primal/traefik
1
0
Fork 0
mirror of https://github.com/traefik/traefik synced 2026-02-03 08:50:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge current v3.6 into master

Browse Source
This commit is contained in:
mmatur
2026-01-09 20:28:45 +01:00
parent 12d792cdef dc04dc1940
commit df50421b53
43 changed files with 730 additions and 79 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/check.Dockerfile
+1
View File
@@ -34,6 +34,7 @@ RUN apk --no-cache --no-progress add \
COPY ./scripts/verify.sh /verify.sh
COPY ./scripts/lint.sh /lint.sh
COPY ./scripts/lint-yaml.sh /lint-yaml.sh
WORKDIR /app
VOLUME ["/tmp","/app"]
docs/content/assets/css/code-copy.css
+18
View File
@@ -0,0 +1,18 @@
/* Fix positioning of the built-in clipboard button for code blocks.
* In this theme, the button can end up positioned relative to <body>,
* so anchor it to the code block container instead.
*/
.md-typeset pre.highlight {
position: relative;
}
.md-typeset pre.highlight > button.md-clipboard {
position: absolute;
top: .25rem;
right: .25rem;
z-index: 10;
opacity: 1;
visibility: visible;
}
docs/content/features/index.md
+148
View File
@@ -0,0 +1,148 @@
---
title: "Traefik Product Features Comparison"
description: "Compare features across Traefik Proxy, Traefik Hub API Gateway (including AI Gateway capabilities), and Traefik Hub API Management to choose the right solution for your needs."
---
# Traefik Product Features Comparison
The Traefik ecosystem offers multiple products designed to meet different requirements, from basic reverse proxy functionality to comprehensive API management and AI gateway capabilities. This comparison matrix helps you understand the features available in each product and choose the right solution for your use case.
## Product Overview
- **Traefik Proxy** is the open-source application proxy that serves as the foundation for all Traefik products. It provides essential reverse proxy, load balancing, and service discovery capabilities.
- **[Traefik Hub API Gateway](https://traefik.io/solutions/api-gateway/)** builds on Traefik Proxy with enterprise-grade security, distributed features, and advanced access control for cloud-native API gateway scenarios. It includes **AI Gateway capabilities** that transform any AI endpoint into a managed API.
- **[Traefik Hub API Management](https://traefik.io/solutions/api-management/)** adds comprehensive API lifecycle management, developer portals, and organizational features for teams managing multiple APIs across environments.
- **[Traefik AI Gateway](https://traefik.io/solutions/ai-gateway/)** transforms any AI endpoint into a managed API with unified access to multiple LLMs, centralized credential management, semantic caching, local inferencing, and comprehensive AI governance features.
- **[Traefik MCP Gateway](https://traefik.io/solutions/mcp-gateway/)** provides secure, governed access to Model Context Protocol (MCP) servers for AI agents with task-based access control (TBAC), session-smart routing, and comprehensive audit capabilities for enterprise AI workflows.
