERSION_GEOBLOCK_VERSION=v0.2.8 @@ -22,7 +22,7 @@ ARG TC_PLUGIN_REPO_MODSECURITY=github.com/acouvreur/traefik-modsecurity-plugin ARG TC_PLUGIN_VERSION_MODSECURITY_VERSION=v1.3.0 # Crowdsec ARG TC_PLUGIN_REPO_CROWDSEC_BOUNCER=github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin -ARG TC_PLUGIN_VERSION_CROWDSEC_BOUNCER_VERSION=v1.3.0 +ARG TC_PLUGIN_VERSION_CROWDSEC_BOUNCER_VERSION=v1.3.5 # RewriteResponseHeaders ARG TC_PLUGIN_REPO_REWRITERESPONSEHEADERS=github.com/XciD/traefik-plugin-rewrite-headers ARG TC_PLUGIN_VERSION_REWRITERESPONSEHEADERS_VERSION=v0.0.4 diff --git a/cspell.config.yaml b/cspell.config.yaml index 9cd0209b1d4..9f1bb56bdf2 100644 --- a/cspell.config.yaml +++ b/cspell.config.yaml @@ -1,15 +1,18 @@ -version: "0.2" words: - adguard - adlist - airsonic - akadmin - alertmanager + - alfi - aliasgroup - allowtransparency - apitoken - appname - appnamehere + - archivebox + - astro + - astrojs - auditlog - authelia - authentik @@ -17,6 +20,7 @@ words: - authkey - authtoken - autoconnect + - automount - autoplay - autoscan - autosync @@ -25,6 +29,8 @@ words: - basicauthexample - batnoter - bazarr + - bitnami + - bitpushr - blocklists - blocktype - briefkasten @@ -40,14 +46,18 @@ words: - cloudflareddns - cloudnative - clusterissuer + - clustertool - cnpg - codeserver + - codespace + - codespaces - collabora - configfile - configfiles - configmap - containo - cooldown + - crossorigin - crossplay - csgo - cuda @@ -62,9 +72,12 @@ words: - dnat - dnsserver - dnsservers + - dockerhub - dockerized - docspell + - downscaling - drac + - dragonfish - duplicati - dynmap - ebgp @@ -72,6 +85,7 @@ words: - emby - entrypoints - eptgmk + - excludednets - exif - filebrowser - fireshare @@ -80,13 +94,17 @@ words: - flemarr - flemmarr - flushtables + - fluxcd - forcegc - forwardauth - fowner + - frontmatter - fullname + - geoblock - geoip - geoipupdate - gibibyte + - gitops - gluster - goauthentik - gotify @@ -100,6 +118,7 @@ words: - honeybadger - hostnames - hostpath + - htpasswd - hyperconverged - hyperthread - iban @@ -112,10 +131,13 @@ words: - integrationsenabled - inventree - ipaddr + - iscsi - ixcert - ixsystems - jackett - jacobalberty + - jagr + - jagrbombs - jailman - javaprefs - jellyfin @@ -127,8 +149,11 @@ words: - kimai - kiwix - kjeld + - kofeh - komga + - kqmaverick - kube + - kubeapps - kubeconfig - kubectl - kubernetes @@ -160,6 +185,7 @@ words: - mbit - mediafiles - memfs + - merch - mergerfs - meshcentral - meshroom @@ -171,6 +197,7 @@ words: - middlewaretcps - mikrotik - milicpu + - millis - mimetypes - minecraft - miniflux @@ -179,6 +206,7 @@ words: - mkvcleaver - modelstore - modports + - modsecurity - mongosh - mountpoint - mqtt @@ -198,9 +226,11 @@ words: - nodeports - nohardlinks - noisedash + - noob - nordigen - noreply - notebookbar + - notoriosly - odbc - oidc - omada @@ -208,6 +238,7 @@ words: - organizr - ornias - ovpn + - pagefind - passwrd - penpot - pgadmin @@ -216,14 +247,17 @@ words: - pihole - plainhost - plaxt + - playform - playout - plex - plextraktsync - portainer + - postgreqsql - preconfigured - prefs - preload - proto + - prowlarr - proxyhttp - proxyhttps - proxying @@ -259,6 +293,7 @@ words: - sabnzbd - schouten - scipy + - sdimovv - seafile - selfsigned - sendgrid @@ -271,6 +306,10 @@ words: - setgid - setuid - sgateway + - shadofall + - shoutout + - showstealers + - sidero - signup - smallblock - snmp @@ -285,6 +324,7 @@ words: - ssvnc - starttls - statefulset + - statefulsets - staticdhcpleases - staticfiles - statping @@ -302,10 +342,12 @@ words: - tccr - tcdbinfo - teamspeak + - templating - testpassword - testuser - thanos - themenamehere + - themepark - tlsoptions - tlsstores - totp @@ -320,6 +362,7 @@ words: - umami - unet - unifi + - upscaling - upsnap - upstreams - userspace @@ -341,6 +384,7 @@ words: - weejewel - wger - whisparr + - xstar - xsystems - zabbix - zerotier diff --git a/website/cspell.config.yaml b/website/cspell.config.yaml deleted file mode 100644 index db909b2b836..00000000000 --- a/website/cspell.config.yaml +++ /dev/null @@ -1,70 +0,0 @@ -words: - - alfi - - APPNAME - - archivebox - - astro - - astrojs - - automount - - Bitnami - - bitpushr - - cloudnative - - clusterissuer - - Clustertool - - CNPG - - codespace - - Codespaces - - Collabora - - configmap - - crossorigin - - Dockerhub - - downscaling - - Dragonfish - - fluxcd - - frontmatter - - gitops - - heavyscript - - hyperconverged - - iscsi - - Jagr - - jagrbombs - - Jailman - - Jellyfin - - Kjeld - - kofeh - - kqmaverick - - kubeapps - - Merch - - metallb - - Minio - - mountpoint - - Nextcloud - - Noob - - notoriosly - - ornias - - pagefind - - Photoprism - - Pihole - - playform - - Postgreqsql - - preconfigured - - Prowlarr - - PVCPATH - - Radarr - - Schouten - - sdimovv - - shadofall - - shoutout - - showstealers - - Sidero - - statefulset - - statefulsets - - Syncthing - - tailscale - - TCCR - - templating - - Traefik - - truecharts - - upscaling - - Vaultwarden - - Xstar - - Xsystems diff --git a/website/src/content/docs/common/index.md b/website/src/content/docs/common/index.md index 51f192e5e8e..749d994baca 100644 --- a/website/src/content/docs/common/index.md +++ b/website/src/content/docs/common/index.md @@ -39,8 +39,8 @@ See more info about global values [here](/common/global) | ---------- | ----------------------------------- | | Key | `global` | | Type | `map` | -| Required | ❌ | -| Helm `tpl` | ❌ | +| Required | ❌ | +| Helm `tpl` | ❌ | | Default | See [here](/common/global#defaults) | Example @@ -65,8 +65,8 @@ The fallback defaults are used when a value is not defined in the chart. | ---------- | --------------------------------------------- | | Key | `fallbackDefaults` | | Type | `map` | -| Required | ❌ | -| Helm `tpl` | ❌ | +| Required | ❌ | +| Helm `tpl` | ❌ | | Default | See [here](/common/fallbackdefaults#defaults) | --- @@ -79,8 +79,8 @@ Define kubernetes resources, 1 per list item, tpl will be resolved | ---------- | ------------------ | | Key | `extraTpl` | | Type | `list` of `string` | -| Required | ❌ | -| Helm `tpl` | ✅ | +| Required | ❌ | +| Helm `tpl` | ✅ | | Default | `[]` | Example @@ -103,8 +103,8 @@ Contains specific settings for helm charts containing or using system | ---------- | ---------- | | Key | `operator` | | Type | `map` | -| Required | ❌ | -| Helm `tpl` | ❌ | +| Required | ❌ | +| Helm `tpl` | ❌ | Default @@ -138,8 +138,8 @@ Adds a configmap in the operator's namespace to register the chart as an operato | ---------- | ------------------- | | Key | `operator.register` | | Type | `bool` | -| Required | ❌ | -| Helm `tpl` | ❌ | +| Required | ❌ | +| Helm `tpl` | ❌ | | Default | `false` | Example @@ -159,8 +159,8 @@ Contains specific settings for verifying system | ---------- | ----------------- | | Key | `operator.verify` | | Type | `map` | -| Required | ❌ | -| Helm `tpl` | ❌ | +| Required | ❌ | +| Helm `tpl` | ❌ | Default @@ -192,8 +192,8 @@ Enables or disables the verification of system | ---------- | ------------------------- | | Key | `operator.verify.enabled` | | Type | `bool` | -| Required | ❌ | -| Helm `tpl` | ❌ | +| Required | ❌ | +| Helm `tpl` | ❌ | | Default | `true` | Example @@ -214,8 +214,8 @@ Additional system to verify | ---------- | ---------------------------------- | | Key | `operator.verify.additionalsystem` | | Type | `list` of `string` | -| Required | ❌ | -| Helm `tpl` | ❌ | +| Required | ❌ | +| Helm `tpl` | ❌ | | Default | `[]` | Example @@ -244,8 +244,8 @@ See more info about podOptions [here](/common/podoptions) | ---------- | --------------------------------------- | | Key | `podOptions` | | Type | `map` | -| Required | ❌ | -| Helm `tpl` | ❌ | +| Required | ❌ | +| Helm `tpl` | ❌ | | Default | See [here](/common/podoptions#defaults) | Example @@ -287,8 +287,8 @@ See more info about containerOptions [here](/common/containeroptions) | ---------- | --------------------------------------------- | | Key | `containerOptions` | | Type | `map` | -| Required | ❌ | -| Helm `tpl` | ❌ | +| Required | ❌ | +| Helm `tpl` | ❌ | | Default | See [here](/common/containeroptions#defaults) | Example @@ -309,8 +309,8 @@ Timezone that is used everywhere applicable, unless overridden at the container | ---------- | ----- | | Key | `TZ` | | Type | `map` | -| Required | ✅ | -| Helm `tpl` | ❌ | +| Required | ✅ | +| Helm `tpl` | ❌ | | Default | `UTC` | Example @@ -347,8 +347,8 @@ Resources apply to **EACH** container, not to the pod as a whole. | ---------- | -------------------------------------- | | Key | `resources` | | Type | `map` | -| Required | ✅ | -| Helm `tpl` | ❌ | +| Required | ✅ | +| Helm `tpl` | ❌ | | Default | See [here](/common/resources#defaults) | Example @@ -379,8 +379,8 @@ See more info about securityContext [here](/common/securitycontext) | ---------- | -------------------------------------------- | | Key | `securityContext` | | Type | `map` | -| Required | ✅ | -| Helm `tpl` | ❌ | +| Required | ✅ | +| Helm `tpl` | ❌ | | Default | See [here](/common/securitycontext#defaults) | Example @@ -455,8 +455,8 @@ Defines the image details | ---------- | ------- | | Key | `image` | | Type | `map` | -| Required | ✅ | -| Helm `tpl` | ❌ | +| Required | ✅ | +| Helm `tpl` | ❌ | Default @@ -486,8 +486,8 @@ Defines the image repository | ---------- | ------------------ | | Key | `image.repository` | | Type | `string` | -| Required | ✅ | -| Helm `tpl` | ❌ | +| Required | ✅ | +| Helm `tpl` | ❌ | | Default | `""` | Example @@ -507,8 +507,8 @@ Defines the image tag | ---------- | ----------- | | Key | `image.tag` | | Type | `string` | -| Required | ✅ | -| Helm `tpl` | ❌ | +| Required | ✅ | +| Helm `tpl` | ❌ | | Default | `""` | Example @@ -528,8 +528,8 @@ Defines the image pull policy | ---------- | ------------------ | | Key | `image.pullPolicy` | | Type | `string` | -| Required | ✅ | -| Helm `tpl` | ❌ | +| Required | ✅ | +| Helm `tpl` | ❌ | | Default | `IfNotPresent` | Example @@ -545,26 +545,27 @@ image: - [certificate](/common/certificate) - [configmap](/common/configmap) -- [container](/common/container/) +- [container](/common/container) - [containerOptions](/common/containeroptions) - [imagePullSecret](/common/imagepullsecret) - [ingress](/common/ingress) +- [middlewares](/common/middlewares) - [notes](/common/notes) -- [persistence](/common/persistence/) +- [persistence](/common/persistence) - [podDisruptionBudget](/common/poddisruptionbudget) - [priorityClass](/common/priorityclass) - [rbac](/common/rbac) - [resources](/common/resources) - [secret](/common/secret) - [securityContext](/common/securitycontext) -- [service](/common/service/) +- [service](/common/service) - [serviceAccount](/common/serviceaccount) - [storageClass](/common/storageclass) - [volumeSnapshot](/common/volumesnapshot) - [volumeSnapshotClass](/common/volumesnapshotclass) - [webhook](/common/webhook) - [webhook](/common/webhook) -- [workload](/common/workload/) +- [workload](/common/workload) --- diff --git a/website/src/content/docs/common/middlewares/add-prefix.md b/website/src/content/docs/common/middlewares/add-prefix.md new file mode 100644 index 00000000000..a65c3b3f5d1 --- /dev/null +++ b/website/src/content/docs/common/middlewares/add-prefix.md @@ -0,0 +1,58 @@ +--- +title: Add Prefix Middleware +--- + +:::note + +- Examples under each key are only to be used as a placement guide +- See the [Full Examples](/common/middlewares/add-prefix#full-examples) section for complete examples. +- Upstream documentation for this middleware can be found [here](https://doc.traefik.io/traefik/middlewares/http/addprefix) + +::: + +## Appears in + +- `.Values.middlewares.