controller/traefik/
middlewares_crd.rs

// WARNING: generated by kopium - manual changes will be overwritten
// kopium command: kopium -A --derive Default middlewares.traefik.io
// kopium version: 0.20.1

#[allow(unused_imports)]
mod prelude {
    pub use k8s_openapi::apimachinery::pkg::util::intstr::IntOrString;
    pub use kube::CustomResource;
    pub use schemars::JsonSchema;
    pub use serde::{Deserialize, Serialize};
    pub use std::collections::BTreeMap;
}
use self::prelude::*;

/// MiddlewareSpec defines the desired state of a Middleware.
#[derive(CustomResource, Serialize, Deserialize, Clone, Debug, Default, JsonSchema)]
#[kube(
    group = "traefik.io",
    version = "v1alpha1",
    kind = "Middleware",
    plural = "middlewares"
)]
#[kube(namespaced)]
#[kube(derive = "Default")]
pub struct MiddlewareSpec {
    /// AddPrefix holds the add prefix middleware configuration.
    /// This middleware updates the path of a request before forwarding it.
    /// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/addprefix/
    #[serde(default, skip_serializing_if = "Option::is_none", rename = "addPrefix")]
    pub add_prefix: Option<MiddlewareAddPrefix>,
    /// BasicAuth holds the basic auth middleware configuration.
    /// This middleware restricts access to your services to known users.
    /// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/
    #[serde(default, skip_serializing_if = "Option::is_none", rename = "basicAuth")]
    pub basic_auth: Option<MiddlewareBasicAuth>,
    /// Buffering holds the buffering middleware configuration.
    /// This middleware retries or limits the size of requests that can be forwarded to backends.
    /// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/buffering/#maxrequestbodybytes
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub buffering: Option<MiddlewareBuffering>,
    /// Chain holds the configuration of the chain middleware.
    /// This middleware enables to define reusable combinations of other pieces of middleware.
    /// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/chain/
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub chain: Option<MiddlewareChain>,
    /// CircuitBreaker holds the circuit breaker configuration.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "circuitBreaker"
    )]
    pub circuit_breaker: Option<MiddlewareCircuitBreaker>,
    /// Compress holds the compress middleware configuration.
    /// This middleware compresses responses before sending them to the client, using gzip compression.
    /// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/compress/
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub compress: Option<MiddlewareCompress>,
    /// ContentType holds the content-type middleware configuration.
    /// This middleware exists to enable the correct behavior until at least the default one can be changed in a future version.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "contentType"
    )]
    pub content_type: Option<MiddlewareContentType>,
    /// DigestAuth holds the digest auth middleware configuration.
    /// This middleware restricts access to your services to known users.
    /// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/digestauth/
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "digestAuth"
    )]
    pub digest_auth: Option<MiddlewareDigestAuth>,
    /// ErrorPage holds the custom error middleware configuration.
    /// This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes.
    /// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/errorpages/
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub errors: Option<MiddlewareErrors>,
    /// ForwardAuth holds the forward auth middleware configuration.
    /// This middleware delegates the request authentication to a Service.
    /// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/forwardauth/
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "forwardAuth"
    )]
    pub forward_auth: Option<MiddlewareForwardAuth>,
    /// GrpcWeb holds the gRPC web middleware configuration.
    /// This middleware converts a gRPC web request to an HTTP/2 gRPC request.
    #[serde(default, skip_serializing_if = "Option::is_none", rename = "grpcWeb")]
    pub grpc_web: Option<MiddlewareGrpcWeb>,
    /// Headers holds the headers middleware configuration.
    /// This middleware manages the requests and responses headers.
    /// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/headers/#customrequestheaders
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub headers: Option<MiddlewareHeaders>,
    /// InFlightReq holds the in-flight request middleware configuration.
    /// This middleware limits the number of requests being processed and served concurrently.
    /// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/inflightreq/
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "inFlightReq"
    )]
    pub in_flight_req: Option<MiddlewareInFlightReq>,
    /// IPAllowList holds the IP allowlist middleware configuration.
    /// This middleware accepts / refuses requests based on the client IP.
    /// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "ipAllowList"
    )]
    pub ip_allow_list: Option<MiddlewareIpAllowList>,
    /// Deprecated: please use IPAllowList instead.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "ipWhiteList"
    )]
    pub ip_white_list: Option<MiddlewareIpWhiteList>,
    /// PassTLSClientCert holds the pass TLS client cert middleware configuration.
    /// This middleware adds the selected data from the passed client TLS certificate to a header.
    /// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/passtlsclientcert/
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "passTLSClientCert"
    )]
    pub pass_tls_client_cert: Option<MiddlewarePassTlsClientCert>,
    /// Plugin defines the middleware plugin configuration.
    /// More info: https://doc.traefik.io/traefik/plugins/
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub plugin: Option<BTreeMap<String, serde_json::Value>>,
    /// RateLimit holds the rate limit configuration.
    /// This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is.
    /// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ratelimit/
    #[serde(default, skip_serializing_if = "Option::is_none", rename = "rateLimit")]
    pub rate_limit: Option<MiddlewareRateLimit>,
    /// RedirectRegex holds the redirect regex middleware configuration.
    /// This middleware redirects a request using regex matching and replacement.
    /// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/redirectregex/#regex
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "redirectRegex"
    )]
    pub redirect_regex: Option<MiddlewareRedirectRegex>,
    /// RedirectScheme holds the redirect scheme middleware configuration.
    /// This middleware redirects requests from a scheme/port to another.
    /// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/redirectscheme/
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "redirectScheme"
    )]
    pub redirect_scheme: Option<MiddlewareRedirectScheme>,
    /// ReplacePath holds the replace path middleware configuration.
    /// This middleware replaces the path of the request URL and store the original path in an X-Replaced-Path header.
    /// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/replacepath/
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "replacePath"
    )]
    pub replace_path: Option<MiddlewareReplacePath>,
    /// ReplacePathRegex holds the replace path regex middleware configuration.
    /// This middleware replaces the path of a URL using regex matching and replacement.
    /// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/replacepathregex/
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "replacePathRegex"
    )]
    pub replace_path_regex: Option<MiddlewareReplacePathRegex>,
    /// Retry holds the retry middleware configuration.
    /// This middleware reissues requests a given number of times to a backend server if that server does not reply.
    /// As soon as the server answers, the middleware stops retrying, regardless of the response status.
    /// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/retry/
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub retry: Option<MiddlewareRetry>,
    /// StripPrefix holds the strip prefix middleware configuration.
    /// This middleware removes the specified prefixes from the URL path.
    /// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/stripprefix/
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "stripPrefix"
    )]
    pub strip_prefix: Option<MiddlewareStripPrefix>,
    /// StripPrefixRegex holds the strip prefix regex middleware configuration.
    /// This middleware removes the matching prefixes from the URL path.
    /// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/stripprefixregex/
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "stripPrefixRegex"
    )]
    pub strip_prefix_regex: Option<MiddlewareStripPrefixRegex>,
}