## Features Matrix
| Feature | Traefik Proxy | Traefik Hub API Gateway | Traefik Hub API Management |
|---------|---------------|------------------------|---------------------------|
| **Core Networking** | | | |
| Services Auto-Discovery | ✓ | ✓ | ✓ |
| Graceful Configuration Reload | ✓ | ✓ | ✓ |
| Websockets, HTTP/2, HTTP/3, TCP, UDP, GRPC | ✓ | ✓ | ✓ |
| Real-time Logs, Access Logs, Metrics & Distributed Tracing | ✓ | ✓ | ✓ |
| Canary Deployments | ✓ | ✓ | ✓ |
| Let's Encrypt | ✓ | ✓ | ✓ |
| **Plugin Ecosystem** | | | |
| [Plugin Support](https://plugins.traefik.io/plugins) ([Go](https://github.com/traefik/yaegi), [WASM](https://webassembly.org/)) | ✓ | ✓ | ✓ |
| **Deployment & Operations** | | | |
| Hybrid cloud, multi-cloud & on-prem compatible | ✓ | ✓ | ✓ |
| Per-cluster dashboard | ✓ | ✓ | ✓ |
| GitOps-native declarative configuration | ✓ | ✓ | ✓ |
| **Authentication & Authorization** | | | |
| JWT Authentication | ✗ | ✓ | ✓ |
| OAuth 2.0 Token Introspection Authentication | ✗ | ✓ | ✓ |
| OAuth 2.0 Client Credentials Authentication | ✗ | ✓ | ✓ |
| OpenID Connect Authentication | ✗ | ✓ | ✓ |
| Lightweight Directory Access Protocol (LDAP) | ✗ | ✓ | ✓ |
| API Key Authentication | ✗ | ✓ | ✓ |
| **Security & Policy** | | | |
| Open Policy Agent | ✗ | ✓ | ✓ |
| Native Coraza Web Application Firewall (WAF) | ✗ | ✓ | ✓ |
| HashiCorp Vault Integration | ✗ | ✓ | ✓ |
| **Distributed Features** | | | |
| Distributed Let's Encrypt | ✗ | ✓ | ✓ |
| Distributed Rate Limit | ✗ | ✓ | ✓ |
| HTTP Caching | ✗ | ✓ | ✓ |
| **Compliance** | | | |
| FIPS 140-2 Compliance (Linux & Windows) | ✗ | ✓ | ✓ |
| **AI Gateway Capabilities** | | | |
| Unified Multi-LLM API Access | ✗ | ✓ | ✓ |
| Centralized AI Credential Management | ✗ | ✓ | ✓ |
| AI Provider Flexibility (OpenAI, Anthropic, Azure OpenAI, AWS Bedrock, etc.) | ✗ | ✓ | ✓ |
| Semantic Caching for AI Responses | ✗ | ✓ | ✓ |
| Content Guard & PII Protection | ✗ | ✓ | ✓ |
| AI-specific Observability & OpenTelemetry Integration | ✗ | ✓ | ✓ |
| Support for Local/Self-hosted LLMs & Inference (Ollama, Mistral, etc.) | ✗ | ✓ | ✓ |
| **MCP Gateway Capabilities** | | | |
| Task-Based Access Control (TBAC) for AI Agents | ✗ | ✓ | ✓ |
| MCP Servers Governance | ✗ | ✓ | ✓ |
| Session-Smart Load Balancing for Agent Workflows | ✗ | ✓ | ✓ |
| OAuth 2.1 / 2.0 Resource Server for MCP | ✗ | ✓ | ✓ |
| Fine-grained Policy Enforcement for AI Tools | ✗ | ✓ | ✓ |
| Audit-ready Observability for Agent Interactions | ✗ | ✓ | ✓ |
| **API Management** | | | |
| Flexible API grouping and versioning | ✗ | ✗ | ✓ |
| API Developer Portal | ✗ | ✗ | ✓ |
| OpenAPI Specifications Support | ✗ | ✗ | ✓ |
| Multi-cluster dashboard | ✗ | ✗ | ✓ |
| Built-in identity provider (or use your own) | ✗ | ✗ | ✓ |
| Configuration linter & change impact analysis | ✗ | ✗ | ✓ |
| Pre-built Grafana dashboards | ✗ | ✗ | ✓ |
| Event correlation for quick incident mitigation | ✗ | ✗ | ✓ |
| Traffic debugger | ✗ | ✓ | ✓ |
| **Support** | | | |
| Built-In Commercial Support | Add-on | ✓ | ✓ |
## Choosing the Right Product
### Start with Traefik Proxy
Traefik Proxy is the ideal starting point for organizations looking for a reliable, open-source application proxy with essential networking capabilities. Deploy it as your default ingress tier if you need:
- Basic reverse proxy and load balancing
- Service discovery for containerized applications
- Simple TLS termination and Let's Encrypt integration
- Cost-effective solution with community support (can upgrade to Traefik Hub for more features)
### Upgrade to Traefik Hub API Gateway
Traefik Hub API Gateway layers enterprise security, distributed coordination, and AI Gateway capabilities on top of Traefik Proxy. Upgrade to it when you need:
- Enterprise security requirements (JWT, OIDC, LDAP)
- Distributed deployments across multiple clusters
- Advanced rate limiting and caching
- WAF and policy enforcement
- AI Gateway capabilities
- Commercial support
### Consider Traefik AI Gateway
Traefik AI Gateway unifies hosted and self-hosted LLM access under centralized control and observability. Consider it if you have:
- Multi-LLM applications requiring unified API access
- Organizations using multiple AI providers (OpenAI, Anthropic, Azure OpenAI, AWS Bedrock, etc.)
