Skip to content

Kubernetes Configuration Reference

Dynamic configuration with Kubernetes Custom Resource

apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: ingressroutes.traefik.containo.us

spec:
  group: traefik.containo.us
  version: v1alpha1
  names:
    kind: IngressRoute
    plural: ingressroutes
    singular: ingressroute
  scope: Namespaced

---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: middlewares.traefik.containo.us
spec:
  group: traefik.containo.us
  version: v1alpha1
  names:
    kind: Middleware
    plural: middlewares
    singular: middleware
  scope: Namespaced

---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: tlsoptions.traefik.containo.us

spec:
  group: traefik.containo.us
  version: v1alpha1
  names:
    kind: TLSOption
    plural: tlsoptions
    singular: tlsoption
  scope: Namespaced

---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: ingressroutetcps.traefik.containo.us

spec:
  group: traefik.containo.us
  version: v1alpha1
  names:
    kind: IngressRouteTCP
    plural: ingressroutetcps
    singular: ingressroutetcp
  scope: Namespaced

---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: ingressroute
spec:
  entryPoints:
    - web
    - web-secure
  routes:
    - match: Host(`foo.com`) && PathPrefix(`/bar`)
      kind: Rule
      priority: 12
      # defining several services is possible and allowed, but for now the servers of
      # all the services (for a given route) get merged altogether under the same
      # load-balancing strategy.
      services:
        - name: s1
          port: 80
          healthCheck:
            path: /health
            host: baz.com
            intervalSeconds: 7
            timeoutSeconds: 60
          # strategy defines the load balancing strategy between the servers. It defaults
          # to Round Robin, and for now only Round Robin is supported anyway.
          strategy: RoundRobin
        - name: s2
          port: 433
          healthCheck:
            path: /health
            host: baz.com
            intervalSeconds: 7
            timeoutSeconds: 60
    - match: PathPrefix(`/misc`)
      services:
        - name: s3
          port: 80
      middlewares:
        - name: stripprefix
        - name: addprefix
    - match: PathPrefix(`/misc`)
      services:
        - name: s3
          port: 8443
          # scheme allow to override the scheme for the service. (ex: https or h2c)
          scheme: https
  # use an empty tls object for TLS with Let's Encrypt
  tls:
    secretName: supersecret
    options:
      name: myTLSOption
      namespace: default

---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteTCP
metadata:
  name: ingressroutetcp.crd
  namespace: default

spec:
  entryPoints:
    - footcp
  routes:
    - match: HostSNI(`bar.com`)
      services:
        - name: whoamitcp
          port: 8080
  tls:
    secretName: foosecret
    passthrough: false
    options:
      name: myTLSOption
      namespace: default