$name.data` + +:::tip + +- See available middleware keys [here](/common/middlewares). +- This options apply only when `type: add-prefix`. + +::: + +--- + +## `prefix` + +Define the prefix + +| | | +| ---------- | ------------------------------- | +| Key | `middlewares.$name.data.prefix` | +| Type | `string` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + prefix: some-prefix +``` + +--- + +## Full Examples + +```yaml +middlewares: + middleware-name: + enabled: true + type: add-prefix + data: + prefix: some-prefix +``` diff --git a/website/src/content/docs/common/middlewares/basic-auth.md b/website/src/content/docs/common/middlewares/basic-auth.md new file mode 100644 index 00000000000..0e18bfd276c --- /dev/null +++ b/website/src/content/docs/common/middlewares/basic-auth.md @@ -0,0 +1,152 @@ +--- +title: Basic Auth Middleware +--- + +:::note + +- Examples under each key are only to be used as a placement guide +- See the [Full Examples](/common/middlewares/basic-auth#full-examples) section for complete examples. +- Upstream documentation for this middleware can be found [here](https://doc.traefik.io/traefik/middlewares/http/basicauth) + +::: + +## Appears in + +- `.Values.middlewares.$name.data` + +:::tip + +- See available middleware keys [here](/common/middlewares). +- This options apply only when `type: basic-auth`. + +::: + +--- + +## `users` + +Define the users + +:::note + +If this is set, the `secret` key must not be set. + +::: + +| | | +| ---------- | ------------------------------ | +| Key | `middlewares.$name.data.users` | +| Type | `list` of `map` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + users: + - username: some-username + password: some-password +``` + +--- + +### `users[].username` + +Define the username + +| | | +| ---------- | --------------------------------------- | +| Key | `middlewares.$name.data.users.username` | +| Type | `string` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + users: + - username: some-username + password: some-password +``` + +--- + +### `users[].password` + +Define the password + +| | | +| ---------- | --------------------------------------- | +| Key | `middlewares.$name.data.users.password` | +| Type | `string` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + users: + - username: some-username + password: some-password +``` + +--- + +## `secret` + +Define the secret + +:::note + +If this is set, the `users` key must not be set. + +::: + +| | | +| ---------- | ------------------------------- | +| Key | `middlewares.$name.data.secret` | +| Type | `string` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + secret: some-secret +``` + +--- + +## Full Examples + +```yaml +middlewares: + middleware-name1: + enabled: true + type: basic-auth + data: + users: + - username: some-username + password: some-password + middleware-name2: + enabled: true + type: basic-auth + data: + secret: some-secret +``` diff --git a/website/src/content/docs/common/middlewares/buffering.md b/website/src/content/docs/common/middlewares/buffering.md new file mode 100644 index 00000000000..5ae7eeae0c6 --- /dev/null +++ b/website/src/content/docs/common/middlewares/buffering.md @@ -0,0 +1,146 @@ +--- +title: Buffering Middleware +--- + +:::note + +- Examples under each key are only to be used as a placement guide +- See the [Full Examples](/common/middlewares/buffering#full-examples) section for complete examples. +- Upstream documentation for this middleware can be found [here](https://doc.traefik.io/traefik/middlewares/http/buffering) + +::: + +## Appears in + +- `.Values.middlewares.$name.data` + +:::tip + +- See available middleware keys [here](/common/middlewares). +- This options apply only when `type: buffering`. + +::: + +--- + +## `maxRequestBodyBytes` + +Define the maxRequestBodyBytes + +| | | +| ---------- | -------------------------------------------- | +| Key | `middlewares.$name.data.maxRequestBodyBytes` | +| Type | `int` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + maxRequestBodyBytes: 1024 +``` + +--- + +## `memRequestBodyBytes` + +Define the memRequestBodyBytes + +| | | +| ---------- | -------------------------------------------- | +| Key | `middlewares.$name.data.memRequestBodyBytes` | +| Type | `int` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +```yaml +middlewares: + middleware-name: + data: + memRequestBodyBytes: 1024 +``` + +--- + +## `maxResponseBodyBytes` + +Define the maxResponseBodyBytes + +| | | +| ---------- | --------------------------------------------- | +| Key | `middlewares.$name.data.maxResponseBodyBytes` | +| Type | `int` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +```yaml +middlewares: + middleware-name: + data: + maxResponseBodyBytes: 1024 +``` + +--- + +## `memResponseBodyBytes` + +Define the memResponseBodyBytes + +| | | +| ---------- | --------------------------------------------- | +| Key | `middlewares.$name.data.memResponseBodyBytes` | +| Type | `int` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +```yaml +middlewares: + middleware-name: + data: + memResponseBodyBytes: 1024 +``` + +--- + +## `retryExpression` + +Define the retryExpression + +| | | +| ---------- | ---------------------------------------- | +| Key | `middlewares.$name.data.retryExpression` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +```yaml +middlewares: + middleware-name: + data: + retryExpression: "some-expression" +``` + +--- + +## Full Examples + +```yaml +middlewares: + middleware-name: + enabled: true + type: buffering + data: + maxRequestBodyBytes: 1024 + memRequestBodyBytes: 1024 + maxResponseBodyBytes: 1024 + memResponseBodyBytes: 1024 + retryExpression: "some-expression" +``` diff --git a/website/src/content/docs/common/middlewares/chain.md b/website/src/content/docs/common/middlewares/chain.md new file mode 100644 index 00000000000..ddf2b7ef7bb --- /dev/null +++ b/website/src/content/docs/common/middlewares/chain.md @@ -0,0 +1,105 @@ +--- +title: Chain Middleware +--- + +:::note + +- Examples under each key are only to be used as a placement guide +- See the [Full Examples](/common/middlewares/chain#full-examples) section for complete examples. +- Upstream documentation for this middleware can be found [here](https://doc.traefik.io/traefik/middlewares/http/chain) + +::: + +## Appears in + +- `.Values.middlewares.$name.data` + +:::tip + +- See available middleware keys [here](/common/middlewares). +- This options apply only when `type: chain`. + +::: + +--- + +## `middlewares` + +Define the middlewares + +| | | +| ---------- | ------------------------------------ | +| Key | `middlewares.$name.data.middlewares` | +| Type | `list` of `map` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + middlewares: [] +``` + +--- + +### `middlewares[].name` + +Define the middleware name + +| | | +| ---------- | ----------------------------------------- | +| Key | `middlewares.$name.data.middlewares.name` | +| Type | `string` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + middlewares: + - name: some-name +``` + +--- + +### `middlewares[].expandObjectName` + +Define the middleware expandObjectName + +| | | +| ---------- | ----------------------------------------------------- | +| Key | `middlewares.$name.data.middlewares.expandObjectName` | +| Type | `bool` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | `true` | + +Example + +```yaml +middlewares: + middleware-name: + data: + middlewares: + - name: some-name + expandObjectName: false +``` + +--- + +## Full Examples + +```yaml +middlewares: + middleware-name: + enabled: true + type: compress +``` diff --git a/website/src/content/docs/common/middlewares/compress.md b/website/src/content/docs/common/middlewares/compress.md new file mode 100644 index 00000000000..94d2dfb44bf --- /dev/null +++ b/website/src/content/docs/common/middlewares/compress.md @@ -0,0 +1,33 @@ +--- +title: Compress Middleware +--- + +:::note + +- Examples under each key are only to be used as a placement guide +- See the [Full Examples](/common/middlewares/compress#full-examples) section for complete examples. +- Upstream documentation for this middleware can be found [here](https://doc.traefik.io/traefik/middlewares/http/compress) + +::: + +## Appears in + +- `.Values.middlewares.$name.data` + +:::tip + +- See available middleware keys [here](/common/middlewares). +- This options apply only when `type: compress`. + +::: + +--- + +## Full Examples + +```yaml +middlewares: + middleware-name: + enabled: true + type: compress +``` diff --git a/website/src/content/docs/common/middlewares/content-type.md b/website/src/content/docs/common/middlewares/content-type.md new file mode 100644 index 00000000000..66d4e1e2159 --- /dev/null +++ b/website/src/content/docs/common/middlewares/content-type.md @@ -0,0 +1,33 @@ +--- +title: Content Type Middleware +--- + +:::note + +- Examples under each key are only to be used as a placement guide +- See the [Full Examples](/common/middlewares/content-type#full-examples) section for complete examples. +- Upstream documentation for this middleware can be found [here](https://doc.traefik.io/traefik/middlewares/http/contenttype) + +::: + +## Appears in + +- `.Values.middlewares.