- Local/self-hosted LLM deployments (Ollama, Mistral)
- Centralized AI credential and security management
- Cost optimization through semantic caching
- PII protection and content filtering for AI interactions
- Comprehensive AI observability and compliance requirements
### Choose Traefik MCP Gateway
Traefik MCP Gateway governs how AI agents interact with Model Context Protocol servers through task-aware policies and session-smart routing. Choose it if you need:
- AI agent deployments requiring secure access to MCP servers
- Task-based access control (TBAC) for AI workflows
- Governance of Model Context Protocol interactions
- Session-smart routing for long-running agent conversations
- OAuth 2.1 / 2.0 compliant MCP server protection
- Audit-ready observability for AI agent activities
- Fine-grained policy enforcement for AI tools and resources
### Choose Traefik Hub API Management
Traefik Hub API Management extends the gateway foundation with API lifecycle tooling, developer experience features, and governance workflows. Choose it when you have:
- Multiple APIs requiring centralized management
- Developer teams needing self-service portals
- Complex API versioning and lifecycle requirements
- Multi-cluster environments requiring unified dashboards
- Compliance and governance needs
## Migration Path
The Traefik ecosystem is designed for seamless upgrades. You can start with Traefik Proxy and add capabilities as your requirements grow:
1. **Traefik Proxy****Hub API Gateway**: Add enterprise security, distributed features, and AI Gateway capabilities
2. **Hub API Gateway****Hub API Management**: Add comprehensive API management and governance features
3. **MCP Gateway**: Specialized solution for AI agent governance and Model Context Protocol management
All products share the same core configuration concepts, making migration straightforward while preserving your existing configurations and operational knowledge.
docs/content/index.md
+2
View File
@@ -11,6 +11,8 @@ Traefik is an [open-source](https://github.com/traefik/traefik) Application Prox
If you start with Traefik for service discovery and routing, you can seamlessly add [API management](https://traefik.io/solutions/api-management/), [API gateway](https://traefik.io/solutions/api-gateway/), [AI gateway](https://traefik.io/solutions/ai-gateway/), and [API mocking](https://traefik.io/solutions/api-mocking/) capabilities as needed.
For a detailed comparison of all Traefik products and their capabilities, see our [Product Features Comparison](./features/).
With 3.3 billion downloads and over 55k stars on GitHub, Traefik is used globally across hybrid cloud, multi-cloud, on prem, and bare metal environments running Kubernetes, Docker Swarm, AWS, [the list goes on](https://doc.traefik.io/traefik/reference/install-configuration/providers/overview/).
Heres how it works—Traefik receives requests on behalf of your system, identifies which components are responsible for handling them, and routes them securely. It automatically discovers the right configuration for your services by inspecting your infrastructure to identify relevant information and which service serves which request.
docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
-1
View File
@@ -1,4 +1,3 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
docs/content/reference/dynamic-configuration/kubernetes-gateway-rbac.yml
-1
View File
@@ -1,4 +1,3 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
docs/content/reference/dynamic-configuration/kubernetes-gateway-resource.yml
-1
View File
@@ -1,4 +1,3 @@
---
apiVersion: gateway.networking.k8s.io/v1
kind: GatewayClass
metadata:
docs/content/reference/dynamic-configuration/kubernetes-gateway-simple-https.yml
-1
View File
@@ -1,4 +1,3 @@
---
apiVersion: gateway.networking.k8s.io/v1
kind: GatewayClass
metadata:
docs/content/reference/dynamic-configuration/kubernetes-gateway-traefik-lb-svc.yml
-1
View File
@@ -1,4 +1,3 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
docs/content/reference/dynamic-configuration/kubernetes-ingress-nginx-rbac.yml
-1
View File
@@ -1,4 +1,3 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
docs/content/reference/dynamic-configuration/kubernetes-knative-rbac.yml
-1
View File
@@ -1,4 +1,3 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
docs/content/reference/dynamic-configuration/kubernetes-whoami-svc.yml
-1
View File
@@ -1,4 +1,3 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
docs/content/reference/install-configuration/api-dashboard.md
+21 -4
View File
@@ -3,13 +3,27 @@ title: "Traefik API & Dashboard Documentation"
description: "Traefik Proxy exposes information through API handlers and showcase them on the Dashboard. Learn about the security, configuration, and endpoints of the APIs and Dashboard. Read the technical documentation."
