SW/traefik
2
0
Fork 1
forked from Ivasoft/traefik
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: SW:v2.3.2
Branches Tags
SW:master SW:v2.9 SW:v1.5 SW:v1.4 SW:v3.0 SW:v2.8 SW:v1.6 SW:v1.7 SW:v2.0 SW:v2.1 SW:v2.2 SW:v2.7 SW:v2.6 SW:v2.3 SW:v2.4 SW:v2.5 SW:v1.0 SW:v1.1 SW:v1.2 SW:v1.3 SW:gh-pages
SW:v2.9.6-1 SW:v3.0.0-beta2 SW:v2.9.6 SW:v3.0.0-beta1 SW:v2.9.5 SW:v2.9.4 SW:v2.9.3 SW:v2.9.2 SW:v2.9.1 SW:v2.9.0-rc5 SW:v2.8.8 SW:v2.8.7 SW:v2.9.0-rc4 SW:v2.8.6 SW:v2.9.0-rc3 SW:v2.9.0-rc2 SW:v2.9.0-rc1 SW:v2.8.5 SW:v2.8.4 SW:v2.8.3 SW:v2.8.2 SW:v2.8.1 SW:v2.8.0 SW:v2.7.3 SW:v2.8.0-rc2 SW:v2.7.2 SW:v2.8.0-rc1 SW:v2.7.1 SW:v2.7.0 SW:v2.6.7 SW:v2.6.6 SW:v2.6.5 SW:v2.6.4 SW:v2.7.0-rc2 SW:v2.6.3 SW:v2.7.0-rc1 SW:v2.6.2 SW:v2.6.1 SW:v2.6.0 SW:v2.6.0-rc3 SW:v2.5.7 SW:v2.6.0-rc2 SW:v2.5.6 SW:v2.6.0-rc1 SW:v1.7.34 SW:v2.5.5 SW:v2.5.4 SW:v1.7.33 SW:v1.7.32 SW:v1.7.31 SW:v2.5.3 SW:v2.5.2 SW:v2.5.1 SW:v2.5.0 SW:v2.4.14 SW:v2.5.0-rc6 SW:v2.5.0-rc5 SW:v2.5.0-rc4 SW:v2.4.13 SW:v2.4.12 SW:v2.5.0-rc3 SW:v2.4.11 SW:v2.4.10 SW:v2.5.0-rc2 SW:v2.5.0-rc1 SW:v2.4.9 SW:v1.7.30 SW:v1.7.29 SW:v2.4.8 SW:v2.4.7 SW:v2.4.6 SW:v2.4.5 SW:v2.4.4 SW:v2.4.3 SW:v2.4.2 SW:v2.4.1 SW:v2.4.0 SW:v1.7.28 SW:v1.7.27 SW:v2.4.0-rc2 SW:v2.3.7 SW:v2.3.6 SW:v2.4.0-rc1 SW:v2.3.5 SW:v2.3.4 SW:v2.3.3 SW:v2.3.2 SW:v2.3.1 SW:v2.3.0 SW:v2.3.0-rc7 SW:v2.3.0-rc6 SW:v2.3.0-rc5 SW:v2.2.11 SW:v2.2.10 SW:v2.3.0-rc4 SW:v2.3.0-rc3 SW:v2.2.8 SW:v1.7.26 SW:v2.2.7 SW:v2.2.6 SW:v2.3.0-rc2 SW:v2.3.0-rc1 SW:v1.7.25 SW:v2.2.5 SW:v2.2.4 SW:v2.2.3 SW:v2.2.2 SW:v2.2.1 SW:v2.2.0 SW:v1.7.24 SW:v2.1.9 SW:v1.7.23 SW:v2.2.0-rc4 SW:v2.1.8 SW:v2.2.0-rc3 SW:v2.1.7 SW:v1.7.22 SW:v2.2.0-rc2 SW:v2.2.0-rc1 SW:v2.1.6 SW:v2.1.5 SW:v1.7.21 SW:v2.1.4 SW:v2.1.3 SW:v2.1.2 SW:v2.1.1 SW:v2.1.0 SW:v1.7.20 SW:v2.0.7 SW:v2.1.0-rc3 SW:v2.0.6 SW:v2.1.0-rc2 SW:v2.1.0-rc1 SW:v2.0.5 SW:v2.0.4 SW:v2.0.3 SW:v1.7.19 SW:v2.0.2 SW:v2.0.1 SW:v1.7.18 SW:v1.7.17 SW:v2.0.0 SW:v2.0.0-rc4 SW:v1.7.16 SW:v1.7.15 SW:v2.0.0-rc3 SW:v2.0.0-rc2 SW:v2.0.0-rc1 SW:v1.7.14 SW:v1.7.13 SW:v2.0.0-beta1 SW:v2.0.0-alpha8 SW:v2.0.0-alpha7 SW:v2.0.0-alpha6 SW:v2.0.0-alpha5 SW:v1.7.12 SW:v1.7.11 SW:v2.0.0-alpha4 SW:v2.0.0-alpha3 SW:v1.7.10 SW:v2.0.0-alpha2 SW:v2.0.0-alpha1 SW:v1.7.9 SW:v1.7.8 SW:v1.7.7 SW:v1.7.6 SW:v1.7.5 SW:v1.7.4 SW:v1.7.3 SW:v1.7.2 SW:v1.7.1 SW:v1.7.0 SW:v1.7.0-rc5 SW:v1.7.0-rc4 SW:v1.6.6 SW:v1.7.0-rc3 SW:v1.7.0-rc2 SW:v1.6.5 SW:v1.7.0-rc1 SW:v1.6.4 SW:v1.6.3 SW:v1.6.2 SW:v1.6.1 SW:v1.6.0 SW:v1.6.0-rc6 SW:v1.6.0-rc5 SW:v1.6.0-rc4 SW:v1.6.0-rc3 SW:v1.6.0-rc2 SW:v1.6.0-rc1 SW:v1.5.4 SW:v1.5.3 SW:v1.5.2 SW:v1.5.1 SW:v1.5.0 SW:v1.5.0-rc5 SW:v1.5.0-rc4 SW:v1.4.6 SW:v1.5.0-rc3 SW:v1.5.0-rc2 SW:v1.4.5 SW:v1.5.0-rc1 SW:v1.4.4 SW:v1.4.3 SW:v1.4.2 SW:v1.4.1 SW:v1.4.0 SW:v1.4.0-rc5 SW:v1.4.0-rc4 SW:v1.4.0-rc3 SW:v1.4.0-rc2 SW:v1.3.8 SW:v1.4.0-rc1 SW:v1.3.7 SW:v1.3.6 SW:v1.3.5 SW:v1.3.4 SW:v1.3.3 SW:v1.3.2 SW:v1.3.1 SW:v1.3.0 SW:v1.3.0-rc3 SW:v1.3.0-rc2 SW:v1.3.0-rc1 SW:v1.2.3 SW:v1.2.2 SW:v1.2.1 SW:v1.2.0 SW:v1.2.0-rc2 SW:v1.2.0-rc1 SW:v1.1.2 SW:v1.1.1 SW:v1.1.0 SW:v1.1.0-rc4 SW:v1.1.0-rc3 SW:v1.1.0-rc2 SW:v1.1.0-rc1 SW:v1.0.3 SW:v1.0.2 SW:v1.0.1 SW:v1.0.0 SW:v1.0.0-rc3 SW:v1.0.0-rc2 SW:v1.0.0-rc1 SW:v1.0.0-beta.809 SW:v1.0.0-beta.804 SW:v1.0.0-beta.794 SW:v1.0.0-beta.784 SW:v1.0.0-beta.771 SW:v1.0.0-beta.767 SW:v1.0.0-beta.756 SW:v1.0.0-beta.754 SW:v1.0.0-beta.744 SW:v1.0.0-beta.732 SW:v1.0.0-beta.723 SW:v1.0.0-beta.721 SW:v1.0.0-beta.712 SW:v1.0.0-beta.704 SW:v1.0.0-beta.695 SW:v1.0.0-beta.692 SW:v1.0.0-beta.682 SW:v1.0.0-beta.676 SW:v1.0.0-beta.673 SW:v1.0.0-beta.666 SW:v1.0.0-beta.652 SW:v1.0.0-beta.644 SW:v1.0.0-beta.621 SW:v1.0.0-beta.614 SW:v1.0.0-beta.610 SW:v1.0.0-beta.601 SW:v1.0.0-beta.582 SW:v1.0.0-beta.576 SW:v1.0.0-beta.573 SW:v1.0.0-beta.555 SW:v1.0.0-beta.548 SW:v1.0.0-beta.545 SW:v1.0.0-beta.524 SW:v1.0.0-beta.513 SW:v1.0.0-beta.508 SW:v1.0.0-beta.505 SW:v1.0.0-beta.484 SW:v1.0.0-beta.481 SW:v1.0.0-beta.475 SW:v1.0.0-beta.470 SW:v1.0.0-beta.453 SW:v1.0.0-beta.442 SW:v1.0.0-beta.440 SW:v1.0.0-beta.436 SW:v1.0.0-beta.433 SW:v1.0.0-beta.427 SW:v1.0.0-beta.421 SW:v1.0.0-beta.416 SW:v1.0.0-beta.408 SW:v1.0.0-beta.404 SW:v1.0.0-beta.395 SW:v1.0.0-beta.392 SW:v1.0.0-beta.374 SW:v1.0.0-beta.366 SW:v1.0.0-beta.355 SW:v1.0.0-beta.352 SW:v1.0.0-beta.341 SW:v1.0.0-beta.339 SW:v1.0.0-beta.324 SW:v1.0.0-beta.300 SW:v1.0.0-beta.291 SW:v1.0.0-beta.289 SW:v1.0.0-beta.287 SW:v1.0.0-beta.280 SW:v1.0.0-beta.277 SW:v1.0.0-beta.254 SW:v1.0.0-beta.247 SW:v1.0.0-beta.224 SW:v1.0.0-beta.220 SW:v1.0.0-beta.212 SW:v1.0.0-beta.211 SW:v1.0.alpha.4c447985b63f8c90dcbde70b2eaef19d9a8c5ad2 SW:v1.0.alpha.9830086790caf40ce30eb9ed5d317917f8157708 SW:v1.0.alpha.3af21612b65fc578585a98c30090d1e613f791eb SW:v1.0.alpha.a458018aa2ccb637abacfc696157e00321cf982f SW:v1.0.alpha.4ded2682d2831ed703282b2f4585e17a62ee258e SW:v1.0.alpha.0e683cc5355bc507dabac68bbc7559d3f179e185 SW:v1.0.alpha.11781087cadf9068d1d0b43902b6161ee10ea458 SW:v1.0.alpha.b42b170ad29a0f042ddee0f5a5098aa9a59a9c8e SW:v1.0.alpha.a00eb81f0301f5e61024dea3b92ba632d6a61a8b SW:v1.0.alpha.6c3c5578c64125838abbc437a0242e1742d6f47a SW:v1.0.alpha.b84b95fe97df5c0f234d8693fbff03fa0d6a441b SW:v1.0.alpha.1a5668377cc840a35d233a0eb817ee9bacf0ba3e SW:v1.0.alpha.331cd173ce8ad858d767510fbcbc653e2dde657d SW:v1.0.alpha.e0872b61579c8e6b8fc6124c8836660c11840f5d SW:v1.0.alpha.99646544953d5793f18ccb22dae2458be4ba0e05 SW:v1.0.alpha.7acc2beae0f0235d9408e8ed7a51f0ef3dae3aff SW:v1.0.alpha.ac56c1310c46f9c18dcad9d7ec680926fae821bb SW:v1.0.alpha.71b0e27517841ec7b911bafb109846ee96109f30 SW:v1.0.alpha.60e9282f0adac48cbf283306ceb08ad7a31ac94b SW:v1.0.alpha.522 SW:v1.0.alpha.516 SW:v1.0.alpha.506 SW:v1.0.alpha.481 SW:v1.0.alpha.477 SW:v1.0.alpha.471 SW:v1.0.alpha.469 SW:v1.0.alpha.463 SW:v1.0.alpha.450 SW:v1.0.alpha.443 SW:v1.0.alpha.439 SW:v1.0.alpha.425 SW:v1.0.alpha.421 SW:v1.0.alpha.418 SW:v1.0.alpha.412 SW:v1.0.alpha.404 SW:v1.0.alpha.392 SW:v1.0.alpha.374 SW:v1.0.alpha.367 SW:v1.0.alpha.364 SW:v1.0.alpha.361 SW:v1.0.alpha.358 SW:v1.0.alpha.357 SW:v1.0.alpha.341 SW:v1.0.alpha.338 SW:v1.0.alpha.336 SW:v1.0.alpha.333 SW:v1.0.alpha.329 SW:v1.0.alpha.311 SW:v1.0.alpha.306 SW:v1.0.alpha.302 SW:v1.0.alpha.291 SW:v1.0.alpha.290 SW:v1.0.alpha.288 SW:v1.0.alpha.285 SW:v1.0.alpha.275 SW:v1.0.alpha.274 SW:v1.0.alpha.273 SW:v1.0.alpha.272 SW:v1.0.alpha.271 SW:v1.0.alpha.270 SW:v1.0.alpha.269 SW:v1.0.alpha.268 SW:v1.0.alpha.267 SW:v1.0.alpha.266 SW:v1.0.alpha.263 SW:v1.0.alpha.257 SW:v1.0.alpha.256 SW:v1.0.alpha.252 SW:v1.0.alpha.251 SW:v1.0.alpha.250 SW:v1.0.alpha.249 SW:v1.0.alpha.247 SW:v1.0.alpha.228 SW:v1.0.alpha.217 SW:v1.0.alpha.216 SW:v1.0.alpha.215 SW:v1.0.alpha.212 SW:v1.0.alpha.200 SW:v1.0.alpha.186 SW:v1.0.alpha.182 SW:v1.0.alpha.178 SW:v1.0.alpha.176 SW:v1.0.alpha.171 SW:v1.0.alpha.170 SW:v1.0.alpha.164 SW:v1.0.alpha.157 SW:v1.0
..
compare: SW:v2.3.7
Branches Tags
SW:master SW:v2.9 SW:v1.5 SW:v1.4 SW:v3.0 SW:v2.8 SW:v1.6 SW:v1.7 SW:v2.0 SW:v2.1 SW:v2.2 SW:v2.7 SW:v2.6 SW:v2.3 SW:v2.4 SW:v2.5 SW:v1.0 SW:v1.1 SW:v1.2 SW:v1.3 SW:gh-pages
SW:v2.9.6-1 SW:v3.0.0-beta2 SW:v2.9.6 SW:v3.0.0-beta1 SW:v2.9.5 SW:v2.9.4 SW:v2.9.3 SW:v2.9.2 SW:v2.9.1 SW:v2.9.0-rc5 SW:v2.8.8 SW:v2.8.7 SW:v2.9.0-rc4 SW:v2.8.6 SW:v2.9.0-rc3 SW:v2.9.0-rc2 SW:v2.9.0-rc1 SW:v2.8.5 SW:v2.8.4 SW:v2.8.3 SW:v2.8.2 SW:v2.8.1 SW:v2.8.0 SW:v2.7.3 SW:v2.8.0-rc2 SW:v2.7.2 SW:v2.8.0-rc1 SW:v2.7.1 SW:v2.7.0 SW:v2.6.7 SW:v2.6.6 SW:v2.6.5 SW:v2.6.4 SW:v2.7.0-rc2 SW:v2.6.3 SW:v2.7.0-rc1 SW:v2.6.2 SW:v2.6.1 SW:v2.6.0 SW:v2.6.0-rc3 SW:v2.5.7 SW:v2.6.0-rc2 SW:v2.5.6 SW:v2.6.0-rc1 SW:v1.7.34 SW:v2.5.5 SW:v2.5.4 SW:v1.7.33 SW:v1.7.32 SW:v1.7.31 SW:v2.5.3 SW:v2.5.2 SW:v2.5.1 SW:v2.5.0 SW:v2.4.14 SW:v2.5.0-rc6 SW:v2.5.0-rc5 SW:v2.5.0-rc4 SW:v2.4.13 SW:v2.4.12 SW:v2.5.0-rc3 SW:v2.4.11 SW:v2.4.10 SW:v2.5.0-rc2 SW:v2.5.0-rc1 SW:v2.4.9 SW:v1.7.30 SW:v1.7.29 SW:v2.4.8 SW:v2.4.7 SW:v2.4.6 SW:v2.4.5 SW:v2.4.4 SW:v2.4.3 SW:v2.4.2 SW:v2.4.1 SW:v2.4.0 SW:v1.7.28 SW:v1.7.27 SW:v2.4.0-rc2 SW:v2.3.7 SW:v2.3.6 SW:v2.4.0-rc1 SW:v2.3.5 SW:v2.3.4 SW:v2.3.3 SW:v2.3.2 SW:v2.3.1 SW:v2.3.0 SW:v2.3.0-rc7 SW:v2.3.0-rc6 SW:v2.3.0-rc5 SW:v2.2.11 SW:v2.2.10 SW:v2.3.0-rc4 SW:v2.3.0-rc3 SW:v2.2.8 SW:v1.7.26 SW:v2.2.7 SW:v2.2.6 SW:v2.3.0-rc2 SW:v2.3.0-rc1 SW:v1.7.25 SW:v2.2.5 SW:v2.2.4 SW:v2.2.3 SW:v2.2.2 SW:v2.2.1 SW:v2.2.0 SW:v1.7.24 SW:v2.1.9 SW:v1.7.23 SW:v2.2.0-rc4 SW:v2.1.8 SW:v2.2.0-rc3 SW:v2.1.7 SW:v1.7.22 SW:v2.2.0-rc2 SW:v2.2.0-rc1 SW:v2.1.6 SW:v2.1.5 SW:v1.7.21 SW:v2.1.4 SW:v2.1.3 SW:v2.1.2 SW:v2.1.1 SW:v2.1.0 SW:v1.7.20 SW:v2.0.7 SW:v2.1.0-rc3 SW:v2.0.6 SW:v2.1.0-rc2 SW:v2.1.0-rc1 SW:v2.0.5 SW:v2.0.4 SW:v2.0.3 SW:v1.7.19 SW:v2.0.2 SW:v2.0.1 SW:v1.7.18 SW:v1.7.17 SW:v2.0.0 SW:v2.0.0-rc4 SW:v1.7.16 SW:v1.7.15 SW:v2.0.0-rc3 SW:v2.0.0-rc2 SW:v2.0.0-rc1 SW:v1.7.14 SW:v1.7.13 SW:v2.0.0-beta1 SW:v2.0.0-alpha8 SW:v2.0.0-alpha7 SW:v2.0.0-alpha6 SW:v2.0.0-alpha5 SW:v1.7.12 SW:v1.7.11 SW:v2.0.0-alpha4 SW:v2.0.0-alpha3 SW:v1.7.10 SW:v2.0.0-alpha2 SW:v2.0.0-alpha1 SW:v1.7.9 SW:v1.7.8 SW:v1.7.7 SW:v1.7.6 SW:v1.7.5 SW:v1.7.4 SW:v1.7.3 SW:v1.7.2 SW:v1.7.1 SW:v1.7.0 SW:v1.7.0-rc5 SW:v1.7.0-rc4 SW:v1.6.6 SW:v1.7.0-rc3 SW:v1.7.0-rc2 SW:v1.6.5 SW:v1.7.0-rc1 SW:v1.6.4 SW:v1.6.3 SW:v1.6.2 SW:v1.6.1 SW:v1.6.0 SW:v1.6.0-rc6 SW:v1.6.0-rc5 SW:v1.6.0-rc4 SW:v1.6.0-rc3 SW:v1.6.0-rc2 SW:v1.6.0-rc1 SW:v1.5.4 SW:v1.5.3 SW:v1.5.2 SW:v1.5.1 SW:v1.5.0 SW:v1.5.0-rc5 SW:v1.5.0-rc4 SW:v1.4.6 SW:v1.5.0-rc3 SW:v1.5.0-rc2 SW:v1.4.5 SW:v1.5.0-rc1 SW:v1.4.4 SW:v1.4.3 SW:v1.4.2 SW:v1.4.1 SW:v1.4.0 SW:v1.4.0-rc5 SW:v1.4.0-rc4 SW:v1.4.0-rc3 SW:v1.4.0-rc2 SW:v1.3.8 SW:v1.4.0-rc1 SW:v1.3.7 SW:v1.3.6 SW:v1.3.5 SW:v1.3.4 SW:v1.3.3 SW:v1.3.2 SW:v1.3.1 SW:v1.3.0 SW:v1.3.0-rc3 SW:v1.3.0-rc2 SW:v1.3.0-rc1 SW:v1.2.3 SW:v1.2.2 SW:v1.2.1 SW:v1.2.0 SW:v1.2.0-rc2 SW:v1.2.0-rc1 SW:v1.1.2 SW:v1.1.1 SW:v1.1.0 SW:v1.1.0-rc4 SW:v1.1.0-rc3 SW:v1.1.0-rc2 SW:v1.1.0-rc1 SW:v1.0.3 SW:v1.0.2 SW:v1.0.1 SW:v1.0.0 SW:v1.0.0-rc3 SW:v1.0.0-rc2 SW:v1.0.0-rc1 SW:v1.0.0-beta.809 SW:v1.0.0-beta.804 SW:v1.0.0-beta.794 SW:v1.0.0-beta.784 SW:v1.0.0-beta.771 SW:v1.0.0-beta.767 SW:v1.0.0-beta.756 SW:v1.0.0-beta.754 SW:v1.0.0-beta.744 SW:v1.0.0-beta.732 SW:v1.0.0-beta.723 SW:v1.0.0-beta.721 SW:v1.0.0-beta.712 SW:v1.0.0-beta.704 SW:v1.0.0-beta.695 SW:v1.0.0-beta.692 SW:v1.0.0-beta.682 SW:v1.0.0-beta.676 SW:v1.0.0-beta.673 SW:v1.0.0-beta.666 SW:v1.0.0-beta.652 SW:v1.0.0-beta.644 SW:v1.0.0-beta.621 SW:v1.0.0-beta.614 SW:v1.0.0-beta.610 SW:v1.0.0-beta.601 SW:v1.0.0-beta.582 SW:v1.0.0-beta.576 SW:v1.0.0-beta.573 SW:v1.0.0-beta.555 SW:v1.0.0-beta.548 SW:v1.0.0-beta.545 SW:v1.0.0-beta.524 SW:v1.0.0-beta.513 SW:v1.0.0-beta.508 SW:v1.0.0-beta.505 SW:v1.0.0-beta.484 SW:v1.0.0-beta.481 SW:v1.0.0-beta.475 SW:v1.0.0-beta.470 SW:v1.0.0-beta.453 SW:v1.0.0-beta.442 SW:v1.0.0-beta.440 SW:v1.0.0-beta.436 SW:v1.0.0-beta.433 SW:v1.0.0-beta.427 SW:v1.0.0-beta.421 SW:v1.0.0-beta.416 SW:v1.0.0-beta.408 SW:v1.0.0-beta.404 SW:v1.0.0-beta.395 SW:v1.0.0-beta.392 SW:v1.0.0-beta.374 SW:v1.0.0-beta.366 SW:v1.0.0-beta.355 SW:v1.0.0-beta.352 SW:v1.0.0-beta.341 SW:v1.0.0-beta.339 SW:v1.0.0-beta.324 SW:v1.0.0-beta.300 SW:v1.0.0-beta.291 SW:v1.0.0-beta.289 SW:v1.0.0-beta.287 SW:v1.0.0-beta.280 SW:v1.0.0-beta.277 SW:v1.0.0-beta.254 SW:v1.0.0-beta.247 SW:v1.0.0-beta.224 SW:v1.0.0-beta.220 SW:v1.0.0-beta.212 SW:v1.0.0-beta.211 SW:v1.0.alpha.4c447985b63f8c90dcbde70b2eaef19d9a8c5ad2 SW:v1.0.alpha.9830086790caf40ce30eb9ed5d317917f8157708 SW:v1.0.alpha.3af21612b65fc578585a98c30090d1e613f791eb SW:v1.0.alpha.a458018aa2ccb637abacfc696157e00321cf982f SW:v1.0.alpha.4ded2682d2831ed703282b2f4585e17a62ee258e SW:v1.0.alpha.0e683cc5355bc507dabac68bbc7559d3f179e185 SW:v1.0.alpha.11781087cadf9068d1d0b43902b6161ee10ea458 SW:v1.0.alpha.b42b170ad29a0f042ddee0f5a5098aa9a59a9c8e SW:v1.0.alpha.a00eb81f0301f5e61024dea3b92ba632d6a61a8b SW:v1.0.alpha.6c3c5578c64125838abbc437a0242e1742d6f47a SW:v1.0.alpha.b84b95fe97df5c0f234d8693fbff03fa0d6a441b SW:v1.0.alpha.1a5668377cc840a35d233a0eb817ee9bacf0ba3e SW:v1.0.alpha.331cd173ce8ad858d767510fbcbc653e2dde657d SW:v1.0.alpha.e0872b61579c8e6b8fc6124c8836660c11840f5d SW:v1.0.alpha.99646544953d5793f18ccb22dae2458be4ba0e05 SW:v1.0.alpha.7acc2beae0f0235d9408e8ed7a51f0ef3dae3aff SW:v1.0.alpha.ac56c1310c46f9c18dcad9d7ec680926fae821bb SW:v1.0.alpha.71b0e27517841ec7b911bafb109846ee96109f30 SW:v1.0.alpha.60e9282f0adac48cbf283306ceb08ad7a31ac94b SW:v1.0.alpha.522 SW:v1.0.alpha.516 SW:v1.0.alpha.506 SW:v1.0.alpha.481 SW:v1.0.alpha.477 SW:v1.0.alpha.471 SW:v1.0.alpha.469 SW:v1.0.alpha.463 SW:v1.0.alpha.450 SW:v1.0.alpha.443 SW:v1.0.alpha.439 SW:v1.0.alpha.425 SW:v1.0.alpha.421 SW:v1.0.alpha.418 SW:v1.0.alpha.412 SW:v1.0.alpha.404 SW:v1.0.alpha.392 SW:v1.0.alpha.374 SW:v1.0.alpha.367 SW:v1.0.alpha.364 SW:v1.0.alpha.361 SW:v1.0.alpha.358 SW:v1.0.alpha.357 SW:v1.0.alpha.341 SW:v1.0.alpha.338 SW:v1.0.alpha.336 SW:v1.0.alpha.333 SW:v1.0.alpha.329 SW:v1.0.alpha.311 SW:v1.0.alpha.306 SW:v1.0.alpha.302 SW:v1.0.alpha.291 SW:v1.0.alpha.290 SW:v1.0.alpha.288 SW:v1.0.alpha.285 SW:v1.0.alpha.275 SW:v1.0.alpha.274 SW:v1.0.alpha.273 SW:v1.0.alpha.272 SW:v1.0.alpha.271 SW:v1.0.alpha.270 SW:v1.0.alpha.269 SW:v1.0.alpha.268 SW:v1.0.alpha.267 SW:v1.0.alpha.266 SW:v1.0.alpha.263 SW:v1.0.alpha.257 SW:v1.0.alpha.256 SW:v1.0.alpha.252 SW:v1.0.alpha.251 SW:v1.0.alpha.250 SW:v1.0.alpha.249 SW:v1.0.alpha.247 SW:v1.0.alpha.228 SW:v1.0.alpha.217 SW:v1.0.alpha.216 SW:v1.0.alpha.215 SW:v1.0.alpha.212 SW:v1.0.alpha.200 SW:v1.0.alpha.186 SW:v1.0.alpha.182 SW:v1.0.alpha.178 SW:v1.0.alpha.176 SW:v1.0.alpha.171 SW:v1.0.alpha.170 SW:v1.0.alpha.164 SW:v1.0.alpha.157 SW:v1.0