$name.data` + +:::tip + +- See available middleware keys [here](/common/middlewares). +- This options apply only when `type: content-type`. + +::: + +--- + +## Full Examples + +```yaml +middlewares: + middleware-name: + enabled: true + type: content-type +``` diff --git a/website/src/content/docs/common/middlewares/forward-auth.md b/website/src/content/docs/common/middlewares/forward-auth.md new file mode 100644 index 00000000000..162caa81fc1 --- /dev/null +++ b/website/src/content/docs/common/middlewares/forward-auth.md @@ -0,0 +1,207 @@ +--- +title: Forward Auth Middleware +--- + +:::note + +- Examples under each key are only to be used as a placement guide +- See the [Full Examples](/common/middlewares/forward-auth#full-examples) section for complete examples. +- Upstream documentation for this middleware can be found [here](https://doc.traefik.io/traefik/middlewares/http/forwardauth) + +::: + +## Appears in + +- `.Values.middlewares.$name.data` + +:::tip + +- See available middleware keys [here](/common/middlewares). +- This options apply only when `type: forward-auth`. + +::: + +--- + +## `address` + +Define the address + +| | | +| ---------- | -------------------------------- | +| Key | `middlewares.$name.data.address` | +| Type | `string` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + address: some-address +``` + +--- + +## `authResponseHeadersRegex` + +Define the authResponseHeadersRegex + +| | | +| ---------- | ------------------------------------------------- | +| Key | `middlewares.$name.data.authResponseHeadersRegex` | +| Type | `string` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + authResponseHeadersRegex: some-regex +``` + +--- + +## `trustForwardHeader` + +Define the trustForwardHeader + +| | | +| ---------- | ------------------------------------------- | +| Key | `middlewares.$name.data.trustForwardHeader` | +| Type | `bool` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | `false` | + +Example + +```yaml +middlewares: + middleware-name: + data: + trustForwardHeader: true +``` + +--- + +## `authResponseHeaders` + +Define the authResponseHeaders + +| | | +| ---------- | -------------------------------------------- | +| Key | `middlewares.$name.data.authResponseHeaders` | +| Type | `list` of `string` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | `[]` | + +Example + +```yaml +middlewares: + middleware-name: + data: + authResponseHeaders: + - some-header +``` + +--- + +## `authRequestHeaders` + +Define the authRequestHeaders + +| | | +| ---------- | ------------------------------------------- | +| Key | `middlewares.$name.data.authRequestHeaders` | +| Type | `list` of `string` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | `[]` | + +Example + +```yaml +middlewares: + middleware-name: + data: + authRequestHeaders: + - some-header +``` + +--- + +## `tls` + +Define the tls + +| | | +| ---------- | ---------------------------- | +| Key | `middlewares.$name.data.tls` | +| Type | `map` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | `{}` | + +Example + +```yaml +middlewares: + middleware-name: + data: + tls: {} +``` + +--- + +### `tls.insecureSkipVerify` + +Define the tls.insecureSkipVerify + +| | | +| ---------- | ----------------------------------------------- | +| Key | `middlewares.$name.data.tls.insecureSkipVerify` | +| Type | `bool` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | `false` | + +Example + +```yaml +middlewares: + middleware-name: + data: + tls: + insecureSkipVerify: true +``` + +--- + +## Full Examples + +```yaml +middlewares: + middleware-name: + enabled: true + type: forward-auth + data: + address: some-address + authResponseHeadersRegex: some-regex + trustForwardHeader: true + authResponseHeaders: + - some-header + authRequestHeaders: + - some-header + tls: + insecureSkipVerify: true +``` diff --git a/website/src/content/docs/common/middlewares/headers.md b/website/src/content/docs/common/middlewares/headers.md new file mode 100644 index 00000000000..7ee8017db78 --- /dev/null +++ b/website/src/content/docs/common/middlewares/headers.md @@ -0,0 +1,748 @@ +--- +title: Headers Middleware +--- + +:::note + +- Examples under each key are only to be used as a placement guide +- See the [Full Examples](/common/middlewares/headers#full-examples) section for complete examples. +- Upstream documentation for this middleware can be found [here](https://doc.traefik.io/traefik/middlewares/http/headers) + +::: + +## Appears in + +- `.Values.middlewares.$name.data` + +:::tip + +- See available middleware keys [here](/common/middlewares). +- This options apply only when `type: headers`. + +::: + +--- + +## `customRequestHeaders` + +Define the customRequestHeaders + +| | | +| ---------- | --------------------------------------------- | +| Key | `middlewares.$name.data.customRequestHeaders` | +| Type | `map` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + customRequestHeaders: + some-name: some-value + some-other-name: some-other-value +``` + +--- + +## `customResponseHeaders` + +Define the customResponseHeaders + +| | | +| ---------- | ---------------------------------------------- | +| Key | `middlewares.$name.data.customResponseHeaders` | +| Type | `map` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + customResponseHeaders: + some-name: some-value + some-other-name: some-other-value +``` + +--- + +## `accessControlAllowCredentials` + +Define the accessControlAllowCredentials + +| | | +| ---------- | ------------------------------------------------------ | +| Key | `middlewares.$name.data.accessControlAllowCredentials` | +| Type | `bool` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + accessControlAllowCredentials: true +``` + +--- + +## `accessControlAllowHeaders` + +Define the accessControlAllowHeaders + +| | | +| ---------- | -------------------------------------------------- | +| Key | `middlewares.$name.data.accessControlAllowHeaders` | +| Type | `list` of `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + accessControlAllowHeaders: + - some-header + - some-other-header +``` + +--- + +## `accessControlAllowMethods` + +Define the accessControlAllowMethods + +| | | +| ---------- | -------------------------------------------------- | +| Key | `middlewares.$name.data.accessControlAllowMethods` | +| Type | `list` of `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + accessControlAllowMethods: + - GET + - POST + - PUT + - DELETE +``` + +--- + +## `accessControlAllowOriginList` + +Define the accessControlAllowOriginList + +| | | +| ---------- | ----------------------------------------------------- | +| Key | `middlewares.$name.data.accessControlAllowOriginList` | +| Type | `list` of `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + accessControlAllowOriginList: + - some-origin + - some-other-origin +``` + +--- + +## `accessControlAllowOriginListRegex` + +Define the accessControlAllowOriginListRegex + +| | | +| ---------- | ----------------------------------------------------- | +| Key | `middlewares.$name.data.accessControlAllowOriginList` | +| Type | `list` of `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + accessControlAllowOriginListRegex: + - some-origin-regex + - some-other-origin-regex +``` + +--- + +## `accessControlExposeHeaders` + +Define the accessControlExposeHeaders + +| | | +| ---------- | --------------------------------------------------- | +| Key | `middlewares.$name.data.accessControlExposeHeaders` | +| Type | `list` of `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + accessControlExposeHeaders: + - some-header + - some-other-header +``` + +--- + +## `accessControlMaxAge` + +Define the accessControlMaxAge + +| | | +| ---------- | -------------------------------------------- | +| Key | `middlewares.$name.data.accessControlMaxAge` | +| Type | `int` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + accessControlMaxAge: 1000 +``` + +--- + +## `addVaryHeader` + +Define the addVaryHeader + +| | | +| ---------- | -------------------------------------- | +| Key | `middlewares.$name.data.addVaryHeader` | +| Type | `bool` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + addVaryHeader: true +``` + +--- + +## `allowedHosts` + +Define the allowedHosts + +| | | +| ---------- | ------------------------------------- | +| Key | `middlewares.$name.data.allowedHosts` | +| Type | `list` of `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + allowedHosts: + - some-host + - some-other-host +``` + +--- + +## `hostsProxyHeaders` + +Define the hostsProxyHeaders + +| | | +| ---------- | ------------------------------------------ | +| Key | `middlewares.$name.data.hostsProxyHeaders` | +| Type | `list` of `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + hostsProxyHeaders: + - some-header + - some-other-header +``` + +--- + +## `sslProxyHeaders` + +Define the sslProxyHeaders + +| | | +| ---------- | ---------------------------------------- | +| Key | `middlewares.$name.data.sslProxyHeaders` | +| Type | `map` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + sslProxyHeaders: + some-header: some-value + some-other-header: some-other-value +``` + +--- + +## `stsSeconds` + +Define the stsSeconds + +| | | +| ---------- | ----------------------------------- | +| Key | `middlewares.$name.data.stsSeconds` | +| Type | `int` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + stsSeconds: 1000 +``` + +--- + +## `stsIncludeSubdomains` + +Define the stsIncludeSubdomains + +| | | +| ---------- | --------------------------------------------- | +| Key | `middlewares.$name.data.stsIncludeSubdomains` | +| Type | `bool` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + stsIncludeSubdomains: true +``` + +--- + +## `stsPreload` + +Define the stsPreload + +| | | +| ---------- | ----------------------------------- | +| Key | `middlewares.$name.data.stsPreload` | +| Type | `bool` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + stsPreload: true +``` + +--- + +## `forceSTSHeader` + +Define the forceSTSHeader + +| | | +| ---------- | --------------------------------------- | +| Key | `middlewares.$name.data.forceSTSHeader` | +| Type | `bool` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + forceSTSHeader: true +``` + +--- + +## `frameDeny` + +Define the frameDeny + +| | | +| ---------- | ---------------------------------- | +| Key | `middlewares.$name.data.frameDeny` | +| Type | `bool` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + frameDeny: true +``` + +--- + +## `customFrameOptionsValue` + +Define the customFrameOptionsValue + +| | | +| ---------- | ------------------------------------------------ | +| Key | `middlewares.