---
The dashboard is the central place that shows you the current active routes handled by Traefik.
Traefik exposes a number of information through API endpoints, such as the configuration of your routers, services, middlewares, etc.
The dashboard, which is the central place that displays the current active routes handled by Traefik, fetches the data from this API.
<figure>
<img src="../../../assets/img/webui-dashboard.png" alt="Dashboard - Providers" />
<figcaption>The dashboard in action</figcaption>
</figure>
## Security
Enabling the API and the dashboard in production is not recommended, because it will expose all configuration elements,
including sensitive data, for which access should be reserved to administrators.
In production, it should be at least secured by authentication and authorizations.
!!! info
It's recommended to NOT publicly exposing the API's port, keeping it restricted to internal networks
(as in the [principle of least privilege](https://en.wikipedia.org/wiki/Principle_of_least_privilege), applied to networks).
## Configuration Example
Enable the dashboard:
@@ -187,6 +201,7 @@ All the following endpoints must be accessed with a `GET` HTTP request.
| <a id="opt-apientrypoints" href="#opt-apientrypoints" title="#opt-apientrypoints">`/api/entrypoints`</a> | Lists all the entry points information. |
| <a id="opt-apientrypointsname" href="#opt-apientrypointsname" title="#opt-apientrypointsname">`/api/entrypoints/{name}`</a> | Returns the information of the entry point specified by `name`. |
| <a id="opt-apioverview" href="#opt-apioverview" title="#opt-apioverview">`/api/overview`</a> | Returns statistic information about HTTP, TCP and about enabled features and providers. |
| <a id="opt-apisupport-dump" href="#opt-apisupport-dump" title="#opt-apisupport-dump">`/api/support-dump`</a> | Returns an archive that contains the anonymized static configuration and the runtime configuration. |
| <a id="opt-apirawdata" href="#opt-apirawdata" title="#opt-apirawdata">`/api/rawdata`</a> | Returns information about dynamic configurations, errors, status and dependency relations. |
| <a id="opt-apiversion" href="#opt-apiversion" title="#opt-apiversion">`/api/version`</a> | Returns information about Traefik version. |
| <a id="opt-debugvars" href="#opt-debugvars" title="#opt-debugvars">`/debug/vars`</a> | See the [expvar](https://golang.org/pkg/expvar/) Go documentation. |
@@ -203,14 +218,16 @@ All the following endpoints must be accessed with a `GET` HTTP request.
## Dashboard
The dashboard is available at the same location as the API, but by default on the path `/dashboard/`.
The dashboard is available by default on the path `/dashboard/`.
!!! note
- The trailing slash `/` in `/dashboard/` is mandatory. This limitation can be mitigated using the the [RedirectRegex Middleware](../../middlewares/http/redirectregex.md).
- There is also a redirect from the path `/` to `/dashboard/`, but you should not rely on this behavior, as it is subject to change and may complicate routing rules.
- There is also a redirect from the path `/` to `/dashboard/`.
To securely access the dashboard, you need to define a routing configuration within Traefik. This involves setting up a router attached to the service `api@internal`, which allows you to:
As mentioned above in the [Security](#security) section, it is important to secure access to both the dashboard and the API.
You need to define a routing configuration within Traefik.