59 Commits
v2.3.2 ... v2.3.7

Author SHA1 Message Date
Harold Ozouf
47fb6e036a Prepare release v2.3.7 2021-01-11 18:48:03 +01:00
Sylvere Richard
83fa3f4cc8 Discrepancy in Traefik log levels 2021-01-11 15:42:04 +01:00
Kevin Pollet
c24f75ce0b Update copyright year for 2021 2021-01-08 19:20:04 +01:00
Henning
63929b0341 Compile kubernetes ingress annotation regex only once 2021-01-07 18:56:03 +01:00
Michael
5d800ba5fe Do a Docker login on Travis 2021-01-06 17:58:04 +01:00
Avdhoot Dendge
d4f0a9ff62 Fix wildcard hostname issue 2021-01-05 12:26:04 +01:00
Anil Kumar Maurya
c4fa96c41e Add ECS to supported providers list 2021-01-04 10:58:03 +01:00
Kevin Pollet
5dd1728bf8 webui: fix missing custom request and response header names 2020-12-27 20:48:04 +01:00
Kevin Pollet
544dc2eaa5 docs: fix broken links to docker-compose documentation 2020-12-22 14:20:03 +01:00
Jean-Baptiste Doumenjou
3ff83fc1f8 Prepare release v2.3.6 2020-12-17 17:02:04 +01:00
Ludovic Fernandez
63f65e5b2a Disable router when a rule has an error 2020-12-17 10:06:03 +01:00
Icelyn Jennings
ac8e47579b Add missing quotes in errorpages k8s example yaml 2020-12-16 15:20:04 +01:00
Harold Ozouf
5487015a83 Update Logrus to v1.7.0 2020-12-14 12:56:03 +01:00
Frederic Werner
418cccd307 Add configuration example for access log filePath 2020-12-14 12:34:05 +01:00
Ludovic Fernandez
2a0760412c Update Yaegi to v0.9.8 2020-12-14 12:00:04 +01:00
Romain
42d8e6d60d Prepare release v2.3.5 2020-12-10 16:48:04 +01:00
Romain
7ba907f261 IngressRoute: add an option to disable cross-namespace routing 
Co-authored-by: Jean-Baptiste Doumenjou <925513+jbdoumenjou@users.noreply.github.com>
 2020-12-10 14:58:04 +01:00
Harold Ozouf
c72769e2ea Fix TLS options fallback when domain and options are the same 
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
 2020-12-09 14:16:03 +01:00
Paulo Júnior
02d856b8a5 Documentation: Add spacing to sidebars so the last item is always visible 2020-12-07 18:24:04 +01:00
Ioannis Pinakoulakis
0d15ac8861 Fix UI bug on long service name 2020-12-07 14:14:03 +01:00
Ludovic Fernandez
134a767a7f Update go-acme/lego to v4.1.3 2020-12-04 23:40:03 +01:00
Harold Ozouf
7403b6fb82 Fix concatenation of IPv6 addresses and ports 2020-12-04 20:56:04 +01:00
Kevin Crawley
121eaced49 Add example for multiple service per container 2020-12-03 09:36:03 +01:00
Sergiu Marsavela
512ed086bd Fix typos in migration guide 2020-11-27 11:18:04 +01:00
Kevin Pollet
76e35a09b7 Prepare release v2.3.4 2020-11-24 17:06:04 +01:00
SkapiN
d2c1d39d42 Fix clusters option in ECS provider documentation 2020-11-24 14:50:03 +01:00
Harold Ozouf
e9cccf6504 Do not evaluate templated URL in redirectRegex middleware 2020-11-24 14:16:03 +01:00
Ludovic Fernandez
1c505903ff fix: invalid slice parsing. 2020-11-24 09:40:03 +01:00
Ludovic Fernandez
53ed8e04ae Update go-acme/lego to v4.1.2 2020-11-23 12:00:03 +01:00
Romain
be0845af02 Apply labelSelector as a TweakListOptions for Kubernetes informers 2020-11-20 00:18:04 +01:00
Ludovic Fernandez
f83a57b3da Prepare release v2.3.3 2020-11-19 18:31:09 +01:00
Kevin Pollet
08264749f0 Update Yaegi to v0.9.7 2020-11-19 17:56:03 +01:00
Harold Ozouf
a75819cae3 Filter out Helm secrets from informer caches 
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
 2020-11-19 14:32:03 +01:00
Ivor Scott
9fb32a47ca Fix grammar in kubernetes ingress controller documentation 2020-11-19 10:04:04 +01:00
Harold Ozouf
4f43c9ebb4 Fix missing allow-empty tag on ECS and Consul Catalog providers 
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
 2020-11-19 00:12:03 +01:00
Harold Ozouf
9177982334 Fix consul catalog panic when health and services are not in sync 
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
 2020-11-17 17:30:03 +01:00
Yoan Blanc
52eeff9f9f fix: consulcatalog to update before the first interval 2020-11-16 20:44:04 +01:00
Petyo Kunchev
0fcccd35ff /bin/bash replaced with /usr/bin/env bash to match other scripts 2020-11-16 15:38:04 +01:00
Douglas De Toni Machado
598dcf6b62 Improve service name lookup on TCP routers 2020-11-13 12:48:04 +01:00
Alexander Wellbrock
459200dd01 Forwardauth headers 2020-11-10 17:50:04 +01:00
james426759
af22cabc6f Fix docs for TLS 2020-11-10 17:28:04 +01:00
Alessandro Chitolina
920e82f11a fix: translate configured server port into correct mapped host port 2020-11-09 17:12:05 +01:00
Ludovic Fernandez
9bdf9e1e02 Update Yaegi to v0.9.5 2020-11-08 23:42:03 +01:00
Ludovic Fernandez
3a45f05e36 Update go-acme/lego to v4.1.0 2020-11-08 23:24:04 +01:00
Neil McAllister
8e3e387be7 Fix Traefik Proxy product nav in docs 2020-11-06 21:56:03 +01:00
Ludovic Fernandez
267d0b7b5a chore: update linter. 2020-11-06 09:26:03 +01:00
Kevin Pollet
f5b290b093 Add ECS menu to dynamic config reference 2020-11-03 17:40:04 +01:00
Michael
4ea1c98ac9 Improve anonymize configuration 2020-10-30 12:44:05 +01:00
Tristan Weil
db007efe00 Ignore errors when setting keepalive period is not supported by the system 2020-10-28 15:32:04 +01:00
Jean-Baptiste Doumenjou
a0c02f62a3 fix: exclude protected link from doc verify 2020-10-27 18:34:04 +01:00
Jean-Baptiste Doumenjou
ff7b814edc fix documentation 2020-10-27 12:46:04 +01:00
Ludovic Fernandez
ea459e9af0 fix: update Yaegi to v0.9.4 2020-10-23 11:30:04 +02:00
Andrii Dembitskyi
2dd5a53db2 Add missed tls config for yaml example 2020-10-23 11:00:05 +02:00
Romain
fc97ea7ee0 Use timezone without daylight saving time for logger formatter tests 
Co-authored-by: jbdoumenjou <925513+jbdoumenjou@users.noreply.github.com>
 2020-10-22 19:52:04 +02:00
Kevin Crawley
582d2540af add links to contributors guide 2020-10-22 12:08:05 +02:00
Tom Matthews
6ad79dcd45 Clarify time-based field units 2020-10-22 11:36:03 +02:00
Tom Matthews
721896ba70 Resolve broken URLs causing make docs to fail 2020-10-20 23:02:04 +02:00
Yeri Pratama
228270414c fix typo in providers overview documentation 2020-10-20 19:02:04 +02:00
Romain
2683df7b5b Fix ingress documentation 2020-10-20 14:16:04 +02:00
198 changed files with 4856 additions and 1042 deletions
Expand all files Collapse all files

5
.golangci.toml
View File

@@ -54,7 +54,10 @@
"nestif", # Too many false-positive.
"noctx", # Too strict
"exhaustive", # Too strict
"nlreturn", # Too strict
"nlreturn", # Not relevant
"wrapcheck", # Too strict
"tparallel", # Not relevant
"exhaustivestruct", # Not relevant
]
[issues]

3
.travis.yml
View File

@@ -25,6 +25,7 @@ before_deploy:
sudo -E apt-get -yq update;
sudo -E apt-get -yq --no-install-suggests --no-install-recommends --force-yes install docker-ce=${DOCKER_VERSION}*;
docker version;
echo "${DOCKERHUB_PASSWORD}" | docker login -u "${DOCKERHUB_USERNAME}" --password-stdin;
make build-image;
if [ "$TRAVIS_TAG" ]; then
make release-packages;
@@ -54,4 +55,4 @@ deploy:
skip_cleanup: true
on:
repo: traefik/traefik
all_branches: true
all_branches: true

