REFERENCE.md

Reference

Requirements

Name	Version
terraform	>= 1.3.0
kubernetes	~> 2.0

Providers

Name	Version
kubernetes	~> 2.0

Modules

Name	Source	Version
basic_auth_middleware	./modules/middleware-basic-auth	n/a
custom_middleware	./modules/middleware	n/a
default_middleware	./modules/middleware	n/a
generic	solution-libre/generic/helm	0.6.0
ingress_routes	./modules/ingress-route	n/a
ingress_routes_tcp	./modules/ingress-route-tcp	n/a
redirect_regex_middleware	./modules/middleware-redirect-regex	n/a
strip_prefix_middleware	./modules/middleware-strip-prefix	n/a

Resources

Name	Type
kubernetes_manifest.tls_options	resource
kubernetes_network_policy.traefik_allow_ingress	resource

Inputs

Name	Description	Type	Default	Required
deployment	Traefik deployment configuration	object({ enabled = optional(bool, true) # Enable deployment kind = optional(string, "Deployment") # Deployment or DaemonSet replicas = optional(number, 1) # Number of pods of the deployment (only applies when kind == Deployment) })	{}	no
experimental	Traefik experimental features	object({ plugins = optional(map(object({ module_name = string version = string })), {}) # Enable traefik experimental plugins })	{}	no
helm_release	Traefik Helm release configuration	object({ chart = optional(string, "traefik") # Chart name to be installed chart_version = optional(string, "20.8.0") # Specify the exact chart version to install extra_values = optional(list(string), []) # List of extra values in raw yaml to pass to helm name = optional(string, "traefik") # Release name repository = optional(string, "https://helm.traefik.io/traefik") # Repository URL where to locate the requested chart timeout = optional(number, 900) # Time in seconds to wait for any individual kubernetes operation })	{}	no
ingress_routes	Map of ingress routes	map(object({ custom_middlewares = optional(list(string), []) # Middlewares not managed by this module match = object({ hosts = list(string) paths = optional(list(string), []) path_prefixes = optional(list(string), []) }) metadata = object({ annotations = optional(map(string), {}) namespace = string }) redirects = optional(object({ priority = optional(number) from_non_www_to_www = optional(bool, false) from_www_to_non_www = optional(bool, false) regex = optional(map(object({ permanent = optional(bool, false) regex = string replacement = string })), {}) }), {}) service = object({ name = string port = number sticky = optional(bool, false) }) tls = object({ secret_name = string }) }))	{}	no
ingress_routes_tcp	Map of ingress routes TCP	map(object({ entry_point = object({ name = string port = number }) metadata = object({ annotations = optional(map(string), {}) namespace = string }) service = object({ name = string port = number proxy_protocol = optional(object({ enabled = optional(bool, false) version = optional(number, 2) })) }) tls = optional(object({ enabled = optional(bool, false) secret_name = string })) }))	{}	no
kubernetes_providers	Traefik provides configuration	object({ crd = optional(object({ enabled = optional(bool, true) # Load Kubernetes IngressRoute provider allow_cross_namespace = optional(bool, false) # Allows IngressRoute to reference resources in namespace other than theirs allow_external_name_services = optional(bool, false) # Allows to reference ExternalName services in IngressRoute allow_empty_services = optional(bool, false) # Allows to return 503 when there is no endpoints available })), ingress = optional(object({ enabled = optional(bool, true) # Load Kubernetes IngressRoute provider allow_external_name_services = optional(bool, false) # Allows to reference ExternalName services in Ingress allow_empty_services = optional(bool, false) # Allows to return 503 when there is no endpoints available })) })	{}	no
logs	Traefik logs configuration	object({ access = optional(object({ enabled = optional(bool, false) fields = optional(object({ general = optional(object({ defaultmode = optional(string, "keep") # Available modes: keep, drop, redact names = optional(map(string), {}) # Names of the fields to limit. Example: { ClientUsername = "drop" } }), {}) headers = optional(object({ defaultmode = optional(string, "drop") # Available modes: keep, drop, redact names = optional(map(string), {}) # Names of the fields to limit. Example: { User-Agent = "redact" } }), {}) }), {}) }), {}) general = optional(object({ level = optional(string, "ERROR") # Logging levels. Alternative logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO. }), {}) })	{}	no
metrics	Traefik metrics configuration	object({ prometheus = optional(object({ enabled = optional(bool, true) entry_point = optional(string, "metrics") # Entry point used to expose metrics service = optional(object({ enabled = optional(bool, false) # Create a dedicated metrics service for use with ServiceMonitor }), {}) service_monitor = optional(object({ enabled = optional(bool, false) }), {}) }), {}) })	{}	no
middlewares	Traefik middlewares	object({ custom = optional(map(object({ ingress_routes = set(string) spec = map(any) })), {}) strip_prefix = optional(map(object({ force_slash = optional(bool) # The resulting stripped path is not the empty string, by replacing it with / when necessary ingress_routes = set(string) prefixes = set(string) # The prefixes to strip from the request URL })), {}) })	{}	no
middlewares_basic_auth	Traefik middlewares Basic Authentication	map(object({ ingress_routes = set(string) password = string username = string }))	{}	no
namespace	Traefik namespace configuration	object({ create = optional(bool, true) # Create the namespace if it does not yet exist name = optional(string, "traefik") # The namespace to install the release into })	{}	no
network_policies	Traefik network policies configuration	object({ egress = optional(object({ allow = optional(object({ within_namespace = optional(bool, false) # Allow egress traffic within the namespace }), {}) default = optional(object({ allow_all = optional(bool, false) # By default, allow all egress traffic deny_all = optional(bool, false) # By default, deny all egress traffic }), {}) }), {}) ingress = optional(object({ allow = optional(object({ external = optional(object({ enabled = optional(bool, true) # Allowing external ingress from_cidrs = optional(list(string), ["0.0.0.0/0"]) # From these CIDRs }), {}) monitoring_namespace = optional(bool, false) # Allow ingress traffic from the namespace named monitoring within_namespace = optional(bool, false) # Allow ingress traffic within the namespace }), {}) default = optional(object({ allow_all = optional(bool, false) # By default, allow all ingress traffic deny_all = optional(bool, false) # By default, deny all ingress traffic }), {}) }), {}) })	{}	no
ports	Traefik ports configuration	object({ lb_ip = optional(string, "") # The IP address of the kubernetes provider's LoadBalancer http_to_https_redirection = optional(bool, true) # Permanent redirect from HTTP to HTTPs })	{}	no
security_headers	Traefik security headers configuration	object({ frame_deny = optional(bool, false) browser_xss_filter = optional(bool, true) content_type_nosniff = optional(bool, true) sts = optional(object({ include_subdomains = optional(bool, true) seconds = optional(number, 315360000) preload = optional(bool, true) }), {}) })	{}	no
service	Traefik service configuration	object({ annotations = optional(map(string), {}) # Additional annotations applied to both TCP and UDP services ip_family_policy = optional(string) # One of SingleStack, PreferDualStack, or RequireDualStack type = optional(string, "LoadBalancer") })	{}	no

Outputs

Name	Description
namespace	Traefik namespace
values	n/a
version	Traefik version