/// AddPrefix holds the add prefix middleware configuration.
/// This middleware updates the path of a request before forwarding it.
/// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/addprefix/
#[derive(Serialize, Deserialize, Clone, Debug, Default, JsonSchema)]
pub struct MiddlewareAddPrefix {
    /// Prefix is the string to add before the current path in the requested URL.
    /// It should include a leading slash (/).
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub prefix: Option<String>,
}

/// BasicAuth holds the basic auth middleware configuration.
/// This middleware restricts access to your services to known users.
/// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/
#[derive(Serialize, Deserialize, Clone, Debug, Default, JsonSchema)]
pub struct MiddlewareBasicAuth {
    /// HeaderField defines a header field to store the authenticated user.
    /// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/#headerfield
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "headerField"
    )]
    pub header_field: Option<String>,
    /// Realm allows the protected resources on a server to be partitioned into a set of protection spaces, each with its own authentication scheme.
    /// Default: traefik.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub realm: Option<String>,
    /// RemoveHeader sets the removeHeader option to true to remove the authorization header before forwarding the request to your service.
    /// Default: false.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "removeHeader"
    )]
    pub remove_header: Option<bool>,
    /// Secret is the name of the referenced Kubernetes Secret containing user credentials.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub secret: Option<String>,
}

/// Buffering holds the buffering middleware configuration.
/// This middleware retries or limits the size of requests that can be forwarded to backends.
/// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/buffering/#maxrequestbodybytes
#[derive(Serialize, Deserialize, Clone, Debug, Default, JsonSchema)]
pub struct MiddlewareBuffering {
    /// MaxRequestBodyBytes defines the maximum allowed body size for the request (in bytes).
    /// If the request exceeds the allowed size, it is not forwarded to the service, and the client gets a 413 (Request Entity Too Large) response.
    /// Default: 0 (no maximum).
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "maxRequestBodyBytes"
    )]
    pub max_request_body_bytes: Option<i64>,
    /// MaxResponseBodyBytes defines the maximum allowed response size from the service (in bytes).
    /// If the response exceeds the allowed size, it is not forwarded to the client. The client gets a 500 (Internal Server Error) response instead.
    /// Default: 0 (no maximum).
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "maxResponseBodyBytes"
    )]
    pub max_response_body_bytes: Option<i64>,
    /// MemRequestBodyBytes defines the threshold (in bytes) from which the request will be buffered on disk instead of in memory.
    /// Default: 1048576 (1Mi).
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "memRequestBodyBytes"
    )]
    pub mem_request_body_bytes: Option<i64>,
    /// MemResponseBodyBytes defines the threshold (in bytes) from which the response will be buffered on disk instead of in memory.
    /// Default: 1048576 (1Mi).
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "memResponseBodyBytes"
    )]
    pub mem_response_body_bytes: Option<i64>,
    /// RetryExpression defines the retry conditions.
    /// It is a logical combination of functions with operators AND (&&) and OR (||).
    /// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/buffering/#retryexpression
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "retryExpression"
    )]
    pub retry_expression: Option<String>,
}

/// Chain holds the configuration of the chain middleware.
/// This middleware enables to define reusable combinations of other pieces of middleware.
/// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/chain/
#[derive(Serialize, Deserialize, Clone, Debug, Default, JsonSchema)]
pub struct MiddlewareChain {
    /// Middlewares is the list of MiddlewareRef which composes the chain.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub middlewares: Option<Vec<MiddlewareChainMiddlewares>>,
}

/// MiddlewareRef is a reference to a Middleware resource.
#[derive(Serialize, Deserialize, Clone, Debug, Default, JsonSchema)]
pub struct MiddlewareChainMiddlewares {
    /// Name defines the name of the referenced Middleware resource.
    pub name: String,
    /// Namespace defines the namespace of the referenced Middleware resource.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub namespace: Option<String>,
}