85
CHANGELOG.md
View File

@@ -1,3 +1,88 @@
## [v2.3.7](https://github.com/traefik/traefik/tree/v2.3.7) (2021-01-11)
[All Commits](https://github.com/traefik/traefik/compare/v2.3.6...v2.3.7)
**Bug fixes:**
- **[k8s,k8s/ingress]** Fix wildcard hostname issue ([#7711](https://github.com/traefik/traefik/pull/7711) by [avdhoot](https://github.com/avdhoot))
- **[k8s,k8s/ingress]** Compile kubernetes ingress annotation regex only once ([#7647](https://github.com/traefik/traefik/pull/7647) by [hensur](https://github.com/hensur))
- **[middleware,webui]** webui: fix missing custom request and response header names ([#7706](https://github.com/traefik/traefik/pull/7706) by [kevinpollet](https://github.com/kevinpollet))
- **[middleware]** Fix log level on error pages middleware ([#7737](https://github.com/traefik/traefik/pull/7737) by [Nowheresly](https://github.com/Nowheresly))
**Documentation:**
- **[docker]** docs: fix broken links to docker-compose documentation ([#7702](https://github.com/traefik/traefik/pull/7702) by [kevinpollet](https://github.com/kevinpollet))
- **[ecs]** Add ECS to supported providers list ([#7714](https://github.com/traefik/traefik/pull/7714) by [anilmaurya](https://github.com/anilmaurya))
- Update copyright year for 2021 ([#7734](https://github.com/traefik/traefik/pull/7734) by [kevinpollet](https://github.com/kevinpollet))
## [v2.3.6](https://github.com/traefik/traefik/tree/v2.3.6) (2020-12-17)
[All Commits](https://github.com/traefik/traefik/compare/v2.3.5...v2.3.6)
**Bug fixes:**
- **[logs]** Update Logrus to v1.7.0 ([#7663](https://github.com/traefik/traefik/pull/7663) by [jspdown](https://github.com/jspdown))
- **[plugins]** Update Yaegi to v0.9.8 ([#7659](https://github.com/traefik/traefik/pull/7659) by [ldez](https://github.com/ldez))
- **[rules]** Disable router when a rule has an error ([#7680](https://github.com/traefik/traefik/pull/7680) by [ldez](https://github.com/ldez))
**Documentation:**
- **[logs]** Add configuration example for access log filePath ([#7655](https://github.com/traefik/traefik/pull/7655) by [wernerfred](https://github.com/wernerfred))
- **[middleware]** Add missing quotes in errorpages k8s example yaml ([#7675](https://github.com/traefik/traefik/pull/7675) by [icelynjennings](https://github.com/icelynjennings))
## [v2.3.5](https://github.com/traefik/traefik/tree/v2.3.5) (2020-12-10)
[All Commits](https://github.com/traefik/traefik/compare/v2.3.4...v2.3.5)
**Bug fixes:**
- **[acme]** Update go-acme/lego to v4.1.3 ([#7625](https://github.com/traefik/traefik/pull/7625) by [ldez](https://github.com/ldez))
- **[k8s,k8s/crd]** IngressRoute: add an option to disable cross-namespace routing ([#7595](https://github.com/traefik/traefik/pull/7595) by [rtribotte](https://github.com/rtribotte))
- **[k8s/crd,k8s/ingress]** Fix concatenation of IPv6 addresses and ports ([#7620](https://github.com/traefik/traefik/pull/7620) by [jspdown](https://github.com/jspdown))
- **[tcp,tls]** Fix TLS options fallback when domain and options are the same ([#7609](https://github.com/traefik/traefik/pull/7609) by [jspdown](https://github.com/jspdown))
- **[webui]** Fix UI bug on long service name ([#7535](https://github.com/traefik/traefik/pull/7535) by [ipinak](https://github.com/ipinak))
**Documentation:**
- **[docker]** Add example for multiple service per container ([#7610](https://github.com/traefik/traefik/pull/7610) by [notsureifkevin](https://github.com/notsureifkevin))
- Documentation: Add spacing to sidebars so the last item is always visible ([#7616](https://github.com/traefik/traefik/pull/7616) by [paulocfjunior](https://github.com/paulocfjunior))
- Fix typos in migration guide ([#7596](https://github.com/traefik/traefik/pull/7596) by [marsavela](https://github.com/marsavela))
## [v2.3.4](https://github.com/traefik/traefik/tree/v2.3.4) (2020-11-24)
[All Commits](https://github.com/traefik/traefik/compare/v2.3.3...v2.3.4)
**Bug fixes:**
- **[acme]** Update go-acme/lego to v4.1.2 ([#7577](https://github.com/traefik/traefik/pull/7577) by [ldez](https://github.com/ldez))
- **[k8s,k8s/crd,k8s/ingress]** Apply labelSelector as a TweakListOptions for Kubernetes informers ([#7521](https://github.com/traefik/traefik/pull/7521) by [rtribotte](https://github.com/rtribotte))
- **[middleware]** Do not evaluate templated URL in redirectRegex middleware ([#7573](https://github.com/traefik/traefik/pull/7573) by [jspdown](https://github.com/jspdown))
- **[provider]** fix: invalid slice parsing. ([#7583](https://github.com/traefik/traefik/pull/7583) by [ldez](https://github.com/ldez))
**Documentation:**
- **[ecs]** Fix clusters option in ECS provider documentation ([#7586](https://github.com/traefik/traefik/pull/7586) by [skapin](https://github.com/skapin))
## [v2.3.3](https://github.com/traefik/traefik/tree/v2.3.3) (2020-11-19)
[All Commits](https://github.com/traefik/traefik/compare/v2.3.2...v2.3.3)
**Bug fixes:**
- **[acme]** Update go-acme/lego to v4.1.0 ([#7526](https://github.com/traefik/traefik/pull/7526) by [ldez](https://github.com/ldez))
- **[consulcatalog,ecs]** Fix missing allow-empty tag on ECS and Consul Catalog providers ([#7561](https://github.com/traefik/traefik/pull/7561) by [jspdown](https://github.com/jspdown))
- **[consulcatalog]** consulcatalog to update before the first interval ([#7514](https://github.com/traefik/traefik/pull/7514) by [greut](https://github.com/greut))
- **[consulcatalog]** Fix consul catalog panic when health and services are not in sync ([#7558](https://github.com/traefik/traefik/pull/7558) by [jspdown](https://github.com/jspdown))
- **[ecs]** Translate configured server port into correct mapped host port ([#7480](https://github.com/traefik/traefik/pull/7480) by [alekitto](https://github.com/alekitto))
- **[k8s,k8s/crd,k8s/ingress]** Filter out Helm secrets from informer caches ([#7562](https://github.com/traefik/traefik/pull/7562) by [jspdown](https://github.com/jspdown))
- **[plugins]** Update Yaegi to v0.9.5 ([#7527](https://github.com/traefik/traefik/pull/7527) by [ldez](https://github.com/ldez))
- **[plugins]** Update Yaegi to v0.9.7 ([#7569](https://github.com/traefik/traefik/pull/7569) by [kevinpollet](https://github.com/kevinpollet))
- **[plugins]** Update Yaegi to v0.9.4 ([#7451](https://github.com/traefik/traefik/pull/7451) by [ldez](https://github.com/ldez))
- **[tcp]** Ignore errors when setting keepalive period is not supported by the system ([#7410](https://github.com/traefik/traefik/pull/7410) by [tristan-weil](https://github.com/tristan-weil))
- **[tcp]** Improve service name lookup on TCP routers ([#7370](https://github.com/traefik/traefik/pull/7370) by [ddtmachado](https://github.com/ddtmachado))
- Improve anonymize configuration ([#7482](https://github.com/traefik/traefik/pull/7482) by [mmatur](https://github.com/mmatur))
**Documentation:**
- **[ecs]** Add ECS menu to dynamic config reference ([#7501](https://github.com/traefik/traefik/pull/7501) by [kevinpollet](https://github.com/kevinpollet))
- **[k8s,k8s/ingress]** Fix ingress documentation ([#7424](https://github.com/traefik/traefik/pull/7424) by [rtribotte](https://github.com/rtribotte))
- **[k8s]** fix documentation ([#7469](https://github.com/traefik/traefik/pull/7469) by [jbdoumenjou](https://github.com/jbdoumenjou))
- **[k8s]** Fix grammar in kubernetes ingress controller documentation ([#7565](https://github.com/traefik/traefik/pull/7565) by [ivorscott](https://github.com/ivorscott))
- **[logs]** Clarify time-based field units ([#7447](https://github.com/traefik/traefik/pull/7447) by [tomtastic](https://github.com/tomtastic))
- **[middleware]** Forwardauth headers ([#7506](https://github.com/traefik/traefik/pull/7506) by [w4tsn](https://github.com/w4tsn))
- **[provider]** fix typo in providers overview documentation ([#7441](https://github.com/traefik/traefik/pull/7441) by [pirey](https://github.com/pirey))
- **[tls]** Fix docs for TLS ([#7541](https://github.com/traefik/traefik/pull/7541) by [james426759](https://github.com/james426759))
- fix: exclude protected link from doc verify ([#7477](https://github.com/traefik/traefik/pull/7477) by [jbdoumenjou](https://github.com/jbdoumenjou))
- Add missed tls config for yaml example ([#7450](https://github.com/traefik/traefik/pull/7450) by [andrew-demb](https://github.com/andrew-demb))
- Resolve broken URLs causing make docs to fail ([#7444](https://github.com/traefik/traefik/pull/7444) by [tomtastic](https://github.com/tomtastic))
- Fix Traefik Proxy product nav in docs ([#7523](https://github.com/traefik/traefik/pull/7523) by [PCM2](https://github.com/PCM2))
- add links to contributors guide ([#7435](https://github.com/traefik/traefik/pull/7435) by [notsureifkevin](https://github.com/notsureifkevin))
## [v2.3.2](https://github.com/traefik/traefik/tree/v2.3.2) (2020-10-19)
[All Commits](https://github.com/traefik/traefik/compare/v2.3.1...v2.3.2)

2
LICENSE.md
View File

@@ -1,6 +1,6 @@
The MIT License (MIT)
Copyright (c) 2016-2020 Containous SAS; 2020 Traefik Labs
Copyright (c) 2016-2020 Containous SAS; 2020-2021 Traefik Labs
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal

2
build.Dockerfile
View File

@@ -19,7 +19,7 @@ RUN mkdir -p /usr/local/bin \
&& chmod +x /usr/local/bin/go-bindata
# Download golangci-lint binary to bin folder in $GOPATH
RUN curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | bash -s -- -b $GOPATH/bin v1.31.0
RUN curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | bash -s -- -b $GOPATH/bin v1.32.2
# Download misspell binary to bin folder in $GOPATH
RUN curl -sfL https://raw.githubusercontent.com/client9/misspell/master/install-misspell.sh | bash -s -- -b $GOPATH/bin v0.3.4

4
docs/content/assets/styles/menu.css
View File

@@ -35,6 +35,10 @@
padding: 0;
}
.md-sidebar__scrollwrap {
max-height: calc(100% - 50px);
}
.md-sidebar--secondary .md-sidebar__scrollwrap {
border-radius: 8px;
background-color: var(--light-blue) !important;

63
docs/content/contributing/maintainers.md
View File

@@ -11,75 +11,20 @@
* Ludovic Fernandez [@ldez](https://github.com/ldez)
* Julien Salleyron [@juliens](https://github.com/juliens)
* Nicolas Mengin [@nmengin](https://github.com/nmengin)
* Marco Jantke [@marco-jantke](https://github.com/marco-jantke)
* Marco Jantke [@mjantke](https://github.com/mjeri)
* Michaël Matur [@mmatur](https://github.com/mmatur)
* Gérald Croës [@geraldcroes](https://github.com/geraldcroes)
* Jean-Baptiste Doumenjou [@jbdoumenjou](https://github.com/jbdoumenjou)
* Mathieu Lonjaret [@mpl](https://github.com/mpl)
* Romain Tribotté [@rtribotte](https://github.com/rtribotte)
## Contributions Daily Meeting
## Issue Triage
* 3 Maintainers should attend to a Contributions Daily Meeting where we sort and label new issues ([is:issue label:status/0-needs-triage](https://github.com/traefik/traefik/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3Astatus%2F0-needs-triage+)), and review every Pull Requests
* Every pull request should be checked during the Contributions Daily Meeting
* Even if its already assigned
* Even PR labelled with `contributor/waiting-for-corrections` or `contributor/waiting-for-feedback`
* Issues labeled with `priority/P0` and `priority/P1` should be assigned.
* Modifying an issue or a pull request (labels, assignees, milestone) is only possible:
* During the Contributions Daily Meeting
* By an assigned maintainer
* In case of emergency, if a change proposal is approved by 2 other maintainers (on Slack, Discord, Discourse, etc)
Issues and PRs are triaged daily and the process for triaging may be found under [triaging issues](https://github.com/traefik/contributors-guide/blob/master/issue_triage.md) in our [contributors guide repository](https://github.com/traefik/contributors-guide).
## PR review process:
* The status `needs-design-review` is only used in complex/heavy/tricky PRs.
* From `1` to `2`: 1 comment that says “design LGTM” (by a senior maintainer).
* From `2` to `3`: 3 LGTM approvals by any maintainer.
* If needed, a specific maintainer familiar with a particular domain can be requested for the review.
* If a PR has been implemented in pair programming, one peer's LGTM goes into the review for free
* Amending someone else's pull request is authorized only in emergency, if a rebase is needed, or if the initial contributor is silent
We use [PRM](https://github.com/ldez/prm) to manage locally pull requests.
## Bots
### [Myrmica Lobicornis](https://github.com/traefik/lobicornis/)
Update and Merge Pull Request.
The maintainer giving the final LGTM must add the `status/3-needs-merge` label to trigger the merge bot.
By default, a squash-rebase merge will be carried out.
To preserve commits, add `bot/merge-method-rebase` before `status/3-needs-merge`.
The status `status/4-merge-in-progress` is only used by the bot.
If the bot is not able to perform the merge, the label `bot/need-human-merge` is added.
In such a situation, solve the conflicts/CI/... and then remove the label `bot/need-human-merge`.
To prevent the bot from automatically merging a PR, add the label `bot/no-merge`.
The label `bot/light-review` decreases the number of required LGTM from 3 to 1.
This label is used when:
* Updating the vendors from previously reviewed PRs
* Merging branches into the master
* Preparing the release
### [Myrmica Bibikoffi](https://github.com/traefik/bibikoffi/)
* closes stale issues [cron]
* use some criterion as number of days between creation, last update, labels, ...
### [Myrmica Aloba](https://github.com/traefik/aloba)
Manage GitHub labels.
* Add labels on new PR [GitHub WebHook]
* Add milestone to a new PR based on a branch version (1.4, 1.3, ...) [GitHub WebHook]
* Add and remove `contributor/waiting-for-corrections` label when a review request changes [GitHub WebHook]
* Weekly report of PR status on Slack (CaptainPR) [cron]
The process for reviewing PRs may be found under [review guidelines](https://github.com/traefik/contributors-guide/blob/master/review_guidelines.md) in our contributors guide repository.
## Labels

38
docs/content/contributing/submitting-pull-requests.md
View File

@@ -5,41 +5,5 @@ A Quick Guide for Efficient Contributions
So you've decided to improve Traefik?
Thank You!
Now the last step is to submit your Pull Request in a way that makes sure it gets the attention it deserves.
Let's go through the classic pitfalls to make sure everything is right.
## Title
The title must be short and descriptive. (~60 characters)
## Description
Follow the [pull request template](https://github.com/traefik/traefik/blob/master/.github/PULL_REQUEST_TEMPLATE.md) as much as possible.
Explain the conditions which led you to write this PR: give us context.
The context should lead to something, an idea or a problem that youre facing.
Remain clear and concise.
Take time to polish the format of your message so we'll enjoy reading it and working on it.
Help the readers focus on what matters, and help them understand the structure of your message (see the [Github Markdown Syntax](https://help.github.com/articles/github-flavored-markdown)).
## PR Content
- Make it small.
- One feature per Pull Request.
- Write useful descriptions and titles.
- Avoid re-formatting code that is not on the path of your PR.
- Make sure the [code builds](building-testing.md).
- Make sure [all tests pass](building-testing.md).
- Add tests.
- Address review comments in terms of additional commits (and don't amend/squash existing ones unless the PR is trivial).
!!! note "Third-Party Dependencies"
If a PR involves changes to third-party dependencies, the commits pertaining to the vendor folder and the manifest/lock file(s) should be committed separated.
!!! tip "10 Tips for Better Pull Requests"
We enjoyed this article, maybe you will too! [10 tips for better pull requests](https://blog.ploeh.dk/2015/01/15/10-tips-for-better-pull-requests/).
Please review the [guidelines on creating PRs](https://github.com/traefik/contributors-guide/blob/master/pr_guidelines.md) for Traefik in our [contributors guide repository](https://github.com/traefik/contributors-guide).