$name.data.customFrameOptionsValue` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + customFrameOptionsValue: some-value +``` + +--- + +## `contentTypeNosniff` + +Define the contentTypeNosniff + +| | | +| ---------- | ------------------------------------------- | +| Key | `middlewares.$name.data.contentTypeNosniff` | +| Type | `bool` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + contentTypeNosniff: true +``` + +--- + +## `browserXssFilter` + +Define the browserXssFilter + +| | | +| ---------- | ----------------------------------------- | +| Key | `middlewares.$name.data.browserXssFilter` | +| Type | `bool` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + browserXssFilter: true +``` + +--- + +## `customBrowserXSSValue` + +Define the customBrowserXSSValue + +| | | +| ---------- | ---------------------------------------------- | +| Key | `middlewares.$name.data.customBrowserXSSValue` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + customBrowserXSSValue: some-value +``` + +--- + +## `contentSecurityPolicy` + +Define the contentSecurityPolicy + +| | | +| ---------- | ---------------------------------------------- | +| Key | `middlewares.$name.data.contentSecurityPolicy` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + contentSecurityPolicy: some-value +``` + +--- + +## `contentSecurityPolicyReportOnly` + +Define the contentSecurityPolicyReportOnly + +| | | +| ---------- | ---------------------------------------------- | +| Key | `middlewares.$name.data.contentSecurityPolicy` | +| Type | `bool` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + contentSecurityPolicyReportOnly: true +``` + +--- + +## `publicKey` + +Define the publicKey + +| | | +| ---------- | ---------------------------------- | +| Key | `middlewares.$name.data.publicKey` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + publicKey: some-public-key +``` + +--- + +## `referrerPolicy` + +Define the referrerPolicy + +| | | +| ---------- | --------------------------------------- | +| Key | `middlewares.$name.data.referrerPolicy` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + referrerPolicy: some-referrer-policy +``` + +--- + +## `permissionsPolicy` + +Define the permissionsPolicy + +| | | +| ---------- | ------------------------------------------ | +| Key | `middlewares.$name.data.permissionsPolicy` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + permissionsPolicy: some-permissions-policy +``` + +--- + +## `isDevelopment` + +Define the isDevelopment + +| | | +| ---------- | -------------------------------------- | +| Key | `middlewares.$name.data.isDevelopment` | +| Type | `bool` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + isDevelopment: true +``` + +--- + +## Full Examples + +```yaml +middlewares: + middleware-name: + enabled: true + type: headers + data: + customRequestHeaders: + some-name: some-value + some-other-name: some-other-value + customResponseHeaders: + some-name: some-value + some-other-name: some-other-value + accessControlAllowCredentials: true + accessControlAllowHeaders: + - some-header + - some-other-header + accessControlAllowMethods: + - GET + - DELETE + accessControlAllowOriginList: + - some-origin + - some-other-origin + accessControlAllowOriginListRegex: + - some-origin-regex + - some-other-origin-regex + accessControlExposeHeaders: + - some-header + - some-other-header + accessControlMaxAge: 1000 + addVaryHeader: true + allowedHosts: + - some-host + - some-other-host + hostsProxyHeaders: + - some-header + - some-other-header + sslProxyHeaders: + some-header: some-value + some-other-header: some-other-value + stsSeconds: 1000 + stsIncludeSubdomains: true + stsPreload: true + forceSTSHeader: true + frameDeny: true + customFrameOptionsValue: some-value + contentTypeNosniff: true + browserXssFilter: true + customBrowserXSSValue: some-value + contentSecurityPolicy: some-value + contentSecurityPolicyReportOnly: true + publicKey: some-public-key + referrerPolicy: some-referrer-policy + permissionsPolicy: some-permissions-policy + isDevelopment: true +``` diff --git a/website/src/content/docs/common/middlewares/index.md b/website/src/content/docs/common/middlewares/index.md new file mode 100644 index 00000000000..d7d031f42b7 --- /dev/null +++ b/website/src/content/docs/common/middlewares/index.md @@ -0,0 +1,273 @@ +--- +title: Middlewares +--- + +:::note + +- Examples under each key are only to be used as a placement guide +- See the [Full Examples](/common/middlewares#full-examples) section for complete examples. + +::: + +## Appears in + +- `.Values.middlewares` + +## Naming scheme + +- `$FullName-$MiddlewareName` (release-name-chart-name-middleware-name) + +:::tip + +- Replace references to `$name` with the actual name you want to use. + +::: + +--- + +## `middlewares` + +Create Middleware objects + +| | | +| ---------- | ------------- | +| Key | `middlewares` | +| Type | `map` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | `{}` | + +Example + +```yaml +middlewares: {} +``` + +--- + +### `$name` + +Define Middleware + +| | | +| ---------- | ------------------- | +| Key | `middlewares.$name` | +| Type | `map` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | `{}` | + +Example + +```yaml +middlewares: + middleware-name: {} +``` + +--- + +#### `enabled` + +Enables or Disables the Configmap + +| | | +| ---------- | ------------------------- | +| Key | `configmap.$name.enabled` | +| Type | `bool` | +| Required | ✅ | +| Helm `tpl` | ✅ | +| Default | `false` | + +Example + +```yaml +middlewares: + middleware-name: + enabled: true +``` + +--- + +#### `expandObjectName` + +Whether to expand (adding the fullname as prefix) the middleware name. + +| | | +| ---------- | ---------------------------------- | +| Key | `configmap.$name.expandObjectName` | +| Type | `bool` | +| Required | ✅ | +| Helm `tpl` | ✅ | +| Default | `true` | + +Example + +```yaml +middlewares: + middleware-name: + expandObjectName: false +``` + +--- + +#### `namespace` + +Define the namespace for this object + +| | | +| ---------- | ----------------------------- | +| Key | `middlewares.$name.namespace` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ✅ | +| Default | `""` | + +Example + +```yaml +middlewares: + middleware-name: + namespace: some-namespace +``` + +--- + +#### `type` + +Define the type for this object + +Available types: + +- [add-prefix](/common/middlewares/add-prefix) +- [basic-auth](/common/middlewares/basic-auth) +- [buffering](/common/middlewares/buffering) +- [chain](/common/middlewares/chain) +- [compress](/common/middlewares/compress) +- [content-type](/common/middlewares/content-type) +- [forward-auth](/common/middlewares/forward-auth) +- [headers](/common/middlewares/headers) +- [ip-allow-list](/common/middlewares/ip-allow-list) +- [plugin-bouncer](/common/middlewares/plugin-bouncer) +- [plugin-geoblock](/common/middlewares/plugin-geoblock) +- [plugin-mod-security](/common/middlewares/plugin-mod-security) +- [plugin-real-ip](/common/middlewares/plugin-real-ip) +- [plugin-rewrite-response-headers](/common/middlewares/plugin-rewrite-response-headers) +- [plugin-theme-park](/common/middlewares/plugin-theme-park) +- [rate-limit](/common/middlewares/rate-limit) +- [redirect-regex](/common/middlewares/redirect-regex) +- [redirect-scheme](/common/middlewares/redirect-scheme) +- [replace-path-regex](/common/middlewares/replace-path-regex) +- [replace-path](/common/middlewares/replace-path) +- [retry](/common/middlewares/retry) +- [strip-prefix-regex](/common/middlewares/strip-prefix-regex) +- [strip-prefix](/common/middlewares/strip-prefix) + +| | | +| ---------- | ------------------------ | +| Key | `middlewares.$name.type` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | `""` | + +Example + +```yaml +middlewares: + middleware-name: + type: buffering +``` + +--- + +#### `labels` + +Additional labels for middleware + +| | | +| ---------- | -------------------------- | +| Key | `middlewares.$name.labels` | +| Type | `map` | +| Required | ❌ | +| Helm `tpl` | ✅ (On value only) | +| Default | `{}` | + +Example + +```yaml +middlewares: + middleware-name: + labels: + key: value +``` + +--- + +#### `annotations` + +Additional annotations for middleware + +| | | +| ---------- | ------------------------------- | +| Key | `middlewares.$name.annotations` | +| Type | `map` | +| Required | ❌ | +| Helm `tpl` | ✅ (On value only) | +| Default | `{}` | + +Example + +```yaml +middlewares: + middleware-name: + annotations: + key: value +``` + +--- + +#### `data` + +Define the data of the middleware + +| | | +| ---------- | ------------------------ | +| Key | `middlewares.$name.data` | +| Type | `map` | +| Required | ✅ | +| Helm `tpl` | ✅ | +| Example | `{}` | + +```yaml +middlewares: + middleware-name: + data: + key: value +``` + +--- + +## Full Examples + +```yaml +middlewares: + middleware-name: + enabled: true + type: buffering + expandObjectName: false + labels: + key: value + keytpl: "{{ .Values.some.value }}" + annotations: + key: value + keytpl: "{{ .Values.some.value }}" + data: + key: value + + other-middleware-name: + enabled: true + type: buffering + namespace: some-namespace + data: + key: value +``` diff --git a/website/src/content/docs/common/middlewares/ip-allow-list.md b/website/src/content/docs/common/middlewares/ip-allow-list.md new file mode 100644 index 00000000000..0221768259d --- /dev/null +++ b/website/src/content/docs/common/middlewares/ip-allow-list.md @@ -0,0 +1,136 @@ +--- +title: IP Allow List Middleware +--- + +:::note + +- Examples under each key are only to be used as a placement guide +- See the [Full Examples](/common/middlewares/ip-allow-list#full-examples) section for complete examples. +- Upstream documentation for this middleware can be found [here](https://doc.traefik.io/traefik/middlewares/http/ipallowlist) + +::: + +## Appears in + +- `.Values.middlewares.$name.data` + +:::tip + +- See available middleware keys [here](/common/middlewares). +- This options apply only when `type: ip-allow-list`. + +::: + +--- + +## `sourceRange` + +Define the sourceRange + +| | | +| ---------- | ------------------------------------ | +| Key | `middlewares.$name.data.sourceRange` | +| Type | `list` of `string` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + sourceRange: + - some-source-range +``` + +--- + +## `ipStrategy` + +Define the ipStrategy + +| | | +| ---------- | ----------------------------------- | +| Key | `middlewares.