/// CircuitBreaker holds the circuit breaker configuration.
#[derive(Serialize, Deserialize, Clone, Debug, Default, JsonSchema)]
pub struct MiddlewareCircuitBreaker {
    /// CheckPeriod is the interval between successive checks of the circuit breaker condition (when in standby state).
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "checkPeriod"
    )]
    pub check_period: Option<IntOrString>,
    /// Expression is the condition that triggers the tripped state.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub expression: Option<String>,
    /// FallbackDuration is the duration for which the circuit breaker will wait before trying to recover (from a tripped state).
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "fallbackDuration"
    )]
    pub fallback_duration: Option<IntOrString>,
    /// RecoveryDuration is the duration for which the circuit breaker will try to recover (as soon as it is in recovering state).
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "recoveryDuration"
    )]
    pub recovery_duration: Option<IntOrString>,
}

/// Compress holds the compress middleware configuration.
/// This middleware compresses responses before sending them to the client, using gzip compression.
/// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/compress/
#[derive(Serialize, Deserialize, Clone, Debug, Default, JsonSchema)]
pub struct MiddlewareCompress {
    /// ExcludedContentTypes defines the list of content types to compare the Content-Type header of the incoming requests and responses before compressing.
    /// `application/grpc` is always excluded.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "excludedContentTypes"
    )]
    pub excluded_content_types: Option<Vec<String>>,
    /// IncludedContentTypes defines the list of content types to compare the Content-Type header of the responses before compressing.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "includedContentTypes"
    )]
    pub included_content_types: Option<Vec<String>>,
    /// MinResponseBodyBytes defines the minimum amount of bytes a response body must have to be compressed.
    /// Default: 1024.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "minResponseBodyBytes"
    )]
    pub min_response_body_bytes: Option<i64>,
}

/// ContentType holds the content-type middleware configuration.
/// This middleware exists to enable the correct behavior until at least the default one can be changed in a future version.
#[derive(Serialize, Deserialize, Clone, Debug, Default, JsonSchema)]
pub struct MiddlewareContentType {
    /// AutoDetect specifies whether to let the `Content-Type` header, if it has not been set by the backend,
    /// be automatically set to a value derived from the contents of the response.
    /// Deprecated: AutoDetect option is deprecated, Content-Type middleware is only meant to be used to enable the content-type detection, please remove any usage of this option.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "autoDetect"
    )]
    pub auto_detect: Option<bool>,
}

/// DigestAuth holds the digest auth middleware configuration.
/// This middleware restricts access to your services to known users.
/// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/digestauth/
#[derive(Serialize, Deserialize, Clone, Debug, Default, JsonSchema)]
pub struct MiddlewareDigestAuth {
    /// HeaderField defines a header field to store the authenticated user.
    /// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/#headerfield
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "headerField"
    )]
    pub header_field: Option<String>,
    /// Realm allows the protected resources on a server to be partitioned into a set of protection spaces, each with its own authentication scheme.
    /// Default: traefik.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub realm: Option<String>,
    /// RemoveHeader defines whether to remove the authorization header before forwarding the request to the backend.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "removeHeader"
    )]
    pub remove_header: Option<bool>,
    /// Secret is the name of the referenced Kubernetes Secret containing user credentials.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub secret: Option<String>,
}

/// ErrorPage holds the custom error middleware configuration.
/// This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes.
/// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/errorpages/
#[derive(Serialize, Deserialize, Clone, Debug, Default, JsonSchema)]
pub struct MiddlewareErrors {
    /// Query defines the URL for the error page (hosted by service).
    /// The {status} variable can be used in order to insert the status code in the URL.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub query: Option<String>,
    /// Service defines the reference to a Kubernetes Service that will serve the error page.
    /// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/errorpages/#service
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub service: Option<MiddlewareErrorsService>,
    /// Status defines which status or range of statuses should result in an error page.
    /// It can be either a status code as a number (500),
    /// as multiple comma-separated numbers (500,502),
    /// as ranges by separating two codes with a dash (500-599),
    /// or a combination of the two (404,418,500-599).
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub status: Option<Vec<String>>,
}

/// Service defines the reference to a Kubernetes Service that will serve the error page.
/// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/errorpages/#service
#[derive(Serialize, Deserialize, Clone, Debug, Default, JsonSchema)]
pub struct MiddlewareErrorsService {
    /// Kind defines the kind of the Service.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub kind: Option<MiddlewareErrorsServiceKind>,
    /// Name defines the name of the referenced Kubernetes Service or TraefikService.
    /// The differentiation between the two is specified in the Kind field.
    pub name: String,
    /// Namespace defines the namespace of the referenced Kubernetes Service or TraefikService.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub namespace: Option<String>,
    /// NativeLB controls, when creating the load-balancer,
    /// whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
    /// The Kubernetes Service itself does load-balance to the pods.
    /// By default, NativeLB is false.
    #[serde(default, skip_serializing_if = "Option::is_none", rename = "nativeLB")]
    pub native_lb: Option<bool>,
    /// PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service.
    /// By default, passHostHeader is true.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "passHostHeader"
    )]
    pub pass_host_header: Option<bool>,
    /// Port defines the port of a Kubernetes Service.
    /// This can be a reference to a named port.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub port: Option<IntOrString>,
    /// ResponseForwarding defines how Traefik forwards the response from the upstream Kubernetes Service to the client.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "responseForwarding"
    )]
    pub response_forwarding: Option<MiddlewareErrorsServiceResponseForwarding>,
    /// Scheme defines the scheme to use for the request to the upstream Kubernetes Service.
    /// It defaults to https when Kubernetes Service port is 443, http otherwise.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub scheme: Option<String>,
    /// ServersTransport defines the name of ServersTransport resource to use.
    /// It allows to configure the transport between Traefik and your servers.
    /// Can only be used on a Kubernetes Service.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "serversTransport"
    )]
    pub servers_transport: Option<String>,
    /// Sticky defines the sticky sessions configuration.
    /// More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub sticky: Option<MiddlewareErrorsServiceSticky>,
    /// Strategy defines the load balancing strategy between the servers.
    /// RoundRobin is the only supported value at the moment.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub strategy: Option<String>,
    /// Weight defines the weight and should only be specified when Name references a TraefikService object
    /// (and to be precise, one that embeds a Weighted Round Robin).
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub weight: Option<i64>,
}

