generated from canonical/template-operator
-
Notifications
You must be signed in to change notification settings - Fork 27
/
config.yaml
84 lines (70 loc) · 3.57 KB
/
config.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
# Copyright 2022 Canonical Ltd.
# See LICENSE file for licensing details.
options:
enable_experimental_forward_auth:
description: |
Enables `forward-auth` middleware capabilities required to set up Identity and Access Proxy.
This feature is experimental and may be unstable.
type: boolean
default: False
loadbalancer_annotations:
description: |
A comma-separated list of annotations to apply to the LoadBalancer service.
The format should be: `key1=value1,key2=value2,key3=value3`.
These annotations are passed directly to the Kubernetes LoadBalancer service,
enabling customization for specific cloud provider settings or integrations.
Example:
"external-dns.alpha.kubernetes.io/hostname=example.com,service.beta.kubernetes.io/aws-load-balancer-type=nlb"
Ensure the annotations are correctly formatted and adhere to Kubernetes' syntax and character set : https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/#syntax-and-character-set
Invalid values will result in LoadBalancer being removed and all previously set annotations will be lost.
type: string
basic_auth_user:
description: |
Enables the `basicAuth` middleware for **all** routes on this proxy.
The format of this string must be: `name:hashed-password`, generated with e.g. htpasswd.
Supported hashing algorithms are: MD5, SHA1, BCrypt.
For more documentation see https://doc.traefik.io/traefik/middlewares/http/basicauth/
Once this config option is set, the username/password pair will be required to authenticate
http requests on all routes proxied by this traefik app.
type: string
external_hostname:
description: |
The DNS name to be used by Traefik ingress.
If unspecified, the gateway ingress ip address will be used, e.g,
as provided by MetalLB. This needs to be a `bare` hostname: i.e.
no schema prefix and no port.
type: string
routing_mode:
description: |
The routing mode allows you to specify how Traefik going to generate
routes on behalf of the requesters.
Valid values are "path" and "subdomain".
With the "path" routing mode, Traefik will use its externally-visible url,
and create a route for the requester that will be structure like:
`<external_url>/<requester_model_name>-<requester_application_name>-<requester-unit-index>`
For example, an ingress-per-unit provider with `http://foo` external URL,
will provide to the unit `my-unit/2` in the `my-model` model the
following URL:
`http://foo/my-model-my-unit-2`
With the "subdomain" routing mode, Traefik will use its externally-visible url,
and create a route for the requester that will be structure like:
`<protocol>://<requester_model_name>-<requester_application_name>-<requester-unit-index>.<external_hostname>:<port>/`
For example, an ingress-per-unit provider with `http://foo:8080` external URL,
will provide to the unit `my-unit/2` in the `my-model` model the following URL:
`http://my-model-my-unit-2.foo:8080`
Note that, for 'subdomain' routing mode, the external_hostname must be set and not be set to an IP address. This
is because subdomains are not supported for IP addresses.
type: string
default: path
tls-ca:
description: |
CA cert used for TLS termination.
type: string
tls-cert:
description: |
SSL cert used for TLS termination.
type: string
tls-key:
description: |
Key used for TLS termination.
type: string