$name.data.ipStrategy` | +| Type | `map` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | `{}` | + +Example + +```yaml +middlewares: + middleware-name: + data: + ipStrategy: {} +``` + +--- + +### `ipStrategy.depth` + +Define the ipStrategy.depth + +| | | +| ---------- | ----------------------------------------- | +| Key | `middlewares.$name.data.ipStrategy.depth` | +| Type | `int` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + ipStrategy: + depth: 1 +``` + +--- + +### `ipStrategy.excludedIPs` + +Define the ipStrategy.excludedIPs + +| | | +| ---------- | ----------------------------------------------- | +| Key | `middlewares.$name.data.ipStrategy.excludedIPs` | +| Type | `list` of `string` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + ipStrategy: + excludedIPs: + - some-excluded-ip +``` + +--- + +## Full Examples + +```yaml +middlewares: + middleware-name: + enabled: true + type: ip-allow-list + data: + sourceRange: + - some-source-range + ipStrategy: + depth: 1 + excludedIPs: + - some-excluded-ip +``` diff --git a/website/src/content/docs/common/middlewares/plugin-bouncer.md b/website/src/content/docs/common/middlewares/plugin-bouncer.md new file mode 100644 index 00000000000..e21abaf1572 --- /dev/null +++ b/website/src/content/docs/common/middlewares/plugin-bouncer.md @@ -0,0 +1,958 @@ +--- +title: Plugin Bouncer Middleware +--- + +:::note + +- Examples under each key are only to be used as a placement guide +- See the [Full Examples](/common/middlewares/plugin-bouncer#full-examples) section for complete examples. +- Upstream documentation for this middleware can be found [here](github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin) + +::: + +## Appears in + +- `.Values.middlewares.$name.data` + +:::tip + +- See available middleware keys [here](/common/middlewares). +- This options apply only when `type: plugin-bouncer`. + +::: + +--- + +## `pluginName` + +Define the pluginName + +| | | +| ---------- | ----------------------------------- | +| Key | `middlewares.$name.data.pluginName` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | `bouncer` | + +Example + +```yaml +middlewares: + middleware-name: + data: + pluginName: my-plugin-name +``` + +--- + +## `enabled` + +Define the enabled + +| | | +| ---------- | -------------------------------- | +| Key | `middlewares.$name.data.enabled` | +| Type | `bool` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + enabled: true +``` + +--- + +## `logLevel` + +Define the logLevel + +| | | +| ---------- | --------------------------------- | +| Key | `middlewares.$name.data.logLevel` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + logLevel: DEBUG +``` + +--- + +## `updateIntervalSeconds` + +Define the updateIntervalSeconds + +| | | +| ---------- | ---------------------------------------------- | +| Key | `middlewares.$name.data.updateIntervalSeconds` | +| Type | `int` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + updateIntervalSeconds: 60 +``` + +--- + +## `updateMaxFailure` + +Define the updateMaxFailure + +| | | +| ---------- | ----------------------------------------- | +| Key | `middlewares.$name.data.updateMaxFailure` | +| Type | `int` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + updateMaxFailure: 0 +``` + +--- + +## `defaultDecisionSeconds` + +Define the defaultDecisionSeconds + +| | | +| ---------- | ----------------------------------------------- | +| Key | `middlewares.$name.data.defaultDecisionSeconds` | +| Type | `int` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + defaultDecisionSeconds: 60 +``` + +--- + +## `httpTimeoutSeconds` + +Define the httpTimeoutSeconds + +| | | +| ---------- | ------------------------------------------- | +| Key | `middlewares.$name.data.httpTimeoutSeconds` | +| Type | `int` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + httpTimeoutSeconds: 10 +``` + +--- + +## `crowdsecMode` + +Define the crowdsecMode + +| | | +| ---------- | --------------------------------- | +| Key | `middlewares.$name.data.crowdsec` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + crowdsecMode: live +``` + +--- + +## `crowdsecAppsecEnabled` + +Define the crowdsecAppsecEnabled + +| | | +| ---------- | ---------------------------------------------- | +| Key | `middlewares.$name.data.crowdsecAppsecEnabled` | +| Type | `bool` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + crowdsecAppsecEnabled: false +``` + +--- + +## `crowdsecAppsecHost` + +Define the crowdsecAppsecHost + +| | | +| ---------- | ------------------------------------------- | +| Key | `middlewares.$name.data.crowdsecAppsecHost` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + crowdsecAppsecHost: crowdsec:7422 +``` + +--- + +## `crowdsecAppsecFailureBlock` + +Define the crowdsecAppsecFailureBlock + +| | | +| ---------- | --------------------------------------------------- | +| Key | `middlewares.$name.data.crowdsecAppsecFailureBlock` | +| Type | `bool` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + crowdsecAppsecFailureBlock: true +``` + +--- + +## `crowdsecAppsecUnreachableBlock` + +Define the crowdsecAppsecUnreachableBlock + +| | | +| ---------- | ------------------------------------------------------- | +| Key | `middlewares.$name.data.crowdsecAppsecUnreachableBlock` | +| Type | `bool` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + crowdsecAppsecUnreachableBlock: true +``` + +--- + +## `crowdsecLapiKey` + +Define the crowdsecLapiKey + +| | | +| ---------- | ---------------------------------------- | +| Key | `middlewares.$name.data.crowdsecLapiKey` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + crowdsecLapiKey: privateKey-foo +``` + +--- + +## `crowdsecLapiHost` + +Define the crowdsecLapiHost + +| | | +| ---------- | ----------------------------------------- | +| Key | `middlewares.$name.data.crowdsecLapiHost` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + crowdsecLapiHost: crowdsec:8080 +``` + +--- + +## `crowdsecLapiScheme` + +Define the crowdsecLapiScheme + +| | | +| ---------- | --------------------------------- | +| Key | `middlewares.$name.data.crowdsec` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + crowdsecLapiScheme: http +``` + +--- + +## `crowdsecLapiTLSInsecureVerify` + +Define the crowdsecLapiTLSInsecureVerify + +| | | +| ---------- | ------------------------------------------------------ | +| Key | `middlewares.$name.data.crowdsecLapiTLSInsecureVerify` | +| Type | `bool` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + crowdsecLapiTLSInsecureVerify: false +``` + +--- + +## `crowdsecCapiMachineId` + +Define the crowdsecCapiMachineId + +| | | +| ---------- | ---------------------------------------------- | +| Key | `middlewares.$name.data.crowdsecCapiMachineId` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + crowdsecCapiMachineId: login +``` + +--- + +## `crowdsecCapiPassword` + +Define the crowdsecCapiPassword + +| | | +| ---------- | --------------------------------------------- | +| Key | `middlewares.$name.data.crowdsecCapiPassword` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + crowdsecCapiPassword: password +``` + +--- + +## `crowdsecCapiScenarios` + +Define the crowdsecCapiScenarios + +| | | +| ---------- | ---------------------------------------------- | +| Key | `middlewares.$name.data.crowdsecCapiScenarios` | +| Type | `list` of `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + crowdsecCapiScenarios: + - crowdsecurity/http-path-traversal-probing + - crowdsecurity/http-xss-probing + - crowdsecurity/http-generic-bf +``` + +--- + +## `forwardedHeadersTrustedIPs` + +Define the forwardedHeadersTrustedIPs + +| | | +| ---------- | --------------------------------------------------- | +| Key | `middlewares.$name.data.forwardedHeadersTrustedIPs` | +| Type | `list` of `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + forwardedHeadersTrustedIPs: + - 10.0.10.23/32 + - 10.0.20.0/24 +``` + +--- + +## `clientTrustedIPs` + +Define the clientTrustedIPs + +| | | +| ---------- | ----------------------------------------- | +| Key | `middlewares.$name.data.clientTrustedIPs` | +| Type | `list` of `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + clientTrustedIPs: + - 192.168.1.0/24 +``` + +--- + +## `forwardedHeadersCustomName` + +Define the forwardedHeadersCustomName + +| | | +| ---------- | --------------------------------------------------- | +| Key | `middlewares.$name.data.forwardedHeadersCustomName` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + forwardedHeadersCustomName: X-Custom-Header +``` + +--- + +## `remediationHeadersCustomName` + +Define the remediationHeadersCustomName + +| | | +| ---------- | ----------------------------------------------------- | +| Key | `middlewares.$name.data.remediationHeadersCustomName` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + remediationHeadersCustomName: cs-remediation +``` + +--- + +## `redisCacheEnabled` + +Define the redisCacheEnabled + +| | | +| ---------- | ------------------------------------------ | +| Key | `middlewares.$name.data.redisCacheEnabled` | +| Type | `bool` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + redisCacheEnabled: false +``` + +--- + +## `redisCacheHost` + +Define the redisCacheHost + +| | | +| ---------- | --------------------------------------- | +| Key | `middlewares.$name.data.redisCacheHost` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + redisCacheHost: "redis:6379" +``` + +--- + +## `redisCachePassword` + +Define the redisCachePassword + +| | | +| ---------- | ------------------------------------------- | +| Key | `middlewares.$name.data.redisCachePassword` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + redisCachePassword: password +``` + +--- + +## `redisCacheDatabase` + +Define the redisCacheDatabase + +| | | +| ---------- | ------------------------------------------- | +| Key | `middlewares.$name.data.redisCacheDatabase` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + redisCacheDatabase: "5" +``` + +--- + +## `crowdsecLapiTLSCertificateAuthority` + +Define the crowdsecLapiTLSCertificateAuthority + +| | | +| ---------- | ------------------------------------------------------------ | +| Key | `middlewares.$name.data.crowdsecLapiTLSCertificateAuthority` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + crowdsecLapiTLSCertificateAuthority: |- + -----BEGIN CERTIFICATE----- + MIIEBzCCAu+gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVT + ... + Q0veeNzBQXg1f/JxfeA39IDIX1kiCf71tGlT + -----END CERTIFICATE----- +``` + +--- + +## `crowdsecLapiTLSCertificateBouncer` + +Define the crowdsecLapiTLSCertificateBouncer + +| | | +| ---------- | ---------------------------------------------------------- | +| Key | `middlewares.