/// Service defines the reference to a Kubernetes Service that will serve the error page.
/// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/errorpages/#service
#[derive(Serialize, Deserialize, Clone, Debug, JsonSchema)]
pub enum MiddlewareErrorsServiceKind {
    Service,
    TraefikService,
}

/// ResponseForwarding defines how Traefik forwards the response from the upstream Kubernetes Service to the client.
#[derive(Serialize, Deserialize, Clone, Debug, Default, JsonSchema)]
pub struct MiddlewareErrorsServiceResponseForwarding {
    /// FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body.
    /// A negative value means to flush immediately after each write to the client.
    /// This configuration is ignored when ReverseProxy recognizes a response as a streaming response;
    /// for such responses, writes are flushed to the client immediately.
    /// Default: 100ms
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "flushInterval"
    )]
    pub flush_interval: Option<String>,
}

/// Sticky defines the sticky sessions configuration.
/// More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions
#[derive(Serialize, Deserialize, Clone, Debug, Default, JsonSchema)]
pub struct MiddlewareErrorsServiceSticky {
    /// Cookie defines the sticky cookie configuration.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub cookie: Option<MiddlewareErrorsServiceStickyCookie>,
}

/// Cookie defines the sticky cookie configuration.
#[derive(Serialize, Deserialize, Clone, Debug, Default, JsonSchema)]
pub struct MiddlewareErrorsServiceStickyCookie {
    /// HTTPOnly defines whether the cookie can be accessed by client-side APIs, such as JavaScript.
    #[serde(default, skip_serializing_if = "Option::is_none", rename = "httpOnly")]
    pub http_only: Option<bool>,
    /// MaxAge indicates the number of seconds until the cookie expires.
    /// When set to a negative number, the cookie expires immediately.
    /// When set to zero, the cookie never expires.
    #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxAge")]
    pub max_age: Option<i64>,
    /// Name defines the Cookie name.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub name: Option<String>,
    /// SameSite defines the same site policy.
    /// More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
    #[serde(default, skip_serializing_if = "Option::is_none", rename = "sameSite")]
    pub same_site: Option<String>,
    /// Secure defines whether the cookie can only be transmitted over an encrypted connection (i.e. HTTPS).
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub secure: Option<bool>,
}

/// ForwardAuth holds the forward auth middleware configuration.
/// This middleware delegates the request authentication to a Service.
/// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/forwardauth/
#[derive(Serialize, Deserialize, Clone, Debug, Default, JsonSchema)]
pub struct MiddlewareForwardAuth {
    /// AddAuthCookiesToResponse defines the list of cookies to copy from the authentication server response to the response.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "addAuthCookiesToResponse"
    )]
    pub add_auth_cookies_to_response: Option<Vec<String>>,
    /// Address defines the authentication server address.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub address: Option<String>,
    /// AuthRequestHeaders defines the list of the headers to copy from the request to the authentication server.
    /// If not set or empty then all request headers are passed.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "authRequestHeaders"
    )]
    pub auth_request_headers: Option<Vec<String>>,
    /// AuthResponseHeaders defines the list of headers to copy from the authentication server response and set on forwarded request, replacing any existing conflicting headers.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "authResponseHeaders"
    )]
    pub auth_response_headers: Option<Vec<String>>,
    /// AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex.
    /// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/forwardauth/#authresponseheadersregex
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "authResponseHeadersRegex"
    )]
    pub auth_response_headers_regex: Option<String>,
    /// TLS defines the configuration used to secure the connection to the authentication server.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub tls: Option<MiddlewareForwardAuthTls>,
    /// TrustForwardHeader defines whether to trust (ie: forward) all X-Forwarded-* headers.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "trustForwardHeader"
    )]
    pub trust_forward_header: Option<bool>,
}

/// TLS defines the configuration used to secure the connection to the authentication server.
#[derive(Serialize, Deserialize, Clone, Debug, Default, JsonSchema)]
pub struct MiddlewareForwardAuthTls {
    /// Deprecated: TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634).
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "caOptional"
    )]
    pub ca_optional: Option<bool>,
    /// CASecret is the name of the referenced Kubernetes Secret containing the CA to validate the server certificate.
    /// The CA certificate is extracted from key `tls.ca` or `ca.crt`.
    #[serde(default, skip_serializing_if = "Option::is_none", rename = "caSecret")]
    pub ca_secret: Option<String>,
    /// CertSecret is the name of the referenced Kubernetes Secret containing the client certificate.
    /// The client certificate is extracted from the keys `tls.crt` and `tls.key`.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "certSecret"
    )]
    pub cert_secret: Option<String>,
    /// InsecureSkipVerify defines whether the server certificates should be validated.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "insecureSkipVerify"
    )]
    pub insecure_skip_verify: Option<bool>,
}

/// GrpcWeb holds the gRPC web middleware configuration.
/// This middleware converts a gRPC web request to an HTTP/2 gRPC request.
#[derive(Serialize, Deserialize, Clone, Debug, Default, JsonSchema)]
pub struct MiddlewareGrpcWeb {
    /// AllowOrigins is a list of allowable origins.
    /// Can also be a wildcard origin "*".
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "allowOrigins"
    )]
    pub allow_origins: Option<Vec<String>>,
}

