{ "description": "ServersTransport is the CRD implementation of a ServersTransport.\nIf no serversTransport is specified, the default@internal will be used.\nThe default@internal serversTransport is created from the static configuration.\nMore info: https://doc.traefik.io/traefik/v3.6/reference/routing-configuration/http/load-balancing/serverstransport/", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": [ "string", "null" ] }, "kind": { "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": [ "string", "null" ] }, "metadata": { "type": "object" }, "spec": { "additionalProperties": false, "description": "ServersTransportSpec defines the desired state of a ServersTransport.", "properties": { "certificatesSecrets": { "description": "CertificatesSecrets defines a list of secret storing client certificates for mTLS.", "items": { "type": "string" }, "type": [ "array", "null" ] }, "disableHTTP2": { "description": "DisableHTTP2 disables HTTP/2 for connections with backend servers.", "type": [ "boolean", "null" ] }, "forwardingTimeouts": { "additionalProperties": false, "description": "ForwardingTimeouts defines the timeouts for requests forwarded to the backend servers.", "properties": { "dialTimeout": { "anyOf": [ { "type": "integer" }, { "type": "string" } ], "description": "DialTimeout is the amount of time to wait until a connection to a backend server can be established.", "pattern": "^([0-9]+(ns|us|µs|ms|s|m|h)?)+$", "x-kubernetes-int-or-string": true }, "idleConnTimeout": { "anyOf": [ { "type": "integer" }, { "type": "string" } ], "description": "IdleConnTimeout is the maximum period for which an idle HTTP keep-alive connection will remain open before closing itself.", "pattern": "^([0-9]+(ns|us|µs|ms|s|m|h)?)+$", "x-kubernetes-int-or-string": true }, "pingTimeout": { "anyOf": [ { "type": "integer" }, { "type": "string" } ], "description": "PingTimeout is the timeout after which the HTTP/2 connection will be closed if a response to ping is not received.", "pattern": "^([0-9]+(ns|us|µs|ms|s|m|h)?)+$", "x-kubernetes-int-or-string": true }, "readIdleTimeout": { "anyOf": [ { "type": "integer" }, { "type": "string" } ], "description": "ReadIdleTimeout is the timeout after which a health check using ping frame will be carried out if no frame is received on the HTTP/2 connection.", "pattern": "^([0-9]+(ns|us|µs|ms|s|m|h)?)+$", "x-kubernetes-int-or-string": true }, "responseHeaderTimeout": { "anyOf": [ { "type": "integer" }, { "type": "string" } ], "description": "ResponseHeaderTimeout is the amount of time to wait for a server's response headers after fully writing the request (including its body, if any).", "pattern": "^([0-9]+(ns|us|µs|ms|s|m|h)?)+$", "x-kubernetes-int-or-string": true } }, "type": [ "object", "null" ] }, "insecureSkipVerify": { "description": "InsecureSkipVerify disables SSL certificate verification.", "type": [ "boolean", "null" ] }, "maxIdleConnsPerHost": { "description": "MaxIdleConnsPerHost controls the maximum idle (keep-alive) to keep per-host.", "minimum": -1, "type": [ "integer", "null" ] }, "peerCertURI": { "description": "PeerCertURI defines the peer cert URI used to match against SAN URI during the peer certificate verification.", "type": [ "string", "null" ] }, "rootCAs": { "description": "RootCAs defines a list of CA certificate Secrets or ConfigMaps used to validate server certificates.", "items": { "additionalProperties": false, "description": "RootCA defines a reference to a Secret or a ConfigMap that holds a CA certificate.\nIf both a Secret and a ConfigMap reference are defined, the Secret reference takes precedence.", "properties": { "configMap": { "description": "ConfigMap defines the name of a ConfigMap that holds a CA certificate.\nThe referenced ConfigMap must contain a certificate under either a tls.ca or a ca.crt key.", "type": [ "string", "null" ] }, "secret": { "description": "Secret defines the name of a Secret that holds a CA certificate.\nThe referenced Secret must contain a certificate under either a tls.ca or a ca.crt key.", "type": [ "string", "null" ] } }, "type": "object", "x-kubernetes-validations": [ { "message": "RootCA cannot have both Secret and ConfigMap defined.", "rule": "!has(self.secret) || !has(self.configMap)" } ] }, "type": [ "array", "null" ] }, "rootCAsSecrets": { "description": "RootCAsSecrets defines a list of CA secret used to validate self-signed certificate.\n\nDeprecated: RootCAsSecrets is deprecated, please use the RootCAs option instead.", "items": { "type": "string" }, "type": [ "array", "null" ] }, "serverName": { "description": "ServerName defines the server name used to contact the server.", "type": [ "string", "null" ] }, "spiffe": { "additionalProperties": false, "description": "Spiffe defines the SPIFFE configuration.", "properties": { "ids": { "description": "IDs defines the allowed SPIFFE IDs (takes precedence over the SPIFFE TrustDomain).", "items": { "type": "string" }, "type": [ "array", "null" ] }, "trustDomain": { "description": "TrustDomain defines the allowed SPIFFE trust domain.", "type": [ "string", "null" ] } }, "type": [ "object", "null" ] } }, "type": "object" } }, "required": [ "metadata", "spec" ], "type": "object" }