3
docs/content/https/acme.md
View File

@@ -322,8 +322,9 @@ For complete details, refer to your provider's _Additional configuration_ link.
| HTTP request | `httpreq` | `HTTPREQ_ENDPOINT`, `HTTPREQ_MODE`, `HTTPREQ_USERNAME`, `HTTPREQ_PASSWORD` [^1] | [Additional configuration](https://go-acme.github.io/lego/dns/httpreq) |
| [HyperOne](https://www.hyperone.com) | `hyperone` | `HYPERONE_PASSPORT_LOCATION`, `HYPERONE_LOCATION_ID` | [Additional configuration](https://go-acme.github.io/lego/dns/hyperone) |
| [IIJ](https://www.iij.ad.jp/) | `iij` | `IIJ_API_ACCESS_KEY`, `IIJ_API_SECRET_KEY`, `IIJ_DO_SERVICE_CODE` | [Additional configuration](https://go-acme.github.io/lego/dns/iij) |
| [Infomaniak](https://www.infomaniak.com) | `infomaniak` | `INFOMANIAK_ACCESS_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/infomaniak) |
| [INWX](https://www.inwx.de/en) | `inwx` | `INWX_USERNAME`, `INWX_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/inwx) |
| [Joker.com](https://joker.com) | `joker` | `JOKER_API_KEY` or `JOKER_USERNAME`, `JOKER_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/joker) |
| [Joker.com](https://joker.com) | `joker` | `JOKER_API_MODE` with `JOKER_API_KEY` or `JOKER_USERNAME`, `JOKER_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/joker) |
| [Lightsail](https://aws.amazon.com/lightsail/) | `lightsail` | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `DNS_ZONE` | [Additional configuration](https://go-acme.github.io/lego/dns/lightsail) |
| [Linode v4](https://www.linode.com) | `linode` | `LINODE_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/linode) |
| [Liquid Web](https://www.liquidweb.com/) | `liquidweb` | `LIQUID_WEB_PASSWORD`, `LIQUID_WEB_USERNAME`, `LIQUID_WEB_ZONE` | [Additional configuration](https://go-acme.github.io/lego/dns/liquidweb) |

2
docs/content/https/tls.md
View File

@@ -64,7 +64,7 @@ tls:
!!! important "Restriction"
Any store definition other than the default one (named `default`) will be ignored,
and there is thefore only one globally available TLS store.
and there is therefore only one globally available TLS store.
In the `tls.certificates` section, a list of stores can then be specified to indicate where the certificates should be stored:

2
docs/content/middlewares/errorpages.md
View File

@@ -28,7 +28,7 @@ metadata:
spec:
errors:
status:
- 500-599
- "500-599"
query: /{status}.html
service:
name: whoami

12
docs/content/middlewares/forwardauth.md
View File

@@ -61,6 +61,18 @@ http:
address: "https://example.com/auth"
```
## Forward-Request Headers
The following request properties are provided to the forward-auth target endpoint as `X-Forwarded-` headers.
| Property | Forward-Request Header |
|-------------------|------------------------|
| HTTP Method | X-Forwarded-Method |
| Protocol | X-Forwarded-Proto |
| Host | X-Forwarded-Host |
| Request URI | X-Forwarded-Uri |
| Source IP-Address | X-Forwarded-For |
## Configuration Options
### `address`

4
docs/content/migration/v1-to-v2.md
View File

@@ -385,7 +385,7 @@ To apply a redirection:
entryPoints:
web:
address: 80
address: ":80"
http:
redirections:
entrypoint:
@@ -393,7 +393,7 @@ To apply a redirection:
scheme: https
websecure:
address: 443
address: ":443"
```
!!! example "HTTP to HTTPS redirection per domain"

24
docs/content/observability/access-logs.md
View File

@@ -26,6 +26,20 @@ accessLog: {}
By default access logs are written to the standard output.
To write the logs into a log file, use the `filePath` option.
```toml tab="File (TOML)"
[accessLog]
filePath = "/path/to/access.log"
```
```yaml tab="File (YAML)"
accessLog:
filePath: "/path/to/access.log"
```
```bash tab="CLI"
--accesslog.filepath=/path/to/access.log
```
### `format`
By default, logs are written using the Common Log Format (CLF).
@@ -60,7 +74,6 @@ accessLog:
```bash tab="CLI"
# Configuring a buffer of 100 lines
--accesslog=true
--accesslog.filepath=/path/to/access.log
--accesslog.bufferingsize=100
```
@@ -74,7 +87,7 @@ The available filters are:
- `statusCodes`, to limit the access logs to requests with a status codes in the specified range
- `retryAttempts`, to keep the access logs when at least one retry has happened
- `minDuration`, to keep access logs when requests take longer than the specified duration
- `minDuration`, to keep access logs when requests take longer than the specified duration (provided in seconds or as a valid duration format, see [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration))
```toml tab="File (TOML)"
# Configuring Multiple Filters
@@ -103,7 +116,6 @@ accessLog:
```bash tab="CLI"
# Configuring Multiple Filters
--accesslog=true
--accesslog.filepath=/path/to/access.log
--accesslog.format=json
--accesslog.filters.statuscodes=200,300-302
@@ -163,7 +175,6 @@ accessLog:
```bash tab="CLI"
# Limiting the Logs to Specific Fields
--accesslog=true
--accesslog.filepath=/path/to/access.log
--accesslog.format=json
--accesslog.fields.defaultmode=keep
@@ -198,7 +209,7 @@ accessLog:
| `RequestScheme` | The HTTP scheme requested `http` or `https`. |
| `RequestLine` | `RequestMethod` + `RequestPath` + `RequestProtocol` |
| `RequestContentSize` | The number of bytes in the request entity (a.k.a. body) sent by the client. |
| `OriginDuration` | The time taken by the origin server ('upstream') to return its response. |
| `OriginDuration` | The time taken (in nanoseconds) by the origin server ('upstream') to return its response. |
| `OriginContentSize` | The content length specified by the origin server, or 0 if unspecified. |
| `OriginStatus` | The HTTP status code returned by the origin server. If the request was handled by this Traefik instance (e.g. with a redirect), then this value will be absent. |
| `OriginStatusLine` | `OriginStatus` + Status code explanation |
@@ -207,7 +218,7 @@ accessLog:
| `DownstreamContentSize` | The number of bytes in the response entity returned to the client. This is in addition to the "Content-Length" header, which may be present in the origin response. |
| `RequestCount` | The number of requests received since the Traefik instance started. |
| `GzipRatio` | The response body compression ratio achieved. |
| `Overhead` | The processing time overhead caused by Traefik. |
| `Overhead` | The processing time overhead (in nanoseconds) caused by Traefik. |
| `RetryAttempts` | The amount of attempts the request was retried. |
## Log Rotation
@@ -238,7 +249,6 @@ services:
environment:
- TZ=US/Alaska
command:
- --accesslog
- --accesslog.fields.names.StartUTC=drop
- --providers.docker
ports:

12
docs/content/providers/docker.md
View File

@@ -98,8 +98,8 @@ See the list of labels in the dedicated [routing](../routing/providers/docker.md
By default, Traefik watches for [container level labels](https://docs.docker.com/config/labels-custom-metadata/) on a standalone Docker Engine.
When using Docker Compose, labels are specified by the directive
[`labels`](https://docs.docker.com/compose/compose-file/#labels) from the
["services" objects](https://docs.docker.com/compose/compose-file/#service-configuration-reference).
[`labels`](https://docs.docker.com/compose/compose-file/compose-file-v3/#labels) from the
["services" objects](https://docs.docker.com/compose/compose-file/compose-file-v3/#service-configuration-reference).
!!! tip "Not Only Docker"
Please note that any tool like Nomad, Terraform, Ansible, etc.
@@ -144,8 +144,8 @@ You can specify which Docker API Endpoint to use with the directive [`endpoint`]
Accessing the Docker API without any restriction is a security concern:
If Traefik is attacked, then the attacker might get access to the underlying host.
{: #security-note }
As explained in the Docker documentation: ([Docker Daemon Attack Surface page](https://docs.docker.com/engine/security/security/#docker-daemon-attack-surface)):
As explained in the Docker documentation: ([Docker Daemon Attack Surface page](https://docs.docker.com/engine/security/#docker-daemon-attack-surface)):
!!! quote
[...] only **trusted** users should be allowed to control your Docker daemon [...]
@@ -186,9 +186,9 @@ set the [`swarmMode`](#swarmmode) directive to `true`.
While in Swarm Mode, Traefik uses labels found on services, not on individual containers.
Therefore, if you use a compose file with Swarm Mode, labels should be defined in the
[`deploy`](https://docs.docker.com/compose/compose-file/#labels-1) part of your service.
[`deploy`](https://docs.docker.com/compose/compose-file/compose-file-v3/#labels-1) part of your service.
This behavior is only enabled for docker-compose version 3+ ([Compose file reference](https://docs.docker.com/compose/compose-file)).
This behavior is only enabled for docker-compose version 3+ ([Compose file reference](https://docs.docker.com/compose/compose-file/compose-file-v3/)).
### Port Detection

9
docs/content/providers/ecs.md
View File

@@ -13,18 +13,15 @@ Attach labels to your ECS containers and let Traefik do the rest!
```toml tab="File (TOML)"
[providers.ecs]
clusters = ["default"]
```
```yaml tab="File (YAML)"
providers:
ecs:
clusters:
- default
ecs: {}
```
```bash tab="CLI"
--providers.ecs.clusters=default
--providers.ecs=true
```
## Policy
@@ -90,7 +87,7 @@ _Optional, Default=["default"]_
```toml tab="File (TOML)"
[providers.ecs]
cluster = ["default"]
clusters = ["default"]
# ...
```

42
docs/content/providers/kubernetes-crd.md
View File

@@ -177,26 +177,32 @@ _Optional,Default: empty (process all resources)_
```toml tab="File (TOML)"
[providers.kubernetesCRD]
labelselector = "A and not B"
labelselector = "app=traefik"
# ...
```
```yaml tab="File (YAML)"
providers:
kubernetesCRD:
labelselector: "A and not B"
labelselector: "app=traefik"
# ...
```
```bash tab="CLI"
--providers.kubernetescrd.labelselector="A and not B"
--providers.kubernetescrd.labelselector="app=traefik"
```
By default, Traefik processes all resource objects in the configured namespaces.
A label selector can be defined to filter on specific resource objects only.
A label selector can be defined to filter on specific resource objects only,
this will apply only on Traefik [Custom Resources](../routing/providers/kubernetes-crd.md#custom-resource-definition-crd)
and has no effect on Kubernetes `Secrets`, `Endpoints` and `Services`.
See [label-selectors](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors) for details.
!!! warning
As the LabelSelector is applied to all Traefik Custom Resources, they all must match the filter.
### `ingressClass`
_Optional, Default: empty_
@@ -244,6 +250,34 @@ providers:
--providers.kubernetescrd.throttleDuration=10s
```
### `allowCrossNamespace`
_Optional, Default: true_
```toml tab="File (TOML)"
[providers.kubernetesCRD]
allowCrossNamespace = false
# ...
```
```yaml tab="File (YAML)"
providers:
kubernetesCRD:
allowCrossNamespace: false
# ...
```
```bash tab="CLI"
--providers.kubernetescrd.allowCrossNamespace=false
```
If the parameter is set to `false`, an IngressRoute will not be able to reference any resources
in another namespace than the IngressRoute namespace.
!!! warning "Deprecation"
Please notice that the default value for this option will be set to `false` in a future version.
## Further
Also see the [full example](../user-guides/crd-acme/index.md) with Let's Encrypt.

12
docs/content/providers/kubernetes-ingress.md
View File

@@ -4,7 +4,7 @@ The Kubernetes Ingress Controller.
{: .subtitle }
The Traefik Kubernetes Ingress provider is a Kubernetes Ingress controller; that is to say,
it manages access to a cluster services by supporting the [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) specification.
it manages access to cluster services by supporting the [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) specification.
## Routing Configuration
@@ -212,23 +212,23 @@ _Optional,Default: empty (process all Ingresses)_
```toml tab="File (TOML)"
[providers.kubernetesIngress]
labelSelector = "A and not B"
labelSelector = "app=traefik"
# ...
```
```yaml tab="File (YAML)"
providers:
kubernetesIngress:
labelselector: "A and not B"
labelselector: "app=traefik"
# ...
```
```bash tab="CLI"
--providers.kubernetesingress.labelselector="A and not B"
--providers.kubernetesingress.labelselector="app=traefik"
```
By default, Traefik processes all Ingress objects in the configured namespaces.
A label selector can be defined to filter on specific Ingress objects only.
By default, Traefik processes all `Ingress` objects in the configured namespaces.
A label selector can be defined to filter on specific `Ingress` objects only.
See [label-selectors](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors) for details.

5
docs/content/providers/overview.md
View File

@@ -46,7 +46,7 @@ followed by the provider name to the object name.
On the other hand, if you, say, declare a middleware as a Custom Resource in Kubernetes and use the non-crd Ingress objects,
you'll have to add the Kubernetes namespace of the middleware to the annotation like this `<middleware-namespace>-<middleware-name>@kubernetescrd`.
!!! abstract "Referencing a Traedik dynamic configuration object from Another Provider"
!!! abstract "Referencing a Traefik dynamic configuration object from Another Provider"
Declaring the add-foo-prefix in the file provider.
@@ -131,13 +131,14 @@ Below is the list of the currently supported providers in Traefik.
| [Docker](./docker.md) | Orchestrator | Label |
| [Kubernetes](./kubernetes-crd.md) | Orchestrator | Custom Resource or Ingress |
| [Consul Catalog](./consul-catalog.md) | Orchestrator | Label |
| [ECS](./ecs.md) | Orchestrator | Label |
| [Marathon](./marathon.md) | Orchestrator | Label |
| [Rancher](./rancher.md) | Orchestrator | Label |
| [File](./file.md) | Manual | TOML/YAML format |
| [Consul](./consul.md) | KV | KV |
| [Etcd](./etcd.md) | KV | KV |
| [Redis](./redis.md) | KV | KV |
| [ZooKeeper](./zookeeper.md) | KV | KV |
| [Redis](./redis.md) | KV | KV |
| [HTTP](./http.md) | Manual | JSON format |
!!! info "More Providers"

9
docs/content/reference/static-configuration/cli-ref.md
View File

@@ -330,6 +330,9 @@ TLS key
`--providers.consul.username`:
KV Username
`--providers.consulcatalog`:
Enable ConsulCatalog backend with default settings. (Default: ```false```)
`--providers.consulcatalog.cache`:
Use local agent caching for catalog reads. (Default: ```false```)
@@ -435,6 +438,9 @@ Use the ip address from the bound port, rather than from the inner network. (Def
`--providers.docker.watch`:
Watch Docker Swarm events. (Default: ```true```)
`--providers.ecs`:
Enable AWS ECS backend with default settings. (Default: ```false```)
`--providers.ecs.accesskeyid`:
The AWS credentials access key to use for making requests
@@ -534,6 +540,9 @@ TLS key
`--providers.kubernetescrd`:
Enable Kubernetes backend with default settings. (Default: ```false```)
`--providers.kubernetescrd.allowcrossnamespace`:
Allow cross namespace resource reference. (Default: ```true```)
`--providers.kubernetescrd.certauthfilepath`:
Kubernetes certificate authority file path (not needed for in-cluster client).

9
docs/content/reference/static-configuration/env-ref.md
View File

@@ -303,6 +303,9 @@ Terminating status code (Default: ```503```)
`TRAEFIK_PROVIDERS_CONSUL`:
Enable Consul backend with default settings. (Default: ```false```)
`TRAEFIK_PROVIDERS_CONSULCATALOG`:
Enable ConsulCatalog backend with default settings. (Default: ```false```)
`TRAEFIK_PROVIDERS_CONSULCATALOG_CACHE`:
Use local agent caching for catalog reads. (Default: ```false```)
@@ -435,6 +438,9 @@ Use the ip address from the bound port, rather than from the inner network. (Def
`TRAEFIK_PROVIDERS_DOCKER_WATCH`:
Watch Docker Swarm events. (Default: ```true```)
`TRAEFIK_PROVIDERS_ECS`:
Enable AWS ECS backend with default settings. (Default: ```false```)
`TRAEFIK_PROVIDERS_ECS_ACCESSKEYID`:
The AWS credentials access key to use for making requests
@@ -534,6 +540,9 @@ TLS key
`TRAEFIK_PROVIDERS_KUBERNETESCRD`:
Enable Kubernetes backend with default settings. (Default: ```false```)
`TRAEFIK_PROVIDERS_KUBERNETESCRD_ALLOWCROSSNAMESPACE`:
Allow cross namespace resource reference. (Default: ```true```)
`TRAEFIK_PROVIDERS_KUBERNETESCRD_CERTAUTHFILEPATH`:
Kubernetes certificate authority file path (not needed for in-cluster client).

1
docs/content/reference/static-configuration/file.toml
View File

@@ -113,6 +113,7 @@
certAuthFilePath = "foobar"
disablePassHostHeaders = true
namespaces = ["foobar", "foobar"]
allowCrossNamespace = true
labelSelector = "foobar"
ingressClass = "foobar"
throttleDuration = 42

1
docs/content/reference/static-configuration/file.yaml
View File

@@ -123,6 +123,7 @@ providers:
namespaces:
- foobar
- foobar
allowCrossNamespace: true
labelSelector: foobar
ingressClass: foobar
throttleDuration: 42s

26
docs/content/routing/entrypoints.md
View File

@@ -212,8 +212,8 @@ If both TCP and UDP are wanted for the same port, two entryPoints definitions ar
```
```bash tab="CLI"
entrypoints.specificIPv4.address=192.168.2.7:8888
entrypoints.specificIPv6.address=[2001:db8::1]:8888
--entrypoints.specificIPv4.address=192.168.2.7:8888
--entrypoints.specificIPv6.address=[2001:db8::1]:8888
```
Full details for how to specify `address` can be found in [net.Listen](https://golang.org/pkg/net/#Listen) (and [net.Dial](https://golang.org/pkg/net/#Dial)) of the doc for go.
@@ -745,8 +745,8 @@ entryPoints:
```
```bash tab="CLI"
entrypoints.websecure.address=:443
entrypoints.websecure.http.middlewares=auth@file,strip@file
--entrypoints.websecure.address=:443
--entrypoints.websecure.http.middlewares=auth@file,strip@file
```
### TLS
@@ -792,13 +792,13 @@ entryPoints:
```
```bash tab="CLI"
entrypoints.websecure.address=:443
entrypoints.websecure.http.tls.options=foobar
entrypoints.websecure.http.tls.certResolver=leresolver
entrypoints.websecure.http.tls.domains[0].main=example.com
entrypoints.websecure.http.tls.domains[0].sans=foo.example.com,bar.example.com
entrypoints.websecure.http.tls.domains[1].main=test.com
entrypoints.websecure.http.tls.domains[1].sans=foo.test.com,bar.test.com
--entrypoints.websecure.address=:443
--entrypoints.websecure.http.tls.options=foobar
--entrypoints.websecure.http.tls.certResolver=leresolver
--entrypoints.websecure.http.tls.domains[0].main=example.com
--entrypoints.websecure.http.tls.domains[0].sans=foo.example.com,bar.example.com
--entrypoints.websecure.http.tls.domains[1].main=test.com
--entrypoints.websecure.http.tls.domains[1].sans=foo.test.com,bar.test.com
```
??? example "Let's Encrypt"
@@ -821,6 +821,6 @@ entrypoints.websecure.http.tls.domains[1].sans=foo.test.com,bar.test.com
```
```bash tab="CLI"
entrypoints.websecure.address=:443
entrypoints.websecure.http.tls.certResolver=leresolver
--entrypoints.websecure.address=:443
--entrypoints.websecure.http.tls.certResolver=leresolver
```

1
docs/content/routing/overview.md
View File

@@ -228,6 +228,7 @@ http:
to-whoami-tcp:
service: whoami-tcp
rule: HostSNI(`whoami-tcp.example.com`)
tls: {}
services:
whoami-tcp:

22
docs/content/routing/providers/docker.md
View File

@@ -58,6 +58,26 @@ Attach labels to your containers and let Traefik do the rest!
Setting the label `traefik.http.services.xxx.loadbalancer.server.port`
overrides that behavior.
??? example "Specifying more than one router and service per container"
Forwarding requests to more than one port on a container requires referencing the service loadbalancer port definition using the service parameter on the router.
In this example, requests are forwarded for `http://example-a.com` to `http://<private IP of container>:8000` in addition to `http://example-b.com` forwarding to `http://<private IP of container>:9000`:
```yaml
version: "3"
services:
my-container:
# ...
labels:
- traefik.http.routers.www-router.rule=Host(`example-a.com`)
- traefik.http.routers.www-router.service=www-service
- traefik.http.services.www-service.loadbalancer.server.port=8000
- traefik.http.routers.admin-router.rule=Host(`example-b.com`)
- traefik.http.routers.admin-router.service=admin-service
- traefik.http.services.admin-service.loadbalancer.server.port=9000
```
??? example "Configuring Docker Swarm & Deploying / Exposing Services"
Enabling the docker provider (Swarm Mode)
@@ -104,7 +124,7 @@ Attach labels to your containers and let Traefik do the rest!
!!! important "Labels in Docker Swarm Mode"
While in Swarm Mode, Traefik uses labels found on services, not on individual containers.
Therefore, if you use a compose file with Swarm Mode, labels should be defined in the `deploy` part of your service.
This behavior is only enabled for docker-compose version 3+ ([Compose file reference](https://docs.docker.com/compose/compose-file/#labels-1)).
This behavior is only enabled for docker-compose version 3+ ([Compose file reference](https://docs.docker.com/compose/compose-file/compose-file-v3/#labels-1)).
## Routing Configuration