/// Headers holds the headers middleware configuration.
/// This middleware manages the requests and responses headers.
/// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/headers/#customrequestheaders
#[derive(Serialize, Deserialize, Clone, Debug, Default, JsonSchema)]
pub struct MiddlewareHeaders {
    /// AccessControlAllowCredentials defines whether the request can include user credentials.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "accessControlAllowCredentials"
    )]
    pub access_control_allow_credentials: Option<bool>,
    /// AccessControlAllowHeaders defines the Access-Control-Request-Headers values sent in preflight response.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "accessControlAllowHeaders"
    )]
    pub access_control_allow_headers: Option<Vec<String>>,
    /// AccessControlAllowMethods defines the Access-Control-Request-Method values sent in preflight response.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "accessControlAllowMethods"
    )]
    pub access_control_allow_methods: Option<Vec<String>>,
    /// AccessControlAllowOriginList is a list of allowable origins. Can also be a wildcard origin "*".
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "accessControlAllowOriginList"
    )]
    pub access_control_allow_origin_list: Option<Vec<String>>,
    /// AccessControlAllowOriginListRegex is a list of allowable origins written following the Regular Expression syntax (https://golang.org/pkg/regexp/).
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "accessControlAllowOriginListRegex"
    )]
    pub access_control_allow_origin_list_regex: Option<Vec<String>>,
    /// AccessControlExposeHeaders defines the Access-Control-Expose-Headers values sent in preflight response.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "accessControlExposeHeaders"
    )]
    pub access_control_expose_headers: Option<Vec<String>>,
    /// AccessControlMaxAge defines the time that a preflight request may be cached.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "accessControlMaxAge"
    )]
    pub access_control_max_age: Option<i64>,
    /// AddVaryHeader defines whether the Vary header is automatically added/updated when the AccessControlAllowOriginList is set.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "addVaryHeader"
    )]
    pub add_vary_header: Option<bool>,
    /// AllowedHosts defines the fully qualified list of allowed domain names.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "allowedHosts"
    )]
    pub allowed_hosts: Option<Vec<String>>,
    /// BrowserXSSFilter defines whether to add the X-XSS-Protection header with the value 1; mode=block.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "browserXssFilter"
    )]
    pub browser_xss_filter: Option<bool>,
    /// ContentSecurityPolicy defines the Content-Security-Policy header value.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "contentSecurityPolicy"
    )]
    pub content_security_policy: Option<String>,
    /// ContentTypeNosniff defines whether to add the X-Content-Type-Options header with the nosniff value.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "contentTypeNosniff"
    )]
    pub content_type_nosniff: Option<bool>,
    /// CustomBrowserXSSValue defines the X-XSS-Protection header value.
    /// This overrides the BrowserXssFilter option.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "customBrowserXSSValue"
    )]
    pub custom_browser_xss_value: Option<String>,
    /// CustomFrameOptionsValue defines the X-Frame-Options header value.
    /// This overrides the FrameDeny option.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "customFrameOptionsValue"
    )]
    pub custom_frame_options_value: Option<String>,
    /// CustomRequestHeaders defines the header names and values to apply to the request.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "customRequestHeaders"
    )]
    pub custom_request_headers: Option<BTreeMap<String, String>>,
    /// CustomResponseHeaders defines the header names and values to apply to the response.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "customResponseHeaders"
    )]
    pub custom_response_headers: Option<BTreeMap<String, String>>,
    /// Deprecated: FeaturePolicy option is deprecated, please use PermissionsPolicy instead.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "featurePolicy"
    )]
    pub feature_policy: Option<String>,
    /// ForceSTSHeader defines whether to add the STS header even when the connection is HTTP.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "forceSTSHeader"
    )]
    pub force_sts_header: Option<bool>,
    /// FrameDeny defines whether to add the X-Frame-Options header with the DENY value.
    #[serde(default, skip_serializing_if = "Option::is_none", rename = "frameDeny")]
    pub frame_deny: Option<bool>,
    /// HostsProxyHeaders defines the header keys that may hold a proxied hostname value for the request.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "hostsProxyHeaders"
    )]
    pub hosts_proxy_headers: Option<Vec<String>>,
    /// IsDevelopment defines whether to mitigate the unwanted effects of the AllowedHosts, SSL, and STS options when developing.
    /// Usually testing takes place using HTTP, not HTTPS, and on localhost, not your production domain.
    /// If you would like your development environment to mimic production with complete Host blocking, SSL redirects,
    /// and STS headers, leave this as false.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "isDevelopment"
    )]
    pub is_development: Option<bool>,
    /// PermissionsPolicy defines the Permissions-Policy header value.
    /// This allows sites to control browser features.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "permissionsPolicy"
    )]
    pub permissions_policy: Option<String>,
    /// PublicKey is the public key that implements HPKP to prevent MITM attacks with forged certificates.
    #[serde(default, skip_serializing_if = "Option::is_none", rename = "publicKey")]
    pub public_key: Option<String>,
    /// ReferrerPolicy defines the Referrer-Policy header value.
    /// This allows sites to control whether browsers forward the Referer header to other sites.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "referrerPolicy"
    )]
    pub referrer_policy: Option<String>,
    /// Deprecated: SSLForceHost option is deprecated, please use RedirectRegex instead.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "sslForceHost"
    )]
    pub ssl_force_host: Option<bool>,
    /// Deprecated: SSLHost option is deprecated, please use RedirectRegex instead.
    #[serde(default, skip_serializing_if = "Option::is_none", rename = "sslHost")]
    pub ssl_host: Option<String>,
    /// SSLProxyHeaders defines the header keys with associated values that would indicate a valid HTTPS request.
    /// It can be useful when using other proxies (example: "X-Forwarded-Proto": "https").
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "sslProxyHeaders"
    )]
    pub ssl_proxy_headers: Option<BTreeMap<String, String>>,
    /// Deprecated: SSLRedirect option is deprecated, please use EntryPoint redirection or RedirectScheme instead.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "sslRedirect"
    )]
    pub ssl_redirect: Option<bool>,
    /// Deprecated: SSLTemporaryRedirect option is deprecated, please use EntryPoint redirection or RedirectScheme instead.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "sslTemporaryRedirect"
    )]
    pub ssl_temporary_redirect: Option<bool>,
    /// STSIncludeSubdomains defines whether the includeSubDomains directive is appended to the Strict-Transport-Security header.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "stsIncludeSubdomains"
    )]
    pub sts_include_subdomains: Option<bool>,
    /// STSPreload defines whether the preload flag is appended to the Strict-Transport-Security header.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "stsPreload"
    )]
    pub sts_preload: Option<bool>,
    /// STSSeconds defines the max-age of the Strict-Transport-Security header.
    /// If set to 0, the header is not set.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "stsSeconds"
    )]
    pub sts_seconds: Option<i64>,
}