$name.data.crowdsecLapiTLSCertificateBouncer` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + crowdsecLapiTLSCertificateBouncer: |- + -----BEGIN CERTIFICATE----- + MIIEHjCCAwagAwIBAgIUOBTs1eqkaAUcPplztUr2xRapvNAwDQYJKoZIhvcNAQEL + ... + RaXAnYYUVRblS1jmePemh388hFxbmrpG2pITx8B5FMULqHoj11o2Rl0gSV6tHIHz + N2U= + -----END CERTIFICATE----- +``` + +--- + +## `crowdsecLapiTLSCertificateBouncerKey` + +Define the crowdsecLapiTLSCertificateBouncerKey + +| | | +| ---------- | ------------------------------------------------------------- | +| Key | `middlewares.$name.data.crowdsecLapiTLSCertificateBouncerKey` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + crowdsecLapiTLSCertificateBouncerKey: |- + -----BEGIN RSA PRIVATE KEY----- + MIIEogIBAAKCAQEAtYQnbJqifH+ZymePylDxGGLIuxzcAUU4/ajNj+qRAdI/Ux3d + ... + ic5cDRo6/VD3CS3MYzyBcibaGaV34nr0G/pI+KEqkYChzk/PZRA= + -----END RSA PRIVATE KEY----- +``` + +--- + +## `captchaProvider` + +Define the captchaProvider + +| | | +| ---------- | ---------------------------------------- | +| Key | `middlewares.$name.data.captchaProvider` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + captchaProvider: hcaptcha +``` + +--- + +## `captchaSiteKey` + +Define the captchaSiteKey + +| | | +| ---------- | --------------------------------------- | +| Key | `middlewares.$name.data.captchaSiteKey` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + captchaSiteKey: FIXME +``` + +--- + +## `captchaSecretKey` + +Define the captchaSecretKey + +| | | +| ---------- | ----------------------------------------- | +| Key | `middlewares.$name.data.captchaSecretKey` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + captchaSecretKey: FIXME +``` + +--- + +## `captchaGracePeriodSeconds` + +Define the captchaGracePeriodSeconds + +| | | +| ---------- | -------------------------------------------------- | +| Key | `middlewares.$name.data.captchaGracePeriodSeconds` | +| Type | `int` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + captchaGracePeriodSeconds: 1800 +``` + +--- + +## `captchaHTMLFilePath` + +Define the captchaHTMLFilePath + +| | | +| ---------- | -------------------------------------------- | +| Key | `middlewares.$name.data.captchaHTMLFilePath` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + captchaHTMLFilePath: /captcha.html +``` + +--- + +## `banHTMLFilePath` + +Define the banHTMLFilePath + +| | | +| ---------- | ---------------------------------------- | +| Key | `middlewares.$name.data.banHTMLFilePath` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + banHTMLFilePath: /ban.html +``` + +--- + +## `captchaHTMLFilePath` + +Define the captchaHTMLFilePath + +| | | +| ---------- | -------------------------------------------- | +| Key | `middlewares.$name.data.captchaHTMLFilePath` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + captchaHTMLFilePath: /captcha.html +``` + +--- + +## Full Examples + +```yaml +middlewares: + middleware-name: + enabled: true + type: plugin-bouncer + data: + enabled: true + logLevel: DEBUG + updateIntervalSeconds: 60 + updateMaxFailure: 0 + defaultDecisionSeconds: 60 + httpTimeoutSeconds: 10 + crowdsecMode: live + crowdsecAppsecEnabled: false + crowdsecAppsecHost: crowdsec:7422 + crowdsecAppsecFailureBlock: true + crowdsecAppsecUnreachableBlock: true + crowdsecLapiKey: privateKey-foo + crowdsecLapiHost: crowdsec:8080 + crowdsecLapiScheme: http + crowdsecLapiTLSInsecureVerify: false + crowdsecCapiMachineId: login + crowdsecCapiPassword: password + crowdsecCapiScenarios: + - crowdsecurity/http-path-traversal-probing + - crowdsecurity/http-xss-probing + - crowdsecurity/http-generic-bf + forwardedHeadersTrustedIPs: + - 10.0.10.23/32 + - 10.0.20.0/24 + clientTrustedIPs: + - 192.168.1.0/24 + forwardedHeadersCustomName: X-Custom-Header + remediationHeadersCustomName: cs-remediation + redisCacheEnabled: false + redisCacheHost: "redis:6379" + redisCachePassword: password + redisCacheDatabase: "5" + crowdsecLapiTLSCertificateAuthority: |- + -----BEGIN CERTIFICATE----- + MIIEBzCCAu+gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVT + ... + Q0veeNzBQXg1f/JxfeA39IDIX1kiCf71tGlT + -----END CERTIFICATE----- + crowdsecLapiTLSCertificateBouncer: |- + -----BEGIN CERTIFICATE----- + MIIEHjCCAwagAwIBAgIUOBTs1eqkaAUcPplztUr2xRapvNAwDQYJKoZIhvcNAQEL + ... + RaXAnYYUVRblS1jmePemh388hFxbmrpG2pITx8B5FMULqHoj11o2Rl0gSV6tHIHz + N2U= + -----END CERTIFICATE----- + captchaProvider: hcaptcha + captchaSiteKey: FIXME + captchaSecretKey: FIXME + captchaGracePeriodSeconds: 1800 + captchaHTMLFilePath: /captcha.html + banHTMLFilePath: /ban.html +``` diff --git a/website/src/content/docs/common/middlewares/plugin-geoblock.md b/website/src/content/docs/common/middlewares/plugin-geoblock.md new file mode 100644 index 00000000000..7d3510d7388 --- /dev/null +++ b/website/src/content/docs/common/middlewares/plugin-geoblock.md @@ -0,0 +1,397 @@ +--- +title: Plugin Geoblock Middleware +--- + +:::note + +- Examples under each key are only to be used as a placement guide +- See the [Full Examples](/common/middlewares/plugin-geoblock#full-examples) section for complete examples. +- Upstream documentation for this middleware can be found [here](https://github.com/PascalMinder/geoblock) + +::: + +## Appears in + +- `.Values.middlewares.$name.data` + +:::tip + +- See available middleware keys [here](/common/middlewares). +- This options apply only when `type: plugin-geoblock`. + +::: + +--- + +## `pluginName` + +Define the pluginName + +| | | +| ---------- | ----------------------------------- | +| Key | `middlewares.$name.data.pluginName` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | `GeoBlock` | + +Example + +```yaml +middlewares: + middleware-name: + data: + pluginName: my-plugin-name +``` + +--- + +## `api` + +Define the api + +| | | +| ---------- | ---------------------------- | +| Key | `middlewares.$name.data.api` | +| Type | `string` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + api: https://api.geoblock.org/v2/geoblock +``` + +--- + +## `allowLocalRequests` + +Define the allowLocalRequests + +| | | +| ---------- | ------------------------------------------- | +| Key | `middlewares.$name.data.allowLocalRequests` | +| Type | `bool` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + allowLocalRequests: true +``` + +--- + +## `logLocalRequests` + +Define the logLocalRequests + +| | | +| ---------- | ----------------------------------------- | +| Key | `middlewares.$name.data.logLocalRequests` | +| Type | `bool` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + logLocalRequests: true +``` + +--- + +## `logAllowedRequests` + +Define the logAllowedRequests + +| | | +| ---------- | ------------------------------------------- | +| Key | `middlewares.$name.data.logAllowedRequests` | +| Type | `bool` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + logAllowedRequests: true +``` + +--- + +## `logApiRequests` + +Define the logApiRequests + +| | | +| ---------- | --------------------------------------- | +| Key | `middlewares.$name.data.logApiRequests` | +| Type | `bool` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + logApiRequests: true +``` + +--- + +## `apiTimeoutMs` + +Define the apiTimeoutMs + +| | | +| ---------- | ------------------------------------- | +| Key | `middlewares.$name.data.apiTimeoutMs` | +| Type | `int` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + apiTimeoutMs: 1000 +``` + +--- + +## `cacheSize` + +Define the cacheSize + +| | | +| ---------- | ---------------------------------- | +| Key | `middlewares.$name.data.cacheSize` | +| Type | `int` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + cacheSize: 1000 +``` + +--- + +## `forceMonthlyUpdate` + +Define the forceMonthlyUpdate + +| | | +| ---------- | ------------------------------------------- | +| Key | `middlewares.$name.data.forceMonthlyUpdate` | +| Type | `bool` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + forceMonthlyUpdate: true +``` + +--- + +## `allowUnknownCountries` + +Define the allowUnknownCountries + +| | | +| ---------- | ---------------------------------------------- | +| Key | `middlewares.$name.data.allowUnknownCountries` | +| Type | `bool` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + allowUnknownCountries: true +``` + +--- + +## `unknownCountryApiResponse` + +Define the unknownCountryApiResponse + +| | | +| ---------- | -------------------------------------------------- | +| Key | `middlewares.$name.data.unknownCountryApiResponse` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + unknownCountryApiResponse: some-value +``` + +--- + +## `blackListMode` + +Define the blackListMode + +| | | +| ---------- | -------------------------------------- | +| Key | `middlewares.$name.data.blackListMode` | +| Type | `bool` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + blackListMode: true +``` + +--- + +## `silentStartUp` + +Define the silentStartUp + +| | | +| ---------- | -------------------------------------- | +| Key | `middlewares.$name.data.silentStartUp` | +| Type | `bool` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + silentStartUp: true +``` + +--- + +## `addCountryHeader` + +Define the addCountryHeader + +| | | +| ---------- | ----------------------------------------- | +| Key | `middlewares.$name.data.addCountryHeader` | +| Type | `bool` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + addCountryHeader: true +``` + +--- + +## `countries` + +Define the countries + +| | | +| ---------- | ---------------------------------- | +| Key | `middlewares.$name.data.countries` | +| Type | `list` of `string` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + countries: + - some-country + - some-other-country +``` + +--- + +## Full Examples + +```yaml +middlewares: + middleware-name: + enabled: true + type: plugin-geoblock + data: + api: https://api.geoblock.org/v2/geoblock + allowLocalRequests: true + logLocalRequests: true + logAllowedRequests: true + logApiRequests: true + apiTimeoutMs: 1000 + cacheSize: 1000 + forceMonthlyUpdate: true + allowUnknownCountries: true + unknownCountryApiResponse: some-value + blackListMode: some-value + silentStartUp: true + addCountryHeader: true + countries: + - some-country + - some-other-country +``` diff --git a/website/src/content/docs/common/middlewares/plugin-mod-security.md b/website/src/content/docs/common/middlewares/plugin-mod-security.md new file mode 100644 index 00000000000..9763e372149 --- /dev/null +++ b/website/src/content/docs/common/middlewares/plugin-mod-security.md @@ -0,0 +1,130 @@ +--- +title: Plugin Mod Security Middleware +--- + +:::note + +- Examples under each key are only to be used as a placement guide +- See the [Full Examples](/common/middlewares/plugin-mod-security#full-examples) section for complete examples. +- Upstream documentation for this middleware can be found [here](https://github.com/acouvreur/traefik-modsecurity-plugin) + +::: + +## Appears in + +- `.Values.middlewares.