2
docs/content/routing/providers/ecs.md
View File

@@ -10,7 +10,7 @@ Attach labels to your containers and let Traefik do the rest!
!!! info "labels"
- labels are case insensitive.
- The complete list of labels can be found [the reference page](../../reference/dynamic-configuration/ecs.md)
- The complete list of labels can be found in [the reference page](../../reference/dynamic-configuration/ecs.md).
### General

7
docs/content/routing/providers/kubernetes-crd.md
View File

@@ -619,7 +619,7 @@ Register the `Middleware` [kind](../../reference/dynamic-configuration/kubernete
!!! important "Cross-provider namespace"
As Kubernetes also has its own notion of namespace, one should not confuse the kubernetes namespace of a resource
(in the reference to the middleware) with the [provider namespace](../../middlewares/overview.md#provider-namespace),
(in the reference to the middleware) with the [provider namespace](../../providers/overview.md#provider-namespace),
when the definition of the middleware comes from another provider.
In this context, specifying a namespace when referring to the resource does not make any sense, and will be ignored.
Additionally, when you want to reference a Middleware from the CRD Provider,
@@ -1456,8 +1456,7 @@ or referencing TLS options in the [`IngressRoute`](#kind-ingressroute) / [`Ingre
If the optional `namespace` attribute is not set, the configuration will be applied with the namespace of the IngressRoute.
Additionally, when the definition of the TLS option is from another provider,
the cross-provider syntax (`middlewarename@provider`) should be used to refer to the TLS option,
just as in the [middleware case](../../middlewares/overview.md#provider-namespace).
the cross-provider [syntax](../../providers/overview.md#provider-namespace) (`middlewarename@provider`) should be used to refer to the TLS option.
Specifying a namespace attribute in this case would not make any sense, and will be ignored.
### Kind: `TLSStore`
@@ -1490,7 +1489,7 @@ or referencing TLS stores in the [`IngressRoute`](#kind-ingressroute) / [`Ingres
| Ref | Attribute | Purpose |
|-----|-----------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| [1] | `secretName` | The name of the referenced Kubernetes [Secret](https://kubernetes.io/docs/concepts/configuration/secret/) that holds the default certificate for the store. |
| [1] | `secretName` | The name of the referenced Kubernetes [Secret](https://kubernetes.io/docs/concepts/configuration/secret/) that holds the default certificate for the store. |
??? example "Declaring and referencing a TLSStore"