/// InFlightReq holds the in-flight request middleware configuration.
/// This middleware limits the number of requests being processed and served concurrently.
/// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/inflightreq/
#[derive(Serialize, Deserialize, Clone, Debug, Default, JsonSchema)]
pub struct MiddlewareInFlightReq {
    /// Amount defines the maximum amount of allowed simultaneous in-flight request.
    /// The middleware responds with HTTP 429 Too Many Requests if there are already amount requests in progress (based on the same sourceCriterion strategy).
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub amount: Option<i64>,
    /// SourceCriterion defines what criterion is used to group requests as originating from a common source.
    /// If several strategies are defined at the same time, an error will be raised.
    /// If none are set, the default is to use the requestHost.
    /// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/inflightreq/#sourcecriterion
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "sourceCriterion"
    )]
    pub source_criterion: Option<MiddlewareInFlightReqSourceCriterion>,
}

/// SourceCriterion defines what criterion is used to group requests as originating from a common source.
/// If several strategies are defined at the same time, an error will be raised.
/// If none are set, the default is to use the requestHost.
/// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/inflightreq/#sourcecriterion
#[derive(Serialize, Deserialize, Clone, Debug, Default, JsonSchema)]
pub struct MiddlewareInFlightReqSourceCriterion {
    /// IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
    /// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "ipStrategy"
    )]
    pub ip_strategy: Option<MiddlewareInFlightReqSourceCriterionIpStrategy>,
    /// RequestHeaderName defines the name of the header used to group incoming requests.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "requestHeaderName"
    )]
    pub request_header_name: Option<String>,
    /// RequestHost defines whether to consider the request Host as the source.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "requestHost"
    )]
    pub request_host: Option<bool>,
}

/// IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
/// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy
#[derive(Serialize, Deserialize, Clone, Debug, Default, JsonSchema)]
pub struct MiddlewareInFlightReqSourceCriterionIpStrategy {
    /// Depth tells Traefik to use the X-Forwarded-For header and take the IP located at the depth position (starting from the right).
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub depth: Option<i64>,
    /// ExcludedIPs configures Traefik to scan the X-Forwarded-For header and select the first IP not in the list.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "excludedIPs"
    )]
    pub excluded_i_ps: Option<Vec<String>>,
}

/// IPAllowList holds the IP allowlist middleware configuration.
/// This middleware accepts / refuses requests based on the client IP.
/// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/
#[derive(Serialize, Deserialize, Clone, Debug, Default, JsonSchema)]
pub struct MiddlewareIpAllowList {
    /// IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
    /// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "ipStrategy"
    )]
    pub ip_strategy: Option<MiddlewareIpAllowListIpStrategy>,
    /// RejectStatusCode defines the HTTP status code used for refused requests.
    /// If not set, the default is 403 (Forbidden).
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "rejectStatusCode"
    )]
    pub reject_status_code: Option<i64>,
    /// SourceRange defines the set of allowed IPs (or ranges of allowed IPs by using CIDR notation).
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "sourceRange"
    )]
    pub source_range: Option<Vec<String>>,
}

/// IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
/// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy
#[derive(Serialize, Deserialize, Clone, Debug, Default, JsonSchema)]
pub struct MiddlewareIpAllowListIpStrategy {
    /// Depth tells Traefik to use the X-Forwarded-For header and take the IP located at the depth position (starting from the right).
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub depth: Option<i64>,
    /// ExcludedIPs configures Traefik to scan the X-Forwarded-For header and select the first IP not in the list.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "excludedIPs"
    )]
    pub excluded_i_ps: Option<Vec<String>>,
}

/// Deprecated: please use IPAllowList instead.
#[derive(Serialize, Deserialize, Clone, Debug, Default, JsonSchema)]
pub struct MiddlewareIpWhiteList {
    /// IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
    /// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "ipStrategy"
    )]
    pub ip_strategy: Option<MiddlewareIpWhiteListIpStrategy>,
    /// SourceRange defines the set of allowed IPs (or ranges of allowed IPs by using CIDR notation).
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "sourceRange"
    )]
    pub source_range: Option<Vec<String>>,
}

/// IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
/// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy
#[derive(Serialize, Deserialize, Clone, Debug, Default, JsonSchema)]
pub struct MiddlewareIpWhiteListIpStrategy {
    /// Depth tells Traefik to use the X-Forwarded-For header and take the IP located at the depth position (starting from the right).
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub depth: Option<i64>,
    /// ExcludedIPs configures Traefik to scan the X-Forwarded-For header and select the first IP not in the list.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "excludedIPs"
    )]
    pub excluded_i_ps: Option<Vec<String>>,
}

/// PassTLSClientCert holds the pass TLS client cert middleware configuration.
/// This middleware adds the selected data from the passed client TLS certificate to a header.
/// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/passtlsclientcert/
#[derive(Serialize, Deserialize, Clone, Debug, Default, JsonSchema)]
pub struct MiddlewarePassTlsClientCert {
    /// Info selects the specific client certificate details you want to add to the X-Forwarded-Tls-Client-Cert-Info header.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub info: Option<MiddlewarePassTlsClientCertInfo>,
    /// PEM sets the X-Forwarded-Tls-Client-Cert header with the certificate.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub pem: Option<bool>,
}

/// Info selects the specific client certificate details you want to add to the X-Forwarded-Tls-Client-Cert-Info header.
#[derive(Serialize, Deserialize, Clone, Debug, Default, JsonSchema)]
pub struct MiddlewarePassTlsClientCertInfo {
    /// Issuer defines the client certificate issuer details to add to the X-Forwarded-Tls-Client-Cert-Info header.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub issuer: Option<MiddlewarePassTlsClientCertInfoIssuer>,
    /// NotAfter defines whether to add the Not After information from the Validity part.
    #[serde(default, skip_serializing_if = "Option::is_none", rename = "notAfter")]
    pub not_after: Option<bool>,
    /// NotBefore defines whether to add the Not Before information from the Validity part.
    #[serde(default, skip_serializing_if = "Option::is_none", rename = "notBefore")]
    pub not_before: Option<bool>,
    /// Sans defines whether to add the Subject Alternative Name information from the Subject Alternative Name part.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub sans: Option<bool>,
    /// SerialNumber defines whether to add the client serialNumber information.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "serialNumber"
    )]
    pub serial_number: Option<bool>,
    /// Subject defines the client certificate subject details to add to the X-Forwarded-Tls-Client-Cert-Info header.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub subject: Option<MiddlewarePassTlsClientCertInfoSubject>,
}

/// Issuer defines the client certificate issuer details to add to the X-Forwarded-Tls-Client-Cert-Info header.
#[derive(Serialize, Deserialize, Clone, Debug, Default, JsonSchema)]
pub struct MiddlewarePassTlsClientCertInfoIssuer {
    /// CommonName defines whether to add the organizationalUnit information into the issuer.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "commonName"
    )]
    pub common_name: Option<bool>,
    /// Country defines whether to add the country information into the issuer.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub country: Option<bool>,
    /// DomainComponent defines whether to add the domainComponent information into the issuer.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "domainComponent"
    )]
    pub domain_component: Option<bool>,
    /// Locality defines whether to add the locality information into the issuer.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub locality: Option<bool>,
    /// Organization defines whether to add the organization information into the issuer.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub organization: Option<bool>,
    /// Province defines whether to add the province information into the issuer.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub province: Option<bool>,
    /// SerialNumber defines whether to add the serialNumber information into the issuer.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "serialNumber"
    )]
    pub serial_number: Option<bool>,
}

/// Subject defines the client certificate subject details to add to the X-Forwarded-Tls-Client-Cert-Info header.
#[derive(Serialize, Deserialize, Clone, Debug, Default, JsonSchema)]
pub struct MiddlewarePassTlsClientCertInfoSubject {
    /// CommonName defines whether to add the organizationalUnit information into the subject.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "commonName"
    )]
    pub common_name: Option<bool>,
    /// Country defines whether to add the country information into the subject.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub country: Option<bool>,
    /// DomainComponent defines whether to add the domainComponent information into the subject.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "domainComponent"
    )]
    pub domain_component: Option<bool>,
    /// Locality defines whether to add the locality information into the subject.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub locality: Option<bool>,
    /// Organization defines whether to add the organization information into the subject.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub organization: Option<bool>,
    /// OrganizationalUnit defines whether to add the organizationalUnit information into the subject.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "organizationalUnit"
    )]
    pub organizational_unit: Option<bool>,
    /// Province defines whether to add the province information into the subject.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub province: Option<bool>,
    /// SerialNumber defines whether to add the serialNumber information into the subject.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "serialNumber"
    )]
    pub serial_number: Option<bool>,
}

/// RateLimit holds the rate limit configuration.
/// This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is.
/// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ratelimit/
#[derive(Serialize, Deserialize, Clone, Debug, Default, JsonSchema)]
pub struct MiddlewareRateLimit {
    /// Average is the maximum rate, by default in requests/s, allowed for the given source.
    /// It defaults to 0, which means no rate limiting.
    /// The rate is actually defined by dividing Average by Period. So for a rate below 1req/s,
    /// one needs to define a Period larger than a second.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub average: Option<i64>,
    /// Burst is the maximum number of requests allowed to arrive in the same arbitrarily small period of time.
    /// It defaults to 1.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub burst: Option<i64>,
    /// Period, in combination with Average, defines the actual maximum rate, such as:
    /// r = Average / Period. It defaults to a second.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub period: Option<IntOrString>,
    /// SourceCriterion defines what criterion is used to group requests as originating from a common source.
    /// If several strategies are defined at the same time, an error will be raised.
    /// If none are set, the default is to use the request's remote address field (as an ipStrategy).
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "sourceCriterion"
    )]
    pub source_criterion: Option<MiddlewareRateLimitSourceCriterion>,
}