$name.data` + +:::tip + +- See available middleware keys [here](/common/middlewares). +- This options apply only when `type: plugin-mod-security`. + +::: + +--- + +## `pluginName` + +Define the pluginName + +| | | +| ---------- | ----------------------------------- | +| Key | `middlewares.$name.data.pluginName` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | `traefik-modsecurity-plugin` | + +Example + +```yaml +middlewares: + middleware-name: + data: + pluginName: my-plugin-name +``` + +--- + +## `modSecurityUrl` + +Define the modSecurityUrl + +| | | +| ---------- | --------------------------------------- | +| Key | `middlewares.$name.data.modSecurityUrl` | +| Type | `string` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + modSecurityUrl: https://example.com +``` + +--- + +## `timeoutMillis` + +Define the timeoutMillis + +| | | +| ---------- | -------------------------------------- | +| Key | `middlewares.$name.data.timeoutMillis` | +| Type | `int` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + timeoutMillis: 1000 +``` + +--- + +## `maxBodySize` + +Define the maxBodySize + +| | | +| ---------- | ------------------------------------ | +| Key | `middlewares.$name.data.maxBodySize` | +| Type | `int` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + maxBodySize: 1024 +``` + +--- + +## Full Examples + +```yaml +middlewares: + middleware-name: + enabled: true + type: plugin-mod-security + data: + pluginName: my-plugin-name + modSecurityUrl: https://example.com + timeoutMillis: 1000 + maxBodySize: 1024 +``` diff --git a/website/src/content/docs/common/middlewares/plugin-real-ip.md b/website/src/content/docs/common/middlewares/plugin-real-ip.md new file mode 100644 index 00000000000..48ccf661f82 --- /dev/null +++ b/website/src/content/docs/common/middlewares/plugin-real-ip.md @@ -0,0 +1,86 @@ +--- +title: Plugin Real IP Middleware +--- + +:::note + +- Examples under each key are only to be used as a placement guide +- See the [Full Examples](/common/middlewares/plugin-theme-park#full-examples) section for complete examples. +- Upstream documentation for this middleware can be found [here](https://github.com/jramsgz/traefik-real-ip) + +::: + +## Appears in + +- `.Values.middlewares.$name.data` + +:::tip + +- See available middleware keys [here](/common/middlewares). +- This options apply only when `type: plugin-real-ip`. + +::: + +--- + +## `pluginName` + +Define the pluginName + +| | | +| ---------- | ----------------------------------- | +| Key | `middlewares.$name.data.pluginName` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | `traefik-real-ip` | + +Example + +```yaml +middlewares: + middleware-name: + data: + pluginName: my-plugin-name +``` + +--- + +## `excludednets` + +Define the excludednets + +| | | +| ---------- | ------------------------------------- | +| Key | `middlewares.$name.data.excludednets` | +| Type | `list` of `string` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + excludednets: + - some-excluded-net + - some-other-excluded-net +``` + +--- + +## Full Examples + +```yaml +middlewares: + middleware-name: + enabled: true + type: plugin-real-ip + data: + pluginName: my-plugin-name + excludednets: + - some-excluded-net + - some-other-excluded-net +``` diff --git a/website/src/content/docs/common/middlewares/plugin-rewrite-response-headers.md b/website/src/content/docs/common/middlewares/plugin-rewrite-response-headers.md new file mode 100644 index 00000000000..be8527ec0eb --- /dev/null +++ b/website/src/content/docs/common/middlewares/plugin-rewrite-response-headers.md @@ -0,0 +1,163 @@ +--- +title: Plugin Rewrite Response Headers Middleware +--- + +:::note + +- Examples under each key are only to be used as a placement guide +- See the [Full Examples](/common/middlewares/plugin-rewrite-response-headers#full-examples) section for complete examples. +- Upstream documentation for this middleware can be found [here](https://github.com/XciD/traefik-plugin-rewrite-headers/) + +::: + +## Appears in + +- `.Values.middlewares.$name.data` + +:::tip + +- See available middleware keys [here](/common/middlewares). +- This options apply only when `type: plugin-rewrite-response-headers`. + +::: + +--- + +## `pluginName` + +Define the pluginName + +| | | +| ---------- | ----------------------------------- | +| Key | `middlewares.$name.data.pluginName` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | `rewriteResponseHeaders` | + +Example + +```yaml +middlewares: + middleware-name: + data: + pluginName: my-plugin-name +``` + +--- + +## `rewrites` + +Define the rewrites + +| | | +| ---------- | --------------------------------- | +| Key | `middlewares.$name.data.rewrites` | +| Type | `list` of `map` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + rewrites: + - header: some-header + regex: some-regex + replacement: some-replacement +``` + +--- + +### `rewrites[].header` + +Define the header + +| | | +| ---------- | ---------------------------------------- | +| Key | `middlewares.$name.data.rewrites.header` | +| Type | `string` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + rewrites: + - header: some-header +``` + +--- + +### `rewrites[].regex` + +Define the regex + +| | | +| ---------- | ------------------------------ | +| Key | `middlewares.$name.data.regex` | +| Type | `string` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + rewrites: + - regex: some-regex +``` + +--- + +### `rewrites[].replacement` + +Define the replacement + +| | | +| ---------- | ------------------------------------ | +| Key | `middlewares.$name.data.replacement` | +| Type | `string` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + rewrites: + - replacement: some-replacement +``` + +--- + +## Full Examples + +```yaml +middlewares: + middleware-name: + enabled: true + type: plugin-rewrite-response-headers + data: + pluginName: my-plugin-name + rewrites: + - header: some-header + regex: some-regex + replacement: some-replacement + - header: some-other-header + regex: some-other-regex + replacement: some-other-replacement +``` diff --git a/website/src/content/docs/common/middlewares/plugin-theme-park.md b/website/src/content/docs/common/middlewares/plugin-theme-park.md new file mode 100644 index 00000000000..9a2d96a3748 --- /dev/null +++ b/website/src/content/docs/common/middlewares/plugin-theme-park.md @@ -0,0 +1,158 @@ +--- +title: Plugin Theme Park Middleware +--- + +:::note + +- Examples under each key are only to be used as a placement guide +- See the [Full Examples](/common/middlewares/plugin-theme-park#full-examples) section for complete examples. +- Upstream documentation for this middleware can be found [here](https://github.com/packruler/traefik-themepark) + +::: + +## Appears in + +- `.Values.middlewares.$name.data` + +:::tip + +- See available middleware keys [here](/common/middlewares). +- This options apply only when `type: plugin-theme-park`. + +::: + +--- + +## `pluginName` + +Define the pluginName + +| | | +| ---------- | ----------------------------------- | +| Key | `middlewares.$name.data.pluginName` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | `traefik-themepark` | + +Example + +```yaml +middlewares: + middleware-name: + data: + pluginName: my-plugin-name +``` + +--- + +## `app` + +Define the app + +| | | +| ---------- | ---------------------------- | +| Key | `middlewares.$name.data.app` | +| Type | `string` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + app: sonarr +``` + +--- + +## `theme` + +Define the theme + +| | | +| ---------- | ------------------------------ | +| Key | `middlewares.$name.data.theme` | +| Type | `string` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + theme: dark +``` + +--- + +## `baseUrl` + +Define the baseUrl + +| | | +| ---------- | -------------------------------- | +| Key | `middlewares.$name.data.baseUrl` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + baseUrl: https://example.com +``` + +--- + +## `addons` + +Define the addons + +| | | +| ---------- | ------------------------------- | +| Key | `middlewares.$name.data.addons` | +| Type | `list` of `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + addons: + - some-addon + - some-other-addon +``` + +--- + +## Full Examples + +```yaml +middlewares: + middleware-name: + enabled: true + type: plugin-theme-park + data: + pluginName: my-plugin-name + app: sonarr + theme: dark + baseUrl: https://example.com + addons: + - some-addon + - some-other-addon +``` diff --git a/website/src/content/docs/common/middlewares/rate-limit.md b/website/src/content/docs/common/middlewares/rate-limit.md new file mode 100644 index 00000000000..d3b8d31d7ce --- /dev/null +++ b/website/src/content/docs/common/middlewares/rate-limit.md @@ -0,0 +1,82 @@ +--- +title: Rate Limit Middleware +--- + +:::note + +- Examples under each key are only to be used as a placement guide +- See the [Full Examples](/common/middlewares/rate-limit#full-examples) section for complete examples. +- Upstream documentation for this middleware can be found [here](https://doc.traefik.io/traefik/middlewares/http/ratelimit) + +::: + +## Appears in + +- `.Values.middlewares.$name.data` + +:::tip + +- See available middleware keys [here](/common/middlewares). +- This options apply only when `type: rate-limit`. + +::: + +--- + +## `average` + +Define the average rate limit + +| | | +| ---------- | -------------------------------- | +| Key | `middlewares.$name.data.average` | +| Type | `int` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + average: 1000 +``` + +--- + +## `burst` + +Define the burst rate limit + +| | | +| ---------- | ------------------------------ | +| Key | `middlewares.