This involves setting up a router attached to the service `api@internal`, which allows you to:
- Implement security features using [middlewares](../../middlewares/overview.md), such as authentication ([basicAuth](../../middlewares/http/basicauth.md), [digestAuth](../../middlewares/http/digestauth.md),
[forwardAuth](../../middlewares/http/forwardauth.md)) or [allowlisting](../../middlewares/http/ipallowlist.md).
docs/content/reference/install-configuration/providers/docker.md
+1 -1
View File
@@ -420,7 +420,7 @@ You can specify which Docker API Endpoint to use with the directive [`endpoint`]
- [Traefik and Docker: A Discussion with Docker Captain, Bret Fisher](https://blog.traefik.io/traefik-and-docker-a-discussion-with-docker-captain-bret-fisher-7f0b9a54ff88)
- [KubeCon EU 2018 Keynote, Running with Scissors, from Liz Rice](https://www.youtube.com/watch?v=ltrV-Qmh3oY)
- [Don't expose the Docker socket (not even to a container)](https://www.lvh.io/posts/dont-expose-the-docker-socket-not-even-to-a-container/)
- [A thread on Stack Overflow about sharing the `/var/run/docker.sock` file](https://news.ycombinator.com/item?id=17983623)
- [A thread on Hacker News about sharing the `/var/run/docker.sock` file](https://news.ycombinator.com/item?id=17983623)
- [To DinD or not to DinD](https://blog.loof.fr/2018/01/to-dind-or-not-do-dind.html)
- [Traefik issue GH-4174 about security with Docker socket](https://github.com/traefik/traefik/issues/4174)
- [Inspecting Docker Activity with Socat](https://developers.redhat.com/blog/2015/02/25/inspecting-docker-activity-with-socat/)
docs/content/reference/routing-configuration/kubernetes/ingress-nginx.md
+3
View File
@@ -283,9 +283,11 @@ The following annotations are organized by category for easier navigation.
| <a id="opt-nginx-ingress-kubernetes-ioaffinity" href="#opt-nginx-ingress-kubernetes-ioaffinity" title="#opt-nginx-ingress-kubernetes-ioaffinity">`nginx.ingress.kubernetes.io/affinity`</a> | |
| <a id="opt-nginx-ingress-kubernetes-ioaffinity-mode" href="#opt-nginx-ingress-kubernetes-ioaffinity-mode" title="#opt-nginx-ingress-kubernetes-ioaffinity-mode">`nginx.ingress.kubernetes.io/affinity-mode`</a> | Only persistent mode supported; balanced/canary not supported. |
| <a id="opt-nginx-ingress-kubernetes-iosession-cookie-name" href="#opt-nginx-ingress-kubernetes-iosession-cookie-name" title="#opt-nginx-ingress-kubernetes-iosession-cookie-name">`nginx.ingress.kubernetes.io/session-cookie-name`</a> | |
| <a id="opt-nginx-ingress-kubernetes-iosession-cookie-secure" href="#opt-nginx-ingress-kubernetes-iosession-cookie-secure" title="#opt-nginx-ingress-kubernetes-iosession-cookie-secure">`nginx.ingress.kubernetes.io/session-cookie-secure`</a> | |
| <a id="opt-nginx-ingress-kubernetes-iosession-cookie-path" href="#opt-nginx-ingress-kubernetes-iosession-cookie-path" title="#opt-nginx-ingress-kubernetes-iosession-cookie-path">`nginx.ingress.kubernetes.io/session-cookie-path`</a> | |
| <a id="opt-nginx-ingress-kubernetes-iosession-cookie-domain" href="#opt-nginx-ingress-kubernetes-iosession-cookie-domain" title="#opt-nginx-ingress-kubernetes-iosession-cookie-domain">`nginx.ingress.kubernetes.io/session-cookie-domain`</a> | |
| <a id="opt-nginx-ingress-kubernetes-iosession-cookie-samesite" href="#opt-nginx-ingress-kubernetes-iosession-cookie-samesite" title="#opt-nginx-ingress-kubernetes-iosession-cookie-samesite">`nginx.ingress.kubernetes.io/session-cookie-samesite`</a> | |
| <a id="opt-nginx-ingress-kubernetes-iosession-cookie-max-age" href="#opt-nginx-ingress-kubernetes-iosession-cookie-max-age" title="#opt-nginx-ingress-kubernetes-iosession-cookie-max-age">`nginx.ingress.kubernetes.io/session-cookie-max-age`</a> | |
### Load Balancing & Backend
@@ -306,6 +308,7 @@ The following annotations are organized by category for easier navigation.