/// SourceCriterion defines what criterion is used to group requests as originating from a common source.
/// If several strategies are defined at the same time, an error will be raised.
/// If none are set, the default is to use the request's remote address field (as an ipStrategy).
#[derive(Serialize, Deserialize, Clone, Debug, Default, JsonSchema)]
pub struct MiddlewareRateLimitSourceCriterion {
    /// IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
    /// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "ipStrategy"
    )]
    pub ip_strategy: Option<MiddlewareRateLimitSourceCriterionIpStrategy>,
    /// RequestHeaderName defines the name of the header used to group incoming requests.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "requestHeaderName"
    )]
    pub request_header_name: Option<String>,
    /// RequestHost defines whether to consider the request Host as the source.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "requestHost"
    )]
    pub request_host: Option<bool>,
}

/// IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
/// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy
#[derive(Serialize, Deserialize, Clone, Debug, Default, JsonSchema)]
pub struct MiddlewareRateLimitSourceCriterionIpStrategy {
    /// Depth tells Traefik to use the X-Forwarded-For header and take the IP located at the depth position (starting from the right).
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub depth: Option<i64>,
    /// ExcludedIPs configures Traefik to scan the X-Forwarded-For header and select the first IP not in the list.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "excludedIPs"
    )]
    pub excluded_i_ps: Option<Vec<String>>,
}

/// RedirectRegex holds the redirect regex middleware configuration.
/// This middleware redirects a request using regex matching and replacement.
/// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/redirectregex/#regex
#[derive(Serialize, Deserialize, Clone, Debug, Default, JsonSchema)]
pub struct MiddlewareRedirectRegex {
    /// Permanent defines whether the redirection is permanent (301).
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub permanent: Option<bool>,
    /// Regex defines the regex used to match and capture elements from the request URL.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub regex: Option<String>,
    /// Replacement defines how to modify the URL to have the new target URL.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub replacement: Option<String>,
}

/// RedirectScheme holds the redirect scheme middleware configuration.
/// This middleware redirects requests from a scheme/port to another.
/// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/redirectscheme/
#[derive(Serialize, Deserialize, Clone, Debug, Default, JsonSchema)]
pub struct MiddlewareRedirectScheme {
    /// Permanent defines whether the redirection is permanent (301).
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub permanent: Option<bool>,
    /// Port defines the port of the new URL.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub port: Option<String>,
    /// Scheme defines the scheme of the new URL.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub scheme: Option<String>,
}

/// ReplacePath holds the replace path middleware configuration.
/// This middleware replaces the path of the request URL and store the original path in an X-Replaced-Path header.
/// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/replacepath/
#[derive(Serialize, Deserialize, Clone, Debug, Default, JsonSchema)]
pub struct MiddlewareReplacePath {
    /// Path defines the path to use as replacement in the request URL.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub path: Option<String>,
}

/// ReplacePathRegex holds the replace path regex middleware configuration.
/// This middleware replaces the path of a URL using regex matching and replacement.
/// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/replacepathregex/
#[derive(Serialize, Deserialize, Clone, Debug, Default, JsonSchema)]
pub struct MiddlewareReplacePathRegex {
    /// Regex defines the regular expression used to match and capture the path from the request URL.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub regex: Option<String>,
    /// Replacement defines the replacement path format, which can include captured variables.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub replacement: Option<String>,
}

/// Retry holds the retry middleware configuration.
/// This middleware reissues requests a given number of times to a backend server if that server does not reply.
/// As soon as the server answers, the middleware stops retrying, regardless of the response status.
/// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/retry/
#[derive(Serialize, Deserialize, Clone, Debug, Default, JsonSchema)]
pub struct MiddlewareRetry {
    /// Attempts defines how many times the request should be retried.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub attempts: Option<i64>,
    /// InitialInterval defines the first wait time in the exponential backoff series.
    /// The maximum interval is calculated as twice the initialInterval.
    /// If unspecified, requests will be retried immediately.
    /// The value of initialInterval should be provided in seconds or as a valid duration format,
    /// see https://pkg.go.dev/time#ParseDuration.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "initialInterval"
    )]
    pub initial_interval: Option<IntOrString>,
}

/// StripPrefix holds the strip prefix middleware configuration.
/// This middleware removes the specified prefixes from the URL path.
/// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/stripprefix/
#[derive(Serialize, Deserialize, Clone, Debug, Default, JsonSchema)]
pub struct MiddlewareStripPrefix {
    /// Deprecated: ForceSlash option is deprecated, please remove any usage of this option.
    /// ForceSlash ensures that the resulting stripped path is not the empty string, by replacing it with / when necessary.
    /// Default: true.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "forceSlash"
    )]
    pub force_slash: Option<bool>,
    /// Prefixes defines the prefixes to strip from the request URL.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub prefixes: Option<Vec<String>>,
}

/// StripPrefixRegex holds the strip prefix regex middleware configuration.
/// This middleware removes the matching prefixes from the URL path.
/// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/stripprefixregex/
#[derive(Serialize, Deserialize, Clone, Debug, Default, JsonSchema)]
pub struct MiddlewareStripPrefixRegex {
    /// Regex defines the regular expression to match the path prefix from the request URL.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub regex: Option<Vec<String>>,
}
controller/traefik/middlewares_crd.rs

controller/traefik/
middlewares_crd.rs