$name.data.burst` | +| Type | `int` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + burst: 1000 +``` + +--- + +## Full Examples + +```yaml +middlewares: + middleware-name: + enabled: true + type: rate-limit + data: + average: 1000 + burst: 1000 +``` diff --git a/website/src/content/docs/common/middlewares/redirect-regex.md b/website/src/content/docs/common/middlewares/redirect-regex.md new file mode 100644 index 00000000000..fca5a1d841b --- /dev/null +++ b/website/src/content/docs/common/middlewares/redirect-regex.md @@ -0,0 +1,106 @@ +--- +title: Redirect Regex Middleware +--- + +:::note + +- Examples under each key are only to be used as a placement guide +- See the [Full Examples](/common/middlewares/redirect-regex#full-examples) section for complete examples. +- Upstream documentation for this middleware can be found [here](https://doc.traefik.io/traefik/middlewares/http/redirectregex) + +::: + +## Appears in + +- `.Values.middlewares.$name.data` + +:::tip + +- See available middleware keys [here](/common/middlewares). +- This options apply only when `type: redirect-regex`. + +::: + +--- + +## `regex` + +Define the regex + +| | | +| ---------- | ------------------------------ | +| Key | `middlewares.$name.data.regex` | +| Type | `string` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + regex: some-regex +``` + +--- + +## `replacement` + +Define the replacement + +| | | +| ---------- | ------------------------------------ | +| Key | `middlewares.$name.data.replacement` | +| Type | `string` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + replacement: some-replacement +``` + +--- + +## `permanent` + +Define the permanent + +| | | +| ---------- | ---------------------------------- | +| Key | `middlewares.$name.data.permanent` | +| Type | `bool` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + permanent: true +``` + +--- + +## Full Examples + +```yaml +middlewares: + middleware-name: + enabled: true + type: redirect-regex + data: + regex: some-regex + replacement: some-replacement + permanent: true +``` diff --git a/website/src/content/docs/common/middlewares/redirect-scheme.md b/website/src/content/docs/common/middlewares/redirect-scheme.md new file mode 100644 index 00000000000..00f2585d6f3 --- /dev/null +++ b/website/src/content/docs/common/middlewares/redirect-scheme.md @@ -0,0 +1,82 @@ +--- +title: Redirect Scheme Middleware +--- + +:::note + +- Examples under each key are only to be used as a placement guide +- See the [Full Examples](/common/middlewares/redirect-scheme#full-examples) section for complete examples. +- Upstream documentation for this middleware can be found [here](https://doc.traefik.io/traefik/middlewares/http/redirectscheme) + +::: + +## Appears in + +- `.Values.middlewares.$name.data` + +:::tip + +- See available middleware keys [here](/common/middlewares). +- This options apply only when `type: redirect-scheme`. + +::: + +--- + +## `scheme` + +Define the scheme + +| | | +| ---------- | ------------------------------- | +| Key | `middlewares.$name.data.scheme` | +| Type | `string` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + scheme: https +``` + +--- + +## `permanent` + +Define the permanent + +| | | +| ---------- | ---------------------------------- | +| Key | `middlewares.$name.data.permanent` | +| Type | `bool` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + permanent: true +``` + +--- + +## Full Examples + +```yaml +middlewares: + middleware-name: + enabled: true + type: redirect-scheme + data: + scheme: https + permanent: true +``` diff --git a/website/src/content/docs/common/middlewares/replace-path-regex.md b/website/src/content/docs/common/middlewares/replace-path-regex.md new file mode 100644 index 00000000000..a355c3e139f --- /dev/null +++ b/website/src/content/docs/common/middlewares/replace-path-regex.md @@ -0,0 +1,82 @@ +--- +title: Replace Path Regex Middleware +--- + +:::note + +- Examples under each key are only to be used as a placement guide +- See the [Full Examples](/common/middlewares/replace-path-regex#full-examples) section for complete examples. +- Upstream documentation for this middleware can be found [here](https://doc.traefik.io/traefik/middlewares/http/replacepathregex) + +::: + +## Appears in + +- `.Values.middlewares.$name.data` + +:::tip + +- See available middleware keys [here](/common/middlewares). +- This options apply only when `type: replace-path-regex`. + +::: + +--- + +## `regex` + +Define the regex + +| | | +| ---------- | ------------------------------ | +| Key | `middlewares.$name.data.regex` | +| Type | `string` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + regex: /some-path +``` + +--- + +## `replacement` + +Define the replacement + +| | | +| ---------- | ------------------------------------ | +| Key | `middlewares.$name.data.replacement` | +| Type | `string` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + replacement: /some-replacement +``` + +--- + +## Full Examples + +```yaml +middlewares: + middleware-name: + enabled: true + type: replace-path-regex + data: + regex: /some-path + replacement: /some-replacement +``` diff --git a/website/src/content/docs/common/middlewares/replace-path.md b/website/src/content/docs/common/middlewares/replace-path.md new file mode 100644 index 00000000000..db1859af426 --- /dev/null +++ b/website/src/content/docs/common/middlewares/replace-path.md @@ -0,0 +1,58 @@ +--- +title: Replace Path Middleware +--- + +:::note + +- Examples under each key are only to be used as a placement guide +- See the [Full Examples](/common/middlewares/replace-path#full-examples) section for complete examples. +- Upstream documentation for this middleware can be found [here](https://doc.traefik.io/traefik/middlewares/http/replacepath) + +::: + +## Appears in + +- `.Values.middlewares.$name.data` + +:::tip + +- See available middleware keys [here](/common/middlewares). +- This options apply only when `type: replace-path`. + +::: + +--- + +## `path` + +Define the path + +| | | +| ---------- | ----------------------------- | +| Key | `middlewares.$name.data.path` | +| Type | `string` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + path: /some-path +``` + +--- + +## Full Examples + +```yaml +middlewares: + middleware-name: + enabled: true + type: replace-path + data: + path: /some-path +``` diff --git a/website/src/content/docs/common/middlewares/retry.md b/website/src/content/docs/common/middlewares/retry.md new file mode 100644 index 00000000000..641d8528c73 --- /dev/null +++ b/website/src/content/docs/common/middlewares/retry.md @@ -0,0 +1,82 @@ +--- +title: Retry Middleware +--- + +:::note + +- Examples under each key are only to be used as a placement guide +- See the [Full Examples](/common/middlewares/retry#full-examples) section for complete examples. +- Upstream documentation for this middleware can be found [here](https://doc.traefik.io/traefik/middlewares/http/retry) + +::: + +## Appears in + +- `.Values.middlewares.$name.data` + +:::tip + +- See available middleware keys [here](/common/middlewares). +- This options apply only when `type: retry`. + +::: + +--- + +## `attempts` + +Define the path + +| | | +| ---------- | --------------------------------- | +| Key | `middlewares.$name.data.attempts` | +| Type | `string` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + attempts: 3 +``` + +--- + +## `initialInterval` + +Define the initialInterval + +| | | +| ---------- | ---------------------------------------- | +| Key | `middlewares.$name.data.initialInterval` | +| Type | `string` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + initialInterval: 1000 +``` + +--- + +## Full Examples + +```yaml +middlewares: + middleware-name: + enabled: true + type: retry + data: + attempts: 3 + initialInterval: 1000 +``` diff --git a/website/src/content/docs/common/middlewares/strip-prefix-regex.md b/website/src/content/docs/common/middlewares/strip-prefix-regex.md new file mode 100644 index 00000000000..76403a8bcc1 --- /dev/null +++ b/website/src/content/docs/common/middlewares/strip-prefix-regex.md @@ -0,0 +1,62 @@ +--- +title: Strip Prefix Regex Middleware +--- + +:::note + +- Examples under each key are only to be used as a placement guide +- See the [Full Examples](/common/middlewares/strip-prefix-regex#full-examples) section for complete examples. +- Upstream documentation for this middleware can be found [here](https://doc.traefik.io/traefik/middlewares/http/stripprefixregex) + +::: + +## Appears in + +- `.Values.middlewares.$name.data` + +:::tip + +- See available middleware keys [here](/common/middlewares). +- This options apply only when `type: strip-prefix-regex`. + +::: + +--- + +## `regex` + +Define the regexes + +| | | +| ---------- | ------------------------------ | +| Key | `middlewares.$name.data.regex` | +| Type | `list` of `string` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + regex: + - some-regex + - some-other-regex +``` + +--- + +## Full Examples + +```yaml +middlewares: + middleware-name: + enabled: true + type: strip-prefix-regex + data: + regex: + - some-regex + - some-other-regex +``` diff --git a/website/src/content/docs/common/middlewares/strip-prefix.md b/website/src/content/docs/common/middlewares/strip-prefix.md new file mode 100644 index 00000000000..08785406561 --- /dev/null +++ b/website/src/content/docs/common/middlewares/strip-prefix.md @@ -0,0 +1,86 @@ +--- +title: Strip Prefix Middleware +--- + +:::note + +- Examples under each key are only to be used as a placement guide +- See the [Full Examples](/common/middlewares/strip-prefix#full-examples) section for complete examples. +- Upstream documentation for this middleware can be found [here](https://doc.traefik.io/traefik/middlewares/http/stripprefix) + +::: + +## Appears in + +- `.Values.middlewares.$name.data` + +:::tip + +- See available middleware keys [here](/common/middlewares). +- This options apply only when `type: strip-prefix`. + +::: + +--- + +## `prefix` + +Define the prefixes + +| | | +| ---------- | ------------------------------- | +| Key | `middlewares.$name.data.prefix` | +| Type | `list` of `string` | +| Required | ✅ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + prefix: + - /some-prefix + - /some-other-prefix +``` + +--- + +## `forceSlash` + +Define the forceSlash + +| | | +| ---------- | ----------------------------------- | +| Key | `middlewares.$name.data.forceSlash` | +| Type | `bool` | +| Required | ❌ | +| Helm `tpl` | ❌ | +| Default | - | + +Example + +```yaml +middlewares: + middleware-name: + data: + forceSlash: true +``` + +--- + +## Full Examples + +```yaml +middlewares: + middleware-name: + enabled: true + type: strip-prefix + data: + prefix: + - /some-prefix + - /some-other-prefix + forceSlash: true +```