| <a id="opt-nginx-ingress-kubernetes-iocors-allow-headers" href="#opt-nginx-ingress-kubernetes-iocors-allow-headers" title="#opt-nginx-ingress-kubernetes-iocors-allow-headers">`nginx.ingress.kubernetes.io/cors-allow-headers`</a> | |
| <a id="opt-nginx-ingress-kubernetes-iocors-allow-methods" href="#opt-nginx-ingress-kubernetes-iocors-allow-methods" title="#opt-nginx-ingress-kubernetes-iocors-allow-methods">`nginx.ingress.kubernetes.io/cors-allow-methods`</a> | |
| <a id="opt-nginx-ingress-kubernetes-iocors-allow-origin" href="#opt-nginx-ingress-kubernetes-iocors-allow-origin" title="#opt-nginx-ingress-kubernetes-iocors-allow-origin">`nginx.ingress.kubernetes.io/cors-allow-origin`</a> | |
| <a id="opt-nginx-ingress-kubernetes-iocors-expose-headers" href="#opt-nginx-ingress-kubernetes-iocors-expose-headers" title="#opt-nginx-ingress-kubernetes-iocors-expose-headers">`nginx.ingress.kubernetes.io/cors-expose-headers`</a> | |
| <a id="opt-nginx-ingress-kubernetes-iocors-max-age" href="#opt-nginx-ingress-kubernetes-iocors-max-age" title="#opt-nginx-ingress-kubernetes-iocors-max-age">`nginx.ingress.kubernetes.io/cors-max-age`</a> | |
### Routing
docs/content/setup/kubernetes.md
+1 -1
View File
@@ -126,7 +126,7 @@ ingressRoute:
middlewares:
- name: dashboard-auth
# Creates a BasiAuth Middleware and Secret for the Dashboard Security
# Creates a BasicAuth Middleware and Secret for the Dashboard Security
extraObjects:
- apiVersion: v1
kind: Secret
docs/content/setup/swarm.md
+1 -1
View File
@@ -61,7 +61,7 @@ In the same directory, create `dockercomposeswarm.yaml`:
```yaml
services:
traefik:
image: traefik:v3.4
image: traefik:v3.6
networks:
# Connect to the 'traefik_proxy' overlay network for inter-container communication across nodes
docs/mkdocs.yml
+8 -3
View File
@@ -2,24 +2,27 @@ site_name: Traefik
site_description: Traefik Documentation
site_author: traefik.io
site_url: https://doc.traefik.io/traefik
dev_addr: 0.0.0.0:8000
dev_addr: localhost:8000
repo_name: 'GitHub'
repo_url: 'https://github.com/traefik/traefik'
docs_dir: 'content'
product: proxy
# https://squidfunk.github.io/mkdocs-material/
# Use custom version of mkdocs-material
# See https://github.com/traefik/mkdocs-material
theme:
name: 'traefik-labs'
product: proxy
language: en
include_sidebar: true
favicon: assets/img/traefikproxy-icon-color.png
logo: assets/img/traefikproxy-vertical-logo-color.svg
feature:
tabs: false
features:
- content.code.copy
palette:
primary: 'cyan'
accent: 'cyan'
@@ -35,6 +38,7 @@ extra_javascript:
extra_css:
- assets/css/menu-icons.css
- assets/css/code-copy.css
plugins:
- search
@@ -185,6 +189,7 @@ markdown_extensions:
# Page tree
nav:
- 'What is Traefik': 'index.md'
- 'Features': 'features/index.md'
- 'Getting Started':
- 'Overview': 'getting-started/index.md'
- 'Configuration Introduction': 'getting-started/configuration-overview.md'
docs/readme.md
+12
View File
@@ -16,3 +16,15 @@
[pymdown-extensions]: https://facelessuser.github.io/pymdown-extensions "PyMdown Extensions"
[pymdown-extensions-src]: https://github.com/facelessuser/pymdown-extensions "PyMdown Extensions - Sources"