418
docs/content/routing/providers/kubernetes-ingress.md
View File

@@ -114,16 +114,11 @@ which in turn will create the resulting routers, services, handlers, etc.
- name: traefik
image: traefik:v2.3
args:
- --log.level=DEBUG
- --api
- --api.insecure
- --entrypoints.web.address=:80
- --providers.kubernetesingress
ports:
- name: web
containerPort: 80
- name: admin
containerPort: 8080
---
apiVersion: v1
@@ -139,10 +134,6 @@ which in turn will create the resulting routers, services, handlers, etc.
port: 80
name: web
targetPort: 80
- protocol: TCP
port: 8080
name: admin
targetPort: 8080
```
```yaml tab="Whoami"
@@ -340,27 +331,380 @@ Please see [this documentation](https://kubernetes.io/docs/concepts/services-net
## TLS
### Communication Between Traefik and Pods
### Enabling TLS via HTTP Options on Entrypoint
Traefik automatically requests endpoint information based on the service provided in the ingress spec.
Although Traefik will connect directly to the endpoints (pods),
it still checks the service port to see if TLS communication is required.
TLS can be enabled through the [HTTP options](../entrypoints.md#tls) of an Entrypoint:
There are 3 ways to configure Traefik to use https to communicate with pods:
```bash tab="CLI"
# Static configuration
--entrypoints.websecure.address=:443
--entrypoints.websecure.http.tls
```
1. If the service port defined in the ingress spec is `443` (note that you can still use `targetPort` to use a different port on your pod).
1. If the service port defined in the ingress spec has a name that starts with https (such as `https-api`, `https-web` or just `https`).
1. If the ingress spec includes the annotation `traefik.ingress.kubernetes.io/service.serversscheme: https`.
```toml tab="File (TOML)"
# Static configuration
[entryPoints.websecure]
address = ":443"
If either of those configuration options exist, then the backend communication protocol is assumed to be TLS,
and will connect via TLS automatically.
[entryPoints.websecure.http.tls]
```
!!! info
```yaml tab="File (YAML)"
# Static configuration
entryPoints:
websecure:
address: ':443'
http:
tls: {}
```
This way, any Ingress attached to this Entrypoint will have TLS termination by default.
??? example "Configuring Kubernetes Ingress Controller with TLS on Entrypoint"
Please note that by enabling TLS communication between traefik and your pods,
you will have to have trusted certificates that have the proper trust chain and IP subject name.
If this is not an option, you may need to skip TLS certificate verification.
See the [insecureSkipVerify](../../routing/overview.md#insecureskipverify) setting for more details.
```yaml tab="RBAC"
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: traefik-ingress-controller
rules:
- apiGroups:
- ""
resources:
- services
- endpoints
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- ingresses/status
verbs:
- update
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: traefik-ingress-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: traefik-ingress-controller
subjects:
- kind: ServiceAccount
name: traefik-ingress-controller
namespace: default
```
```yaml tab="Ingress"
kind: Ingress
apiVersion: networking.k8s.io/v1beta1
metadata:
name: myingress
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
rules:
- host: example.com
http:
paths:
- path: /bar
backend:
serviceName: whoami
servicePort: 80
- path: /foo
backend:
serviceName: whoami
servicePort: 80
```
```yaml tab="Traefik"
apiVersion: v1
kind: ServiceAccount
metadata:
name: traefik-ingress-controller
---
kind: Deployment
apiVersion: apps/v1
metadata:
name: traefik
labels:
app: traefik
spec:
replicas: 1
selector:
matchLabels:
app: traefik
template:
metadata:
labels:
app: traefik
spec:
serviceAccountName: traefik-ingress-controller
containers:
- name: traefik
image: traefik:v2.3
args:
- --entrypoints.websecure.address=:443
- --entrypoints.websecure.http.tls
- --providers.kubernetesingress
ports:
- name: websecure
containerPort: 443
---
apiVersion: v1
kind: Service
metadata:
name: traefik
spec:
type: LoadBalancer
selector:
app: traefik
ports:
- protocol: TCP
port: 443
name: websecure
targetPort: 443
```
```yaml tab="Whoami"
kind: Deployment
apiVersion: apps/v1
metadata:
name: whoami
labels:
app: traefiklabs
name: whoami
spec:
replicas: 2
selector:
matchLabels:
app: traefiklabs
task: whoami
template:
metadata:
labels:
app: traefiklabs
task: whoami
spec:
containers:
- name: whoami
image: traefik/whoami
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: whoami
spec:
ports:
- name: http
port: 80
selector:
app: traefiklabs
task: whoami
```
### Enabling TLS via Annotations
To enable TLS on the underlying router created from an Ingress, one should configure it through annotations:
```yaml
traefik.ingress.kubernetes.io/router.tls: "true"
```
For more options, please refer to the available [annotations](#on-ingress).
??? example "Configuring Kubernetes Ingress Controller with TLS"
```yaml tab="RBAC"
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: traefik-ingress-controller
rules:
- apiGroups:
- ""
resources:
- services
- endpoints
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- ingresses/status
verbs:
- update
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: traefik-ingress-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: traefik-ingress-controller
subjects:
- kind: ServiceAccount
name: traefik-ingress-controller
namespace: default
```
```yaml tab="Ingress"
kind: Ingress
apiVersion: networking.k8s.io/v1beta1
metadata:
name: myingress
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: true
spec:
rules:
- host: example.com
http:
paths:
- path: /bar
backend:
serviceName: whoami
servicePort: 80
- path: /foo
backend:
serviceName: whoami
servicePort: 80
```
```yaml tab="Traefik"
apiVersion: v1
kind: ServiceAccount
metadata:
name: traefik-ingress-controller
---
kind: Deployment
apiVersion: apps/v1
metadata:
name: traefik
labels:
app: traefik
spec:
replicas: 1
selector:
matchLabels:
app: traefik
template:
metadata:
labels:
app: traefik
spec:
serviceAccountName: traefik-ingress-controller
containers:
- name: traefik
image: traefik:v2.3
args:
- --entrypoints.websecure.address=:443
- --providers.kubernetesingress
ports:
- name: websecure
containerPort: 443
---
apiVersion: v1
kind: Service
metadata:
name: traefik
spec:
type: LoadBalancer
selector:
app: traefik
ports:
- protocol: TCP
port: 443
name: websecure
targetPort: 443
```
```yaml tab="Whoami"
kind: Deployment
apiVersion: apps/v1
metadata:
name: whoami
labels:
app: traefiklabs
name: whoami
spec:
replicas: 2
selector:
matchLabels:
app: traefiklabs
task: whoami
template:
metadata:
labels:
app: traefiklabs
task: whoami
spec:
containers:
- name: whoami
image: traefik/whoami
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: whoami
spec:
ports:
- name: http
port: 80
selector:
app: traefiklabs
task: whoami
```
### Certificates Management
@@ -382,7 +726,9 @@ and will connect via TLS automatically.
backend:
serviceName: service1
servicePort: 80
# Only selects which certificate(s) should be loaded from the secret, in order to terminate TLS.
# Doesn't enable TLS for that ingress (hence for the underlying router).
# Please see the TLS annotations on ingress made for that purpose.
tls:
- secretName: supersecret
```
@@ -405,6 +751,28 @@ TLS certificates can be managed in Secrets objects.
Only TLS certificates provided by users can be stored in Kubernetes Secrets.
[Let's Encrypt](../../https/acme.md) certificates cannot be managed in Kubernetes Secrets yet.
### Communication Between Traefik and Pods
Traefik automatically requests endpoint information based on the service provided in the ingress spec.
Although Traefik will connect directly to the endpoints (pods),
it still checks the service port to see if TLS communication is required.
There are 3 ways to configure Traefik to use https to communicate with pods:
1. If the service port defined in the ingress spec is `443` (note that you can still use `targetPort` to use a different port on your pod).
1. If the service port defined in the ingress spec has a name that starts with https (such as `https-api`, `https-web` or just `https`).
1. If the ingress spec includes the annotation `traefik.ingress.kubernetes.io/service.serversscheme: https`.
If either of those configuration options exist, then the backend communication protocol is assumed to be TLS,
and will connect via TLS automatically.
!!! info
Please note that by enabling TLS communication between traefik and your pods,
you will have to have trusted certificates that have the proper trust chain and IP subject name.
If this is not an option, you may need to skip TLS certificate verification.
See the [insecureSkipVerify](../../routing/overview.md#insecureskipverify) setting for more details.
## Global Default Backend Ingresses
Ingresses can be created that look like the following:

5
docs/mkdocs.yml
View File

@@ -26,7 +26,7 @@ theme:
prev: 'Previous'
next: 'Next'
copyright: "Copyright &copy; 2016-2020 Containous; 2020 Traefik Labs"
copyright: "Copyright &copy; 2016-2020 Containous; 2020-2021 Traefik Labs"
extra_css:
- assets/styles/root.css
@@ -191,6 +191,7 @@ nav:
- 'Docker': 'reference/dynamic-configuration/docker.md'
- 'Kubernetes CRD': 'reference/dynamic-configuration/kubernetes-crd.md'
- 'Consul Catalog': 'reference/dynamic-configuration/consul-catalog.md'
- 'ECS': 'reference/dynamic-configuration/ecs.md'
- 'KV': 'reference/dynamic-configuration/kv.md'
- 'Marathon': 'reference/dynamic-configuration/marathon.md'
- 'Rancher': 'reference/dynamic-configuration/rancher.md'
- 'KV': 'reference/dynamic-configuration/kv.md'

2
docs/scripts/verify.sh
View File

@@ -22,7 +22,7 @@ find "${PATH_TO_SITE}" -type f -not -path "/app/site/theme/*" \
--alt_ignore="/traefikproxy-vertical-logo-color.svg/" \
--http_status_ignore="0,500,501,503" \
--file_ignore="/404.html/" \
--url_ignore="/https://groups.google.com/a/traefik.io/forum/#!forum/security/,/localhost:/,/127.0.0.1:/,/fonts.gstatic.com/,/.minikube/,/github.com\/traefik\/traefik\/*edit*/,/github.com\/traefik\/traefik/,/doc.traefik.io/,/github\.com\/golang\/oauth2\/blob\/36a7019397c4c86cf59eeab3bc0d188bac444277\/.+/,/www.akamai.com/,/pilot.traefik.io\/profile/,/traefik.io/,/doc.traefik.io\/traefik-mesh/,/www.mkdocs.org/,/squidfunk.github.io/,/ietf.org/" \
--url_ignore="/https://groups.google.com/a/traefik.io/forum/#!forum/security/,/localhost:/,/127.0.0.1:/,/fonts.gstatic.com/,/.minikube/,/github.com\/traefik\/traefik\/*edit*/,/github.com\/traefik\/traefik/,/doc.traefik.io/,/github\.com\/golang\/oauth2\/blob\/36a7019397c4c86cf59eeab3bc0d188bac444277\/.+/,/www.akamai.com/,/pilot.traefik.io\/profile/,/traefik.io/,/doc.traefik.io\/traefik-mesh/,/www.mkdocs.org/,/squidfunk.github.io/,/ietf.org/,/www.namesilo.com/,/www.youtube.com/" \
'{}' 1>/dev/null
## HTML-proofer options at https://github.com/gjtorikian/html-proofer#configuration

2
docs/theme/partials/company-header.html vendored
View File

@@ -37,7 +37,7 @@
<div class="dmi-image proxy">
<img src="{{ 'assets/images/traefik-proxy-logo.svg' | url }}" alt="Traefik Proxy" />
</div>
<a class="dmi-details" href="https://doc.traefik.io/traefik/">
<a class="dmi-details" href="https://traefik.io/traefik/">
<div class="dmi-title">Traefik Proxy</div>
<div class="dmi-description">
Expose, Secure and Monitor your modern applications

8
go.mod
View File

@@ -35,7 +35,7 @@ require (
github.com/fatih/structs v1.1.0
github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568 // indirect
github.com/gambol99/go-marathon v0.0.0-20180614232016-99a156b96fb2
github.com/go-acme/lego/v4 v4.0.1
github.com/go-acme/lego/v4 v4.1.3
github.com/go-check/check v0.0.0-00010101000000-000000000000
github.com/go-kit/kit v0.10.1-0.20200915143503-439c4d2ed3ea
github.com/golang/protobuf v1.3.4
@@ -68,12 +68,12 @@ require (
github.com/prometheus/client_golang v1.3.0
github.com/prometheus/client_model v0.1.0
github.com/rancher/go-rancher-metadata v0.0.0-20200311180630-7f4c936a06ac
github.com/sirupsen/logrus v1.4.2
github.com/sirupsen/logrus v1.7.0
github.com/stretchr/testify v1.6.1
github.com/stvp/go-udp-testing v0.0.0-20191102171040-06b61409b154
github.com/tinylib/msgp v1.0.2 // indirect
github.com/traefik/paerser v0.1.0
github.com/traefik/yaegi v0.9.3
github.com/traefik/paerser v0.1.1
github.com/traefik/yaegi v0.9.8
github.com/uber/jaeger-client-go v2.25.0+incompatible
github.com/uber/jaeger-lib v2.2.0+incompatible
github.com/unrolled/render v1.0.2

16
go.sum
View File

@@ -275,8 +275,8 @@ github.com/gambol99/go-marathon v0.0.0-20180614232016-99a156b96fb2/go.mod h1:GLy
github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk=
github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
github.com/go-acme/lego/v4 v4.0.1 h1:vPwbTYfw5+fOaON9rWCN43iNrPw5cdJBhNMnA8oxBTM=
github.com/go-acme/lego/v4 v4.0.1/go.mod h1:pIFm5tWkXSgiAEfJ/XQCQIvX1cEvHFwbgLZyx8OVSUE=
github.com/go-acme/lego/v4 v4.1.3 h1:D8nnzrijQFUAqdNPwnbvm6tJ3AJAzQAlnROeecUNG/4=
github.com/go-acme/lego/v4 v4.1.3/go.mod h1:pIFm5tWkXSgiAEfJ/XQCQIvX1cEvHFwbgLZyx8OVSUE=
github.com/go-cmd/cmd v1.0.5/go.mod h1:y8q8qlK5wQibcw63djSl/ntiHUHXHGdCkPk0j4QeW4s=
github.com/go-errors/errors v1.0.1 h1:LUHzmkK3GUKUrL/1gfBUxAHzcev3apQlezX/+O7ma6w=
github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q=
@@ -725,6 +725,8 @@ github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPx
github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
github.com/sirupsen/logrus v1.4.2 h1:SPIRibHv4MatM3XXNO2BJeFLZwZ2LvZgfQ5+UNI2im4=
github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
github.com/sirupsen/logrus v1.7.0 h1:ShrD1U9pZB12TX0cVy0DtePoCH97K8EtX+mg7ZARUtM=
github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
github.com/skratchdot/open-golang v0.0.0-20160302144031-75fb7ed4208c/go.mod h1:sUM3LWHvSMaG192sy56D9F7CNvL7jUJVXoqM1QKLnog=
github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d h1:zE9ykElWQ6/NYmHa3jpm/yHnI4xSofP+UP6SpjHcSeM=
github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
@@ -764,10 +766,10 @@ github.com/tinylib/msgp v1.0.2/go.mod h1:+d+yLhGm8mzTaHzB+wgMYrodPfmZrzkirds8fDW
github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5 h1:LnC5Kc/wtumK+WB441p7ynQJzVuNRJiqddSIE3IlSEQ=
github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
github.com/traefik/paerser v0.1.0 h1:B4v1tbvd8YnHsA7spwHKEWJoGrRP+2jYpIozsCMHhl0=
github.com/traefik/paerser v0.1.0/go.mod h1:yYnAgdEC2wJH5CgG75qGWC8SsFDEapg09o9RrA6FfrE=
github.com/traefik/yaegi v0.9.3 h1:R9PZt0lB2LqspX4hGUQLq+c4sWBVVHPSKN7AxHnEs5E=
github.com/traefik/yaegi v0.9.3/go.mod h1:FAYnRlZyuVlEkvnkHq3bvJ1lW5be6XuwgLdkYgYG6Lk=
github.com/traefik/paerser v0.1.1 h1:Suj0iA4hTAV6E4Dh5/++TXAj5u6iTwydBlFssIUz+9w=
github.com/traefik/paerser v0.1.1/go.mod h1:yYnAgdEC2wJH5CgG75qGWC8SsFDEapg09o9RrA6FfrE=
github.com/traefik/yaegi v0.9.8 h1:sYGKV2d911B9olVsSO/nRmjIh+CQTffAUSzoyv4a4/4=
github.com/traefik/yaegi v0.9.8/go.mod h1:FAYnRlZyuVlEkvnkHq3bvJ1lW5be6XuwgLdkYgYG6Lk=
github.com/transip/gotransip/v6 v6.2.0 h1:0Z+qVsyeiQdWfcAUeJyF0IEKAPvhJwwpwPi2WGtBIiE=
github.com/transip/gotransip/v6 v6.2.0/go.mod h1:pQZ36hWWRahCUXkFWlx9Hs711gLd8J4qdgLdRzmtY+g=
github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM=
@@ -972,6 +974,7 @@ golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7w
golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191022100944-742c48ecaeb7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191025021431-6c3a3bfe00ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191128015809-6d18c012aee9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e h1:9vRrk9YW2BTzLP0VCB9ZDjU4cPqkg+IDWL7XgxA1yxQ=
golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -1108,6 +1111,7 @@ gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8
gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo=
gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw=
gopkg.in/errgo.v2 v2.1.0 h1:0vLT13EuvQ0hNvakwLuFZ/jYrLp5F3kcWHXdRggjCE8=
gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
gopkg.in/fsnotify.v1 v1.4.7 h1:xOHLXZwVvI9hhs+cLKq5+I5onOuwQLhQwiu63xxlHs4=
gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=

2
integration/fixtures/k8s/03-ingress.yml
View File

@@ -3,6 +3,8 @@ kind: Ingress
metadata:
name: test.ingress
namespace: default
labels:
app: traefik
spec:
rules:

2
integration/fixtures/k8s/03-ingressroute.yml
View File

@@ -3,6 +3,8 @@ kind: IngressRoute
metadata:
name: test.route
namespace: default
labels:
app: traefik
spec:
entryPoints:

2
integration/fixtures/k8s/03-tlsoption.yml
View File

@@ -3,6 +3,8 @@ kind: TLSOption
metadata:
name: mytlsoption
namespace: default
labels:
app: traefik
spec:
minVersion: VersionTLS12

2
integration/fixtures/k8s/03-tlsstore.yml
View File

@@ -3,6 +3,8 @@ kind: TLSStore
metadata:
name: mytlsstore
namespace: default
labels:
app: traefik
spec:
defaultCertificate:

2
integration/fixtures/k8s/06-ingressroute-traefikservices.yml
View File

@@ -50,6 +50,8 @@ kind: IngressRoute
metadata:
name: api.route
namespace: default
labels:
app: traefik
spec:
entryPoints:

120
integration/fixtures/k8s/07-ingressroute-cross-namespace.yml Normal file
View File

@@ -0,0 +1,120 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: other-ns
---
apiVersion: v1
kind: Service
metadata:
name: whoami
namespace: other-ns
spec:
ports:
- name: http
port: 80
selector:
app: traefiklabs
task: whoami
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: test6.route
namespace: other-ns
spec:
entryPoints:
- web
routes:
- match: Host(`foo.com`) && PathPrefix(`/a`)
kind: Rule
services:
- name: whoami
namespace: default
port: 80
- match: Host(`foo.com`) && PathPrefix(`/b`)
kind: Rule
services:
- name: wrr2
namespace: default
kind: TraefikService
- match: Host(`foo.com`) && PathPrefix(`/c`)
kind: Rule
services:
- name: wrr3
kind: TraefikService
- match: Host(`foo.com`) && PathPrefix(`/d`)
kind: Rule
services:
- name: whoami
namespace: other-ns
port: 80
middlewares:
- name: stripprefix2
namespace: default
- match: Host(`foo.com`) && PathPrefix(`/e`)
kind: Rule
services:
- name: whoami
port: 80
middlewares:
- name: test-errorpage
---
apiVersion: traefik.containo.us/v1alpha1
kind: TraefikService
metadata:
name: wrr2
namespace: default
spec:
weighted:
services:
- name: whoami
port: 80
---
apiVersion: traefik.containo.us/v1alpha1
kind: TraefikService
metadata:
name: wrr3
namespace: other-ns
spec:
weighted:
services:
- name: whoami
namespace: default
port: 80
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: stripprefix2
namespace: default
spec:
stripPrefix:
prefixes:
- /tobestripped
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: test-errorpage
spec:
errors:
status:
- 500-599
query: /{status}.html
service:
name: whoami
namespace: other-ns
port: 80

1
integration/fixtures/k8s_crd.toml
View File

@@ -16,3 +16,4 @@
address = ":8000"
[providers.kubernetesCRD]
allowCrossNamespace = false

19
integration/fixtures/k8s_crd_label_selector.toml Normal file
View File

@@ -0,0 +1,19 @@
[global]
checkNewVersion = false
sendAnonymousUsage = false
[log]
level = "DEBUG"
[api]
[entryPoints]
[entryPoints.footcp]
address = ":8093"
[entryPoints.fooudp]
address = ":8090/udp"
[entryPoints.web]
address = ":8000"
[providers.kubernetesCRD]
labelSelector = "app=traefik"

16
integration/fixtures/k8s_ingress_label_selector.toml Normal file
View File

@@ -0,0 +1,16 @@
[global]
checkNewVersion = false
sendAnonymousUsage = false
[log]
level = "DEBUG"
[api]
insecure = true
[entryPoints]
[entryPoints.web]
address = ":8000"
[providers.kubernetesIngress]
labelSelector = "app=traefik"

6
integration/fixtures/tlsclientheaders/readme.md Normal file
View File

@@ -0,0 +1,6 @@
```bash
openssl req -new -newkey rsa:2048 -x509 -days 3650 -nodes -extensions v3_ca -keyout root.key -out root.pem
openssl genrsa -out server.key 2048
openssl req -nodes -key server.key -new -out server.csr
openssl x509 -req -days 3650 -in server.csr -CA root.pem -CAkey root.key -CAcreateserial -out server.pem
```

39
integration/fixtures/tlsclientheaders/root.pem
View File

@@ -1,21 +1,22 @@
-----BEGIN CERTIFICATE-----
MIIDhDCCAmygAwIBAgIJAK4Ed0WF/YNQMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNV
BAYTAkZSMQ8wDQYDVQQIDAZGUkFOQ0UxETAPBgNVBAcMCFRPVUxPVVNFMRMwEQYD
VQQKDApjb250YWlub3VzMQ8wDQYDVQQDDAZzZXJ2ZXIwHhcNMTgwMzIxMTMzOTM4
WhcNMjEwMTA4MTMzOTM4WjBXMQswCQYDVQQGEwJGUjEPMA0GA1UECAwGRlJBTkNF
MREwDwYDVQQHDAhUT1VMT1VTRTETMBEGA1UECgwKY29udGFpbm91czEPMA0GA1UE
AwwGc2VydmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2DfZMdW1
QKmdOTPULt6WUMVFU3PUcovq4cVtvNAzAshduC/7nHZx60uFzVKLYnOfZ+5VYfOS
zfVXPvltmBSWga1Yj6CuzfDZwY1nkcoL+22yBD6x4w2nB7aFaPNgj6M4ALVEZRKX
lMow+a0c0mOr1kLHm99MT/oabcdI+wbAp8VnLz9DF6SD7iDjIOb4RjvmcyetBzwu
1rQYti0bFHOnLCxiz0asXly0zspFajWkbGkvBdvEoP2qOHMeTV604PaBwpIMX/ly
ymGgYUctHeC16ptDRDDj7Spmu7ec2NzjgNW+MOth6EkFlhYgg1OEIXP+IFJ5LbS8
1t/Y+fDUoc6+IQIDAQABo1MwUTAdBgNVHQ4EFgQUYeZvrzWyLI3TjmTIJYpSTjTb
/XUwHwYDVR0jBBgwFoAUYeZvrzWyLI3TjmTIJYpSTjTb/XUwDwYDVR0TAQH/BAUw
AwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAYQL8d/WQxu7rE58GC7le53FNzujMNZ+h
1kdS35LrTXPv5b6QTi5oUGi5LCesP4HnCpGdMFodyydhY8rhIDZWEFgkJZOLZhdt
sAyRONdI/Ms/NGQO2oJD+TlV92e4k3ey4WJyXIFHXE2Apb77VlsiHp8pI/iF/R5t
h4o4OADG7k6Fjf/wx7A18ru2eoH+PcwA8i6sQaQ1qEwxC0b3rh2TwaCpFQVcmMv5
5jKPRBN0UC0PyHwqFZsSg1folhMAIBAjUsHgA6WleN9zMCyLAIn0LSai1CpFby6o
d6xu6pp8pwot8YTL0yS5T0X9aNhK2/uDoP50ei6eWI3uuPa8NJxbyA==
MIIDjTCCAnWgAwIBAgIUFrRUuadNNLpobPP9sEgenQ2MTF0wDQYJKoZIhvcNAQEL
BQAwVjELMAkGA1UEBhMCRlIxDzANBgNVBAgMBkZyYW5jZTEVMBMGA1UECgwMVHJh
ZWZpayBMYWJzMRAwDgYDVQQLDAd0cmFlZmlrMQ0wCwYDVQQDDARyb290MB4XDTIx
MDEwODE3NDMxOVoXDTMxMDEwNjE3NDMxOVowVjELMAkGA1UEBhMCRlIxDzANBgNV
BAgMBkZyYW5jZTEVMBMGA1UECgwMVHJhZWZpayBMYWJzMRAwDgYDVQQLDAd0cmFl
ZmlrMQ0wCwYDVQQDDARyb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA53rEBDuojC9xslsS6MP8lJvubNmSOqFsGS58KtuTP8bQcuuFuBJzk4HzXoqE
k1KQqqeIHZfP11yuto14RGtiRMOSDEfwkNvbcKIqHFyrbaDjjOvkpWVGiVVRycM4
59UzKMuv6GgkNQHQDqaKhkxt7GrjUJBNDj/Kg9+1jJz0k181Fz4JsNT0KJ3gdSd1
nMggcx8MBZm9F7jFqxDt0xW41UNDLzDTctCFyHAdWzQvFZV5j8A/VLZyTLCAuVZt
ljJ4AoO2C02dAxaPxy4gZ6eZYbuS2iHhhGDKwcXwmrwDcwyaWoqy1GKqyV4VhDg+
Ue6fwUZvjAaob9oWynXMQoik8wIDAQABo1MwUTAdBgNVHQ4EFgQUxauRsdHLfK/X
hb/uWhrmYEDd9VQwHwYDVR0jBBgwFoAUxauRsdHLfK/Xhb/uWhrmYEDd9VQwDwYD
VR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAmrDLgjgfJnrHKDBMGxcC
2NhYrqoeJcGdIsW/TwjNaXaJZZpgAjmHObDR1+49UQhylUzB1a8jesSu2R+aBZXb
/0Y9J19q8jbMKEQABqApvwrHLXe9xUVzRTxK3HPlnzSTinS2Il34jc/o3gaYmWuy
i7KapY6fhkCivr0zTPXF2l8gLFesuQHkq2cYwZDOwgcaSCVoqeA0ldvo/Pmz2A6L
3X4rfpXo10Dh9sClbO78eCxQp2RdtPBVPMqMG/2+sPu4qE/TYKttR0GseOMSYEju
kCxmQBS8agUJEdrdFhsTR6Vq2uUO3Qx1r2Oz4xs/jfG/SjMVxcap38hf/QmEq0KA
8Q==
-----END CERTIFICATE-----

50
integration/fixtures/tlsclientheaders/server.key
View File

@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAo0eupztBxEchz/9BbegBzKX35YUt0S2Xzp/mFM+hXQylWDHB
z3wED7R89v3sY6ePTk/tAT5l6uKjmQ/zRlQFf7QtVWKUtYq8rjuFn9/EeC+233mx
kVP7QAcuT6T8PzoUgysW6Tx3zz18VDRMnPhx1fjA1jAq3+IU03BpbFz7CkYCxkG/
1wWHmsB16LH2bMxJrzapph2nSDnUkoATugSJec+DxTtX1hdjAaJK/JsIwioA/Lyy
6YgE2oX7uRZBou0bA3y0TDnFoIVAVqISYWfszTGDlwL+SD/P9GYa19GZk4imdp8j
LD/+J9eLuHG75rkROvE4xbSPbGIGkZOEYTmjHwIDAQABAoIBAGok81kroHlkdIqu
uW4lYOYVDq5agYp2RTXBpOTqhU/kJKjMz91+FXXQM1ytfbra9sJGGyCv27lyVD/w
qomRnXGDQ+U6DMpnwnjRoPBpm2M2QX/NsK11FuRsxqJn8sN3klYi8OX2tTw4EFb9
GMECkZ4z88hJz9VzN26sqRwU5e2qw45Fhk+Jl6RBsiBfMGNGsmI5n1yIgvQd2PoM
wVxHI+bb3rWL7zE7wy2rb2c+J0P2gy7fZlFN2ZLkC5RjTqdzD2P4erp4gcpgffuO
0Epu7ZzuJ0UKCBXJOkhjlM79opLK6IBpF1YgxVCoMPbQVYAHP9hSwuz6hgc0ocwa
+6PqzSECgYEA1kTSFN8tHq2VMFgwPyguppSmeJJdIcnMYdicJNkv9YXeIt4mAk9c
Qm5eMLoqRJL94fdRDGb7QIqcfSrQODHy5dmqrTZd+TeSc4VRC1gZ7RPg5ja8b0dR
DoktPizIYzWrNEaEjhWojqYXT5DOOmNgDbOYrlR6Qdrd6VOmQkIgHz0CgYEAwxSf
NMe6LasWg9PYgLeVBcNc9oOjGvczOmNULngte8LpiJm4yzI0gMer20VdCtXYsyR1
Zs/rItzSQuvr+3v5qW2NfJ/TaJkZ+bcc/fGJ2LcnM2Kfjfih8DSy5/MBzNM4cqw2
arHVvQlAvfOSB8WoFzdXOS41Z+BumLsZE3/mMYsCgYBGNTKpCB+ep730o1DbwOzY
RGjvpPXDNn4zqWgwYsHmL0EEJ8pIg3x1f/h4+ucSpR9vRTxXVf8JvOFd2gN0BlnS
mqnkK6ZLHLxuAcb2cp28IwFULac8xx92JdifQMlASLuaW2jfrZUXeLC2r3oDg8Bb
fPeQV7nfjjmcVH5rw4MG+QKBgQCi4RH4oJZLUSEQWo3XEvDjCfYRgWFqv2FPa+W6
ku7u+ZPBURAg4D9EEvLjtmt0A47WLCe1+v3JcvQ/mfnDVQTkOKs8lbmPCN3OSNx1
DvnYLzwUxFCR2jljdKy3y4cCPI1R+YXJ2ceq+RHMR5Ty1k59a+BwxqsimxncfcL3
K//H9wKBgQChT3kvF9Igcdna8g+JneGD6RHXJX1o80QrO+eWma4NozEOmXqA7R7r
+GwAyqy9GFM7pwUhHmhJAxILMBxR84EY7kCBvi1VlZ3JbT7w0gjjOqPHklvbsPj9
BruA5xPMq1gzCOgejQIRoODtpH1S6Fi/YMTO6eq75qw6minHWi4dPw==
MIIEpAIBAAKCAQEAvYK2z8gLPOfFLgXNWP2460aeJ9vrH47x/lhKLlv4amSDHDx8
Cmz/6blOUM8XOfMRW1xx++AgChWN9dx/kf7G2xlA5grZxRvUQ6xj7AvFG9TQUA3m
uNh2hvm9c3IjaZBNKH27bRKuDIBvZBvXdX4NL/aaFy7w7v7IKxk8j4WkfB23sgyH
43g4b7NqKHJugZiedFu5GALmtLbShVOFbjWcre7Wvatdw8dIBmiFJqZQT3UjIuGA
gqczIShtLxo4V+XyVkIPmzfPrRV+4zoMFIFOIaj3syyxb4krPBtxhe7nz2cWvvq0
wePB2y4YbAAoVY8NYpd5JsMFwZtG6Uk59ygv4QIDAQABAoIBAQCzt3AyX5z4pzsA
yBPS3toslI2LcyzogqDO+V9v01wjWSpU7q8bG/8c4NR6Icn+9JlzMJoPqJ35sjMs
A20fQKPIR4yaG5QlLpz/iE5CHW9RU2IxaN1yUiUlH1UgVA9tHqFtUr8ZUuung20f
XJ/ZFi7fW1cJwURPAWNGK+qYmL5BzDFvM7HC64k9vGik+PR+CseYoykA9Qe6S1Xy
QP5WwEGUlbPWRmVhsB3zpnBHshAv9FewV9hDm1PsEG5w1/Rc7hdOXU54XyFxg9fH
AzTLimoNEei+LyC/RsjwhafQy7Soa97s81OAz0HWm8zlQNkEHOOJQUwAGFKuQHiW
l0A/3FJ5AoGBAPCrZpZMg8ezKN1W8pT7HzKNRfOS6RC6Yo6jg1hUVexz7yGBgdfr
rxrh30d7w/hCCd4UeaTQMx7/x6phZWIIVbfqUJKazf+1he2a+u5iwD1BXsqnjOkc
pp7vcFzI83osI8/0k9TbbYOGe+EofNxKfK1OWArVU+yPfEXlauTBAm/DAoGBAMmV
EH3kCr2G8gLflH0KNpp94YbcNfdcjmiu+uNx6YoyJIOiH+bwO/bauIcvHwsCYs+H
OmOxx5L1ffJS9v4dIsq4C29aM8/qOekKHmUZc2gevkKhAbrm9Yce3J+uQze13MFx
37OR/kCdBS0JLgGsdQt9RbYh5guu0SZvw5SGdWuLAoGAU8HS+gu28REQ77cKxX5/
5P/1kEdYhVHYavvNAjiXjqrqVibUIWkMj7Z8FkykbwnMlVVa4Fj08ZziyBENT4jH
DDKnx93IQ23RJlgBbGVBsg/GBZE6IQavljCOUjw9QA+Mhxr/N90Fx/hNtJZ6nc/u
hAH38g08H9/vyAOHqATj7DECgYAkh2KprX1UwvNwGdvqnMMwU8dejOEqphcYWT0V
ojrT1CpRwDtPuhDjttbhiGRztkb5nGO0VS75LotYMjiX6+e2HIvV7d6durArzq2b
XHVRVODdahfKKrgreCg6t3VuzwHl/CCxha8xPkMF2jgADaRYJKdRTetGCrPT50Tl
0UfN6QKBgQCfGuM99/K+PiOqsfQBMPvyOYv4UuSVxqwnZ7F/rZ/0WLZZhca/8Fu0
On3PSACuhIh7MffXiwn4hnyuws0QB9o00rtyT2/6XetN9LPrvIUqNHs6aMNYm/Hr
QIMa0O9ZH///EdvmAfNtxrJcMoIS+Ce6s70rtGwCBGOKQKqqt5g2hQ==
-----END RSA PRIVATE KEY-----

35
integration/fixtures/tlsclientheaders/server.pem
View File

@@ -1,19 +1,20 @@
-----BEGIN CERTIFICATE-----
MIIDKjCCAhICCQDKAJTeuq3LHjANBgkqhkiG9w0BAQsFADBXMQswCQYDVQQGEwJG
UjEPMA0GA1UECAwGRlJBTkNFMREwDwYDVQQHDAhUT1VMT1VTRTETMBEGA1UECgwK
Y29udGFpbm91czEPMA0GA1UEAwwGc2VydmVyMB4XDTE4MDMyMTEzNDM0MVoXDTIx
MDEwODEzNDM0MVowVzELMAkGA1UEBhMCRlIxDzANBgNVBAgMBkZSQU5DRTERMA8G
A1UEBwwIVE9VTE9VU0UxEzARBgNVBAoMCmNvbnRhaW5vdXMxDzANBgNVBAMMBnNl
cnZlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKNHrqc7QcRHIc//
QW3oAcyl9+WFLdEtl86f5hTPoV0MpVgxwc98BA+0fPb97GOnj05P7QE+Zerio5kP
80ZUBX+0LVVilLWKvK47hZ/fxHgvtt95sZFT+0AHLk+k/D86FIMrFuk8d889fFQ0
TJz4cdX4wNYwKt/iFNNwaWxc+wpGAsZBv9cFh5rAdeix9mzMSa82qaYdp0g51JKA
E7oEiXnPg8U7V9YXYwGiSvybCMIqAPy8sumIBNqF+7kWQaLtGwN8tEw5xaCFQFai
EmFn7M0xg5cC/kg/z/RmGtfRmZOIpnafIyw//ifXi7hxu+a5ETrxOMW0j2xiBpGT
hGE5ox8CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAPYDdGyNWp7R9j2oxZEbQS4lb
+2Ol1r6PFo/zmpB6GK3CSNo65a0DtW/ITeQi97MMgGS1D3wnaFPrwxtp0mEn7HjU
uDcufHBqqBsjYC3NEtt+yyxNeYddLD/GdFXw4d6wNRdRaFCq5N1CPQzF4VTdoSLD
xsOq/WAHHc2cyZyOprAqm2UXyWXxn4yWZqzDsZ41/v2f3uMNxeqyIEtNZVzTKQBu
wWw+jlQKGu0T8Ex1f0jaKI1OPtN5dzaIfO8acHcuNdmnE+hVsoqe17Dckxsj1ORf
8ZcZ4qvULVouGINQBP4fcl5jv6TOm1U+ZSk01FcHPmiDEMB6Utyy4ZLHPbmKYg==
MIIDNTCCAh0CFD0QQcHXUJuKwMBYDA+bBExVSP26MA0GCSqGSIb3DQEBCwUAMFYx
CzAJBgNVBAYTAkZSMQ8wDQYDVQQIDAZGcmFuY2UxFTATBgNVBAoMDFRyYWVmaWsg
TGFiczEQMA4GA1UECwwHdHJhZWZpazENMAsGA1UEAwwEcm9vdDAeFw0yMTAxMDgx
NzQ0MjRaFw0zMTAxMDYxNzQ0MjRaMFgxCzAJBgNVBAYTAkZSMQ8wDQYDVQQIDAZG
cmFuY2UxFTATBgNVBAoMDFRyYWVmaWsgTGFiczEQMA4GA1UECwwHdHJhZWZpazEP
MA0GA1UEAwwGc2VydmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
vYK2z8gLPOfFLgXNWP2460aeJ9vrH47x/lhKLlv4amSDHDx8Cmz/6blOUM8XOfMR
W1xx++AgChWN9dx/kf7G2xlA5grZxRvUQ6xj7AvFG9TQUA3muNh2hvm9c3IjaZBN
KH27bRKuDIBvZBvXdX4NL/aaFy7w7v7IKxk8j4WkfB23sgyH43g4b7NqKHJugZie
dFu5GALmtLbShVOFbjWcre7Wvatdw8dIBmiFJqZQT3UjIuGAgqczIShtLxo4V+Xy
VkIPmzfPrRV+4zoMFIFOIaj3syyxb4krPBtxhe7nz2cWvvq0wePB2y4YbAAoVY8N
Ypd5JsMFwZtG6Uk59ygv4QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQDaPg69wNeF
NFisfBJTrscqVCTW+B80gMhpLdxXD+KO0/Wgc5xpB/wLSirNtRQyxAa3+EEcIwJv
/wdh8EyjlDLSpFm/8ghntrKhkOfIOPDFE41M5HNfx/Fuh5btKEenOL/XdapqtNUt
2ZE4RrsfbL79sPYepa9kDUVi2mCbeH5ollZ0MDU68HpB2YwHbCEuQNk5W3pjYK2N
aDkVnxTkfEDM1k+3QydO1lqB5JJmcrs59BEveTqaJ3eeh/0I4OOab6OkTTZ0JNjJ
p1573oxO+fce/bfGud8xHY5gSN9huU7U6RsgvO7Dhmal/sDNl8XC8oU90hVDVXZd
A7ewh4jjaoIv
-----END CERTIFICATE-----

23
integration/k8s_test.go
View File

@@ -53,6 +53,7 @@ func (s *K8sSuite) TearDownSuite(c *check.C) {
"./fixtures/k8s/coredns.yaml",
"./fixtures/k8s/rolebindings.yaml",
"./fixtures/k8s/traefik.yaml",
"./fixtures/k8s/ccm.yaml",
}
for _, filename := range generatedFiles {
@@ -74,6 +75,17 @@ func (s *K8sSuite) TestIngressConfiguration(c *check.C) {
testConfiguration(c, "testdata/rawdata-ingress.json", "8080")
}
func (s *K8sSuite) TestIngressLabelSelector(c *check.C) {
cmd, display := s.traefikCmd(withConfigFile("fixtures/k8s_ingress_label_selector.toml"))
defer display(c)
err := cmd.Start()
c.Assert(err, checker.IsNil)
defer s.killCmd(cmd)
testConfiguration(c, "testdata/rawdata-ingress-label-selector.json", "8080")
}
func (s *K8sSuite) TestCRDConfiguration(c *check.C) {
cmd, display := s.traefikCmd(withConfigFile("fixtures/k8s_crd.toml"))
defer display(c)
@@ -85,6 +97,17 @@ func (s *K8sSuite) TestCRDConfiguration(c *check.C) {
testConfiguration(c, "testdata/rawdata-crd.json", "8000")
}
func (s *K8sSuite) TestCRDLabelSelector(c *check.C) {
cmd, display := s.traefikCmd(withConfigFile("fixtures/k8s_crd_label_selector.toml"))
defer display(c)
err := cmd.Start()
c.Assert(err, checker.IsNil)
defer s.killCmd(cmd)
testConfiguration(c, "testdata/rawdata-crd-label-selector.json", "8000")
}
func testConfiguration(c *check.C, path, apiPort string) {
err := try.GetRequest("http://127.0.0.1:"+apiPort+"/api/entrypoints", 20*time.Second, try.BodyContains(`"name":"web"`))
c.Assert(err, checker.IsNil)

2
integration/resources/compose/pebble.yml
View File

@@ -1,5 +1,5 @@
pebble:
image: letsencrypt/pebble:2018-11-02
image: letsencrypt/pebble:v2.3.1
command: pebble --dnsserver ${DOCKER_HOST_IP}:5053
ports:
- 14000:14000

2
integration/resources/compose/proxy-protocol.yml
View File

@@ -1,5 +1,5 @@
haproxy:
image: haproxy
image: haproxy:2.2
volumes:
- ../haproxy/haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg

65
integration/testdata/rawdata-crd-label-selector.json vendored Normal file
View File

@@ -0,0 +1,65 @@
{
"routers": {
"default-api-route-29f28a463fb5d5ba16d2@kubernetescrd": {
"entryPoints": [
"web"
],
"service": "api@internal",
"rule": "PathPrefix(`/api`)",
"status": "enabled",
"using": [
"web"
]
},
"default-test-route-6b204d94623b3df4370c@kubernetescrd": {
"entryPoints": [
"web"
],
"service": "default-test-route-6b204d94623b3df4370c",
"rule": "Host(`foo.com`) \u0026\u0026 PathPrefix(`/bar`)",
"priority": 12,
"tls": {
"options": "default-mytlsoption"
},
"status": "enabled",
"using": [
"web"
]
}
},
"services": {
"api@internal": {
"status": "enabled",
"usedBy": [
"default-api-route-29f28a463fb5d5ba16d2@kubernetescrd"
]
},
"dashboard@internal": {
"status": "enabled"
},
"default-test-route-6b204d94623b3df4370c@kubernetescrd": {
"loadBalancer": {
"servers": [
{
"url": "http://10.42.0.3:80"
},
{
"url": "http://10.42.0.4:80"
}
],
"passHostHeader": true
},
"status": "enabled",
"usedBy": [
"default-test-route-6b204d94623b3df4370c@kubernetescrd"
],
"serverStatus": {
"http://10.42.0.3:80": "UP",
"http://10.42.0.4:80": "UP"
}
},
"noop@internal": {
"status": "enabled"
}
}
}

33
integration/testdata/rawdata-crd.json vendored
View File

@@ -50,6 +50,20 @@
"using": [
"web"
]
},
"other-ns-test6-route-482e4988e134701d8cc8@kubernetescrd": {
"entryPoints": [
"web"
],
"service": "other-ns-wrr3",
"rule": "Host(`foo.com`) \u0026\u0026 PathPrefix(`/c`)",
"error": [
"the service \"other-ns-wrr3@kubernetescrd\" does not exist"
],
"status": "disabled",
"using": [
"web"
]
}
},
"middlewares": {
@@ -64,6 +78,14 @@
"default-test2-route-23c7f4c450289ee29016@kubernetescrd"
]
},
"default-stripprefix2@kubernetescrd": {
"stripPrefix": {
"prefixes": [
"/tobestripped"
]
},
"status": "enabled"
},
"default-stripprefix@kubernetescrd": {
"stripPrefix": {
"prefixes": [
@@ -172,6 +194,17 @@
"default-test3-route-7d0ac22d3d8db4b82618@kubernetescrd"
]
},
"default-wrr2@kubernetescrd": {
"weighted": {
"services": [
{
"name": "default-whoami-80",
"weight": 1
}
]
},
"status": "enabled"
},
"noop@internal": {
"status": "enabled"
}

106
integration/testdata/rawdata-ingress-label-selector.json vendored Normal file
View File

@@ -0,0 +1,106 @@
{
"routers": {
"api@internal": {
"entryPoints": [
"traefik"
],
"service": "api@internal",
"rule": "PathPrefix(`/api`)",
"priority": 2147483646,
"status": "enabled",
"using": [
"traefik"
]
},
"dashboard@internal": {
"entryPoints": [
"traefik"
],
"middlewares": [
"dashboard_redirect@internal",
"dashboard_stripprefix@internal"
],
"service": "dashboard@internal",
"rule": "PathPrefix(`/`)",
"priority": 2147483645,
"status": "enabled",
"using": [
"traefik"
]
},
"test-ingress-default-whoami-test-whoami@kubernetes": {
"entryPoints": [
"web"
],
"service": "default-whoami-http",
"rule": "Host(`whoami.test`) \u0026\u0026 PathPrefix(`/whoami`)",
"status": "enabled",
"using": [
"web"
]
}
},
"middlewares": {
"dashboard_redirect@internal": {
"redirectRegex": {
"regex": "^(http:\\/\\/(\\[[\\w:.]+\\]|[\\w\\._-]+)(:\\d+)?)\\/$",
"replacement": "${1}/dashboard/",
"permanent": true
},
"status": "enabled",
"usedBy": [
"dashboard@internal"
]
},
"dashboard_stripprefix@internal": {
"stripPrefix": {
"prefixes": [
"/dashboard/",
"/dashboard"
]
},
"status": "enabled",
"usedBy": [
"dashboard@internal"
]
}
},
"services": {
"api@internal": {
"status": "enabled",
"usedBy": [
"api@internal"
]
},
"dashboard@internal": {
"status": "enabled",
"usedBy": [
"dashboard@internal"
]
},
"default-whoami-http@kubernetes": {
"loadBalancer": {
"servers": [
{
"url": "http://10.42.0.2:80"
},
{
"url": "http://10.42.0.7:80"
}
],
"passHostHeader": true
},
"status": "enabled",
"usedBy": [
"test-ingress-default-whoami-test-whoami@kubernetes"
],
"serverStatus": {