## Build locally without docker
```sh
# Pre-requisite: python3, pip and virtualenv
DOCS="/tmp/traefik-docs"
mkdir "$DOCS"
virtualenv "$DOCS"
source "$DOCS/bin/activate"
pip install -r requirements.txt
mkdocs serve # or mkdocs build
```
docs/scripts/lint-yaml.sh
Executable
+48
View File
@@ -0,0 +1,48 @@
#!/bin/sh
# This script checks that YAML files with multiple Kubernetes resources
# do not start with '---'
#
# Rule: If a YAML file contains more than one Kubernetes resource
# (indicated by '---' separator in the middle of the file),
# it should NOT start with '---'
set -eu
BASE_DIR="${1:-/app}"
echo "== Linting YAML files (Kubernetes multi-resource format)"
# Find all YAML files in the content directory
find "${BASE_DIR}/content" -type f \( -name "*.yml" -o -name "*.yaml" \) | while read -r file; do
# Count the number of '---' lines in the file
separator_count=$(grep -c "^---" "$file" || true)
# Check if file starts with '---'
starts_with_separator=false
if head -1 "$file" | grep -q "^---"; then
starts_with_separator=true
fi
# If file has multiple resources (separator_count >= 1 when starting with ---, or >= 2 otherwise)
# and starts with '---', it's an error
#
# Logic:
# - If starts with '---' and has more than 1 separator -> multiple resources, error
# - If doesn't start with '---' and has 1+ separators -> multiple resources, ok
if [ "$starts_with_separator" = true ] && [ "$separator_count" -gt 1 ]; then
echo "ERROR: $file starts with '---' but contains multiple Kubernetes resources"
echo " Files with multiple resources should not start with '---'"
# We need to signal error but can't use EXIT_CODE in subshell
# So we output to a temp file
echo "1" > /tmp/yaml_lint_error
fi
done
# Check if any errors were found
if [ -f /tmp/yaml_lint_error ]; then
rm -f /tmp/yaml_lint_error
exit 1
fi
echo "YAML lint passed"
exit 0
docs/scripts/lint.sh
+8 -5
View File
@@ -1,4 +1,4 @@
#!/bin/sh
#!/bin/bash
# This script will run a couple of linter on the documentation
set -eu
@@ -6,14 +6,17 @@ set -eu
# We want to run all linters before returning success (exit 0) or failure (exit 1)
# So this variable holds the global exit code
EXIT_CODE=0
readonly BASE_DIR=/app
readonly BASE_DIR="${1:-/app}"
# Run YAML linter for Kubernetes multi-resource files
./docs/scripts/lint-yaml.sh "${BASE_DIR}" || EXIT_CODE=1
echo "== Linting Markdown"
# Uses the file ".markdownlint.json" for setup
cd "${BASE_DIR}" || exit 1
LINTER_EXCLUSIONS="$(find "${BASE_DIR}/content" -type f -name '.markdownlint.json')"
GLOBAL_LINT_OPTIONS="--config ${BASE_DIR}/.markdownlint.json"
LINTER_EXCLUSIONS="$(find "content" -type f -name '.markdownlint.json')"
GLOBAL_LINT_OPTIONS="--config .markdownlint.json"
# Lint the specific folders (containing linter specific rulesets)
for LINTER_EXCLUSION in ${LINTER_EXCLUSIONS}
@@ -24,6 +27,6 @@ do
done
# Lint all the content, excluding the previously done`
eval markdownlint "${GLOBAL_LINT_OPTIONS}" "${BASE_DIR}/content/**/*.md" || EXIT_CODE=1
eval markdownlint "${GLOBAL_LINT_OPTIONS}" "content/**/*.md" || EXIT_CODE=1
exit "${EXIT_CODE}"