"http://10.42.0.2:80": "UP",
"http://10.42.0.7:80": "UP"
}
},
"noop@internal": {
"status": "enabled"
}
}
}

2
integration/tls_client_headers_test.go
View File

@@ -66,6 +66,6 @@ func (s *TLSClientHeadersSuite) TestTLSClientHeaders(c *check.C) {
},
}
err = try.RequestWithTransport(request, 2*time.Second, tr, try.BodyContains("Forwarded-Tls-Client-Cert: MIIDKjCCAhICCQDKAJTeuq3LHjANBgkqhkiG9w0BAQsFADBXMQswCQYDVQQGEwJGUjEPMA0GA1UECAwGRlJBTkNFMREwDwYDVQQHDAhUT1VMT1VTRTETMBEGA1UECgwKY29udGFpbm91czEPMA0GA1UEAwwGc2VydmVyMB4XDTE4MDMyMTEzNDM0MVoXDTIxMDEwODEzNDM0MVowVzELMAkGA1UEBhMCRlIxDzANBgNVBAgMBkZSQU5DRTERMA8GA1UEBwwIVE9VTE9VU0UxEzARBgNVBAoMCmNvbnRhaW5vdXMxDzANBgNVBAMMBnNlcnZlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKNHrqc7QcRHIc%2F%2FQW3oAcyl9%2BWFLdEtl86f5hTPoV0MpVgxwc98BA%2B0fPb97GOnj05P7QE%2BZerio5kP80ZUBX%2B0LVVilLWKvK47hZ%2FfxHgvtt95sZFT%2B0AHLk%2Bk%2FD86FIMrFuk8d889fFQ0TJz4cdX4wNYwKt%2FiFNNwaWxc%2BwpGAsZBv9cFh5rAdeix9mzMSa82qaYdp0g51JKAE7oEiXnPg8U7V9YXYwGiSvybCMIqAPy8sumIBNqF%2B7kWQaLtGwN8tEw5xaCFQFaiEmFn7M0xg5cC%2Fkg%2Fz%2FRmGtfRmZOIpnafIyw%2F%2FifXi7hxu%2Ba5ETrxOMW0j2xiBpGThGE5ox8CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAPYDdGyNWp7R9j2oxZEbQS4lb%2B2Ol1r6PFo%2FzmpB6GK3CSNo65a0DtW%2FITeQi97MMgGS1D3wnaFPrwxtp0mEn7HjUuDcufHBqqBsjYC3NEtt%2ByyxNeYddLD%2FGdFXw4d6wNRdRaFCq5N1CPQzF4VTdoSLDxsOq%2FWAHHc2cyZyOprAqm2UXyWXxn4yWZqzDsZ41%2Fv2f3uMNxeqyIEtNZVzTKQBuwWw%2BjlQKGu0T8Ex1f0jaKI1OPtN5dzaIfO8acHcuNdmnE%2BhVsoqe17Dckxsj1ORf8ZcZ4qvULVouGINQBP4fcl5jv6TOm1U%2BZSk01FcHPmiDEMB6Utyy4ZLHPbmKYg%3D%3D"))
err = try.RequestWithTransport(request, 2*time.Second, tr, try.BodyContains("Forwarded-Tls-Client-Cert: MIIDNTCCAh0CFD0QQcHXUJuKwMBYDA%2BbBExVSP26MA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNVBAYTAkZSMQ8wDQYDVQQIDAZGcmFuY2UxFTATBgNVBAoMDFRyYWVmaWsgTGFiczEQMA4GA1UECwwHdHJhZWZpazENMAsGA1UEAwwEcm9vdDAeFw0yMTAxMDgxNzQ0MjRaFw0zMTAxMDYxNzQ0MjRaMFgxCzAJBgNVBAYTAkZSMQ8wDQYDVQQIDAZGcmFuY2UxFTATBgNVBAoMDFRyYWVmaWsgTGFiczEQMA4GA1UECwwHdHJhZWZpazEPMA0GA1UEAwwGc2VydmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvYK2z8gLPOfFLgXNWP2460aeJ9vrH47x%2FlhKLlv4amSDHDx8Cmz%2F6blOUM8XOfMRW1xx%2B%2BAgChWN9dx%2Fkf7G2xlA5grZxRvUQ6xj7AvFG9TQUA3muNh2hvm9c3IjaZBNKH27bRKuDIBvZBvXdX4NL%2FaaFy7w7v7IKxk8j4WkfB23sgyH43g4b7NqKHJugZiedFu5GALmtLbShVOFbjWcre7Wvatdw8dIBmiFJqZQT3UjIuGAgqczIShtLxo4V%2BXyVkIPmzfPrRV%2B4zoMFIFOIaj3syyxb4krPBtxhe7nz2cWvvq0wePB2y4YbAAoVY8NYpd5JsMFwZtG6Uk59ygv4QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQDaPg69wNeFNFisfBJTrscqVCTW%2BB80gMhpLdxXD%2BKO0%2FWgc5xpB%2FwLSirNtRQyxAa3%2BEEcIwJv%2Fwdh8EyjlDLSpFm%2F8ghntrKhkOfIOPDFE41M5HNfx%2FFuh5btKEenOL%2FXdapqtNUt2ZE4RrsfbL79sPYepa9kDUVi2mCbeH5ollZ0MDU68HpB2YwHbCEuQNk5W3pjYK2NaDkVnxTkfEDM1k%2B3QydO1lqB5JJmcrs59BEveTqaJ3eeh%2F0I4OOab6OkTTZ0JNjJp1573oxO%2Bfce%2FbfGud8xHY5gSN9huU7U6RsgvO7Dhmal%2FsDNl8XC8oU90hVDVXZdA7ewh4jjaoIv"))
c.Assert(err, checker.IsNil)
}

14
pkg/anonymize/anonymize.go
View File

@@ -80,6 +80,7 @@ func doOnStruct(field reflect.Value) error {
}
}
}
return nil
}
@@ -107,7 +108,16 @@ func reset(field reflect.Value, name string) error {
}
case reflect.Slice:
if field.Len() > 0 {
field.Set(reflect.MakeSlice(field.Type(), 0, 0))
switch field.Type().Elem().Kind() {
case reflect.String:
slice := reflect.MakeSlice(field.Type(), field.Len(), field.Len())
for j := 0; j < field.Len(); j++ {
slice.Index(j).SetString(maskShort)
}
field.Set(slice)
default:
field.Set(reflect.MakeSlice(field.Type(), 0, 0))
}
}
case reflect.Interface:
if !field.IsNil() {
@@ -130,7 +140,7 @@ func isExported(f reflect.StructField) bool {
func marshal(anomConfig interface{}, indent bool) ([]byte, error) {
if indent {
return json.MarshalIndent(anomConfig, "", " ")
return json.MarshalIndent(anomConfig, "", " ")
}
return json.Marshal(anomConfig)
}

502
pkg/anonymize/anonymize_config_test.go
View File

@@ -1,21 +1,39 @@
package anonymize
import (
"flag"
"io/ioutil"
"os"
"strings"
"testing"
"time"
assetfs "github.com/elazarl/go-bindata-assetfs"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
ptypes "github.com/traefik/paerser/types"
"github.com/traefik/traefik/v2/pkg/config/static"
"github.com/traefik/traefik/v2/pkg/ping"
"github.com/traefik/traefik/v2/pkg/plugins"
"github.com/traefik/traefik/v2/pkg/provider/acme"
"github.com/traefik/traefik/v2/pkg/provider/consulcatalog"
"github.com/traefik/traefik/v2/pkg/provider/docker"
"github.com/traefik/traefik/v2/pkg/provider/ecs"
"github.com/traefik/traefik/v2/pkg/provider/file"
"github.com/traefik/traefik/v2/pkg/provider/http"
"github.com/traefik/traefik/v2/pkg/provider/kubernetes/crd"
"github.com/traefik/traefik/v2/pkg/provider/kubernetes/ingress"
"github.com/traefik/traefik/v2/pkg/provider/kv"
"github.com/traefik/traefik/v2/pkg/provider/kv/consul"
"github.com/traefik/traefik/v2/pkg/provider/kv/etcd"
"github.com/traefik/traefik/v2/pkg/provider/kv/redis"
"github.com/traefik/traefik/v2/pkg/provider/kv/zk"
"github.com/traefik/traefik/v2/pkg/provider/marathon"
"github.com/traefik/traefik/v2/pkg/provider/rancher"
"github.com/traefik/traefik/v2/pkg/provider/rest"
traefiktls "github.com/traefik/traefik/v2/pkg/tls"
"github.com/traefik/traefik/v2/pkg/tracing/datadog"
"github.com/traefik/traefik/v2/pkg/tracing/elastic"
"github.com/traefik/traefik/v2/pkg/tracing/haystack"
"github.com/traefik/traefik/v2/pkg/tracing/instana"
"github.com/traefik/traefik/v2/pkg/tracing/jaeger"
@@ -23,6 +41,8 @@ import (
"github.com/traefik/traefik/v2/pkg/types"
)
var updateExpected = flag.Bool("update_expected", false, "Update expected files in fixtures")
func TestDo_globalConfiguration(t *testing.T) {
config := &static.Configuration{}
@@ -31,39 +51,25 @@ func TestDo_globalConfiguration(t *testing.T) {
SendAnonymousUsage: true,
}
config.AccessLog = &types.AccessLog{
FilePath: "AccessLog FilePath",
Format: "AccessLog Format",
Filters: &types.AccessLogFilters{
StatusCodes: []string{"200", "500"},
RetryAttempts: true,
MinDuration: 10,
config.ServersTransport = &static.ServersTransport{
InsecureSkipVerify: true,
RootCAs: []traefiktls.FileOrContent{"root.ca"},
MaxIdleConnsPerHost: 42,
ForwardingTimeouts: &static.ForwardingTimeouts{
DialTimeout: 42,
ResponseHeaderTimeout: 42,
IdleConnTimeout: 42,
},
Fields: &types.AccessLogFields{
DefaultMode: "drop",
Names: map[string]string{
"RequestHost": "keep",
},
Headers: &types.FieldHeaders{
DefaultMode: "drop",
Names: map[string]string{
"Referer": "keep",
},
},
},
BufferingSize: 4,
}
config.Log = &types.TraefikLog{
Level: "Level",
FilePath: "/foo/path",
Format: "json",
}
config.EntryPoints = static.EntryPoints{
"foo": {
"foobar": {
Address: "foo Address",
Transport: &static.EntryPointsTransport{
LifeCycle: &static.LifeCycle{
RequestAcceptGraceTimeout: ptypes.Duration(111 * time.Second),
GraceTimeOut: ptypes.Duration(111 * time.Second),
},
RespondingTimeouts: &static.RespondingTimeouts{
ReadTimeout: ptypes.Duration(111 * time.Second),
WriteTimeout: ptypes.Duration(111 * time.Second),
@@ -71,38 +77,34 @@ func TestDo_globalConfiguration(t *testing.T) {
},
},
ProxyProtocol: &static.ProxyProtocol{
Insecure: true,
TrustedIPs: []string{"127.0.0.1/32", "192.168.0.1"},
},
},
"fii": {
Address: "fii Address",
Transport: &static.EntryPointsTransport{
RespondingTimeouts: &static.RespondingTimeouts{
ReadTimeout: ptypes.Duration(111 * time.Second),
WriteTimeout: ptypes.Duration(111 * time.Second),
IdleTimeout: ptypes.Duration(111 * time.Second),
ForwardedHeaders: &static.ForwardedHeaders{
Insecure: true,
TrustedIPs: []string{"127.0.0.1/32", "192.168.0.1"},
},
HTTP: static.HTTPConfig{
Redirections: &static.Redirections{
EntryPoint: &static.RedirectEntryPoint{
To: "foobar",
Scheme: "foobar",
Permanent: true,
Priority: 42,
},
},
Middlewares: []string{"foobar", "foobar"},
TLS: &static.TLSConfig{
Options: "foobar",
CertResolver: "foobar",
Domains: []types.Domain{
{Main: "foobar", SANs: []string{"foobar", "foobar"}},
},
},
},
ProxyProtocol: &static.ProxyProtocol{
TrustedIPs: []string{"127.0.0.1/32", "192.168.0.1"},
},
},
}
config.CertificatesResolvers = map[string]static.CertificateResolver{
"default": {
ACME: &acme.Configuration{
Email: "acme Email",
CAServer: "CAServer",
Storage: "Storage",
KeyType: "MyKeyType",
DNSChallenge: &acme.DNSChallenge{Provider: "DNSProvider"},
HTTPChallenge: &acme.HTTPChallenge{
EntryPoint: "MyEntryPoint",
},
TLSChallenge: &acme.TLSChallenge{},
},
},
}
config.Providers = &static.Providers{
ProvidersThrottleDuration: ptypes.Duration(111 * time.Second),
}
@@ -114,22 +116,7 @@ func TestDo_globalConfiguration(t *testing.T) {
ForwardingTimeouts: &static.ForwardingTimeouts{
DialTimeout: ptypes.Duration(111 * time.Second),
ResponseHeaderTimeout: ptypes.Duration(111 * time.Second),
},
}
config.API = &static.API{
Dashboard: true,
DashboardAssets: &assetfs.AssetFS{
Asset: func(path string) ([]byte, error) {
return nil, nil
},
AssetDir: func(path string) ([]string, error) {
return nil, nil
},
AssetInfo: func(path string) (os.FileInfo, error) {
return nil, nil
},
Prefix: "fii",
IdleConnTimeout: ptypes.Duration(111 * time.Second),
},
}
@@ -159,6 +146,33 @@ func TestDo_globalConfiguration(t *testing.T) {
SwarmModeRefreshSeconds: 42,
}
config.Providers.Marathon = &marathon.Provider{
Constraints: `Label("foo", "bar")`,
Trace: true,
Watch: true,
Endpoint: "foobar",
DefaultRule: "PathPrefix(`/`)",
ExposedByDefault: true,
DCOSToken: "foobar",
TLS: &types.ClientTLS{
CA: "myCa",
CAOptional: true,
Cert: "mycert.pem",
Key: "mycert.key",
InsecureSkipVerify: true,
},
DialerTimeout: 42,
ResponseHeaderTimeout: 42,
TLSHandshakeTimeout: 42,
KeepAlive: 42,
ForceTaskHostname: true,
Basic: &marathon.Basic{
HTTPBasicAuthUser: "user",
HTTPBasicPassword: "password",
},
RespectReadinessChecks: true,
}
config.Providers.KubernetesIngress = &ingress.Provider{
Endpoint: "MyEndpoint",
Token: "MyToken",
@@ -167,6 +181,12 @@ func TestDo_globalConfiguration(t *testing.T) {
Namespaces: []string{"a", "b"},
LabelSelector: "myLabelSelector",
IngressClass: "MyIngressClass",
IngressEndpoint: &ingress.EndpointIngress{
IP: "IP",
Hostname: "Hostname",
PublishedService: "PublishedService",
},
ThrottleDuration: ptypes.Duration(111 * time.Second),
}
config.Providers.KubernetesCRD = &crd.Provider{
@@ -177,83 +197,343 @@ func TestDo_globalConfiguration(t *testing.T) {
Namespaces: []string{"a", "b"},
LabelSelector: "myLabelSelector",
IngressClass: "MyIngressClass",
ThrottleDuration: ptypes.Duration(111 * time.Second),
}
// FIXME Test the other providers once they are migrated
config.Providers.Rest = &rest.Provider{
Insecure: true,
}
config.Providers.Rancher = &rancher.Provider{
Constraints: `Label("foo", "bar")`,
Watch: true,
DefaultRule: "PathPrefix(`/`)",
ExposedByDefault: true,
EnableServiceHealthFilter: true,
RefreshSeconds: 42,
IntervalPoll: true,
Prefix: "MyPrefix",
}
config.Providers.ConsulCatalog = &consulcatalog.Provider{
Constraints: `Label("foo", "bar")`,
Endpoint: &consulcatalog.EndpointConfig{
Address: "MyAddress",
Scheme: "MyScheme",
DataCenter: "MyDatacenter",
Token: "MyToken",
TLS: &types.ClientTLS{
CA: "myCa",
CAOptional: true,
Cert: "mycert.pem",
Key: "mycert.key",
InsecureSkipVerify: true,
},
HTTPAuth: &consulcatalog.EndpointHTTPAuthConfig{
Username: "MyUsername",
Password: "MyPassword",
},
EndpointWaitTime: 42,
},
Prefix: "MyPrefix",
RefreshInterval: 42,
RequireConsistent: true,
Stale: true,
Cache: true,
ExposedByDefault: true,
DefaultRule: "PathPrefix(`/`)",
}
config.Providers.Ecs = &ecs.Provider{
Constraints: `Label("foo", "bar")`,
ExposedByDefault: true,
RefreshSeconds: 42,
DefaultRule: "PathPrefix(`/`)",
Clusters: []string{"Cluster1", "Cluster2"},
AutoDiscoverClusters: true,
Region: "Awsregion",
AccessKeyID: "AwsAccessKeyID",
SecretAccessKey: "AwsSecretAccessKey",
}
config.Providers.Consul = &consul.Provider{
Provider: kv.Provider{
RootKey: "RootKey",
Endpoints: nil,
Username: "username",
Password: "password",
TLS: &types.ClientTLS{
CA: "myCa",
CAOptional: true,
Cert: "mycert.pem",
Key: "mycert.key",
InsecureSkipVerify: true,
},
},
}
config.Providers.Etcd = &etcd.Provider{
Provider: kv.Provider{
RootKey: "RootKey",
Endpoints: nil,
Username: "username",
Password: "password",
TLS: &types.ClientTLS{
CA: "myCa",
CAOptional: true,
Cert: "mycert.pem",
Key: "mycert.key",
InsecureSkipVerify: true,
},
},
}
config.Providers.ZooKeeper = &zk.Provider{
Provider: kv.Provider{
RootKey: "RootKey",
Endpoints: nil,
Username: "username",
Password: "password",
TLS: &types.ClientTLS{
CA: "myCa",
CAOptional: true,
Cert: "mycert.pem",
Key: "mycert.key",
InsecureSkipVerify: true,
},
},
}
config.Providers.Redis = &redis.Provider{
Provider: kv.Provider{
RootKey: "RootKey",
Endpoints: nil,
Username: "username",
Password: "password",
TLS: &types.ClientTLS{
CA: "myCa",
CAOptional: true,
Cert: "mycert.pem",
Key: "mycert.key",
InsecureSkipVerify: true,
},
},
}
config.Providers.HTTP = &http.Provider{
Endpoint: "Myenpoint",
PollInterval: 42,
PollTimeout: 42,
TLS: &types.ClientTLS{
CA: "myCa",
CAOptional: true,
Cert: "mycert.pem",
Key: "mycert.key",
InsecureSkipVerify: true,
},
}
config.API = &static.API{
Insecure: true,
Dashboard: true,
Debug: true,
DashboardAssets: &assetfs.AssetFS{
Asset: func(path string) ([]byte, error) {
return nil, nil
},
AssetDir: func(path string) ([]string, error) {
return nil, nil
},
AssetInfo: func(path string) (os.FileInfo, error) {
return nil, nil
},
Prefix: "fii",
},
}
config.Metrics = &types.Metrics{
Prometheus: &types.Prometheus{
Buckets: []float64{0.1, 0.3, 1.2, 5},
Buckets: []float64{0.1, 0.3, 1.2, 5},
AddEntryPointsLabels: true,
AddServicesLabels: true,
EntryPoint: "MyEntryPoint",
ManualRouting: true,
},
Datadog: &types.Datadog{
Address: "localhost:8181",
PushInterval: 12,
Address: "localhost:8181",
PushInterval: 42,
AddEntryPointsLabels: true,
AddServicesLabels: true,
},
StatsD: &types.Statsd{
Address: "localhost:8182",
PushInterval: 42,
Address: "localhost:8182",
PushInterval: 42,
AddEntryPointsLabels: true,
AddServicesLabels: true,
Prefix: "MyPrefix",
},
InfluxDB: &types.InfluxDB{
Address: "localhost:8183",
Protocol: "http",
PushInterval: 22,
Database: "myDB",
RetentionPolicy: "12",
Username: "a",
Password: "aaaa",
Address: "localhost:8183",
Protocol: "http",
PushInterval: 42,
Database: "myDB",
RetentionPolicy: "12",
Username: "a",
Password: "aaaa",
AddEntryPointsLabels: true,
AddServicesLabels: true,
},
}
config.Ping = &ping.Handler{}
config.Ping = &ping.Handler{
EntryPoint: "MyEntryPoint",
ManualRouting: true,
TerminatingStatusCode: 42,
}
config.Log = &types.TraefikLog{
Level: "Level",
FilePath: "/foo/path",
Format: "json",
}
config.AccessLog = &types.AccessLog{
FilePath: "AccessLog FilePath",
Format: "AccessLog Format",
Filters: &types.AccessLogFilters{
StatusCodes: []string{"200", "500"},
RetryAttempts: true,
MinDuration: 42,
},
Fields: &types.AccessLogFields{
DefaultMode: "drop",
Names: map[string]string{
"RequestHost": "keep",
},
Headers: &types.FieldHeaders{
DefaultMode: "drop",
Names: map[string]string{
"Referer": "keep",
},
},
},
BufferingSize: 42,
}
config.Tracing = &static.Tracing{
ServiceName: "myServiceName",
SpanNameLimit: 3,
SpanNameLimit: 42,
Jaeger: &jaeger.Config{
SamplingServerURL: "aaa",
SamplingType: "bbb",
SamplingParam: 43,
LocalAgentHostPort: "ccc",
SamplingServerURL: "foobar",
SamplingType: "foobar",
SamplingParam: 42,
LocalAgentHostPort: "foobar",
Gen128Bit: true,
Propagation: "ddd",
TraceContextHeaderName: "eee",
Propagation: "foobar",
TraceContextHeaderName: "foobar",
Collector: &jaeger.Collector{
Endpoint: "foobar",
User: "foobar",
Password: "foobar",
},
DisableAttemptReconnecting: true,
},
Zipkin: &zipkin.Config{
HTTPEndpoint: "fff",
HTTPEndpoint: "foobar",
SameSpan: true,
ID128Bit: true,
SampleRate: 53,
SampleRate: 42,
},
Datadog: &datadog.Config{
LocalAgentHostPort: "ggg",
GlobalTag: "eee",
Debug: true,
PrioritySampling: true,
LocalAgentHostPort: "foobar",
GlobalTag: "foobar",
Debug: true,
PrioritySampling: true,
TraceIDHeaderName: "foobar",
ParentIDHeaderName: "foobar",
SamplingPriorityHeaderName: "foobar",
BagagePrefixHeaderName: "foobar",
},
Instana: &instana.Config{
LocalAgentHost: "fff",
LocalAgentPort: 32,
LogLevel: "ggg",
LocalAgentHost: "foobar",
LocalAgentPort: 4242,
LogLevel: "foobar",
},
Haystack: &haystack.Config{
LocalAgentHost: "fff",
LocalAgentPort: 32,
GlobalTag: "eee",
TraceIDHeaderName: "fff",
ParentIDHeaderName: "ggg",
SpanIDHeaderName: "hhh",
BaggagePrefixHeaderName: "iii",
LocalAgentHost: "foobar",
LocalAgentPort: 42,
GlobalTag: "foobar",
TraceIDHeaderName: "foobar",
ParentIDHeaderName: "foobar",
SpanIDHeaderName: "foobar",
BaggagePrefixHeaderName: "foobar",
},
Elastic: &elastic.Config{
ServerURL: "foobar",
SecretToken: "foobar",
ServiceEnvironment: "foobar",
},
}
config.HostResolver = &types.HostResolverConfig{
CnameFlattening: true,
ResolvConfig: "aaa",
ResolvDepth: 3,
ResolvConfig: "foobar",
ResolvDepth: 42,
}
cleanJSON, err := Do(config, true)
if err != nil {
t.Fatal(err, cleanJSON)
config.CertificatesResolvers = map[string]static.CertificateResolver{
"CertificateResolver0": {
ACME: &acme.Configuration{
Email: "acme Email",
CAServer: "CAServer",
PreferredChain: "foobar",
Storage: "Storage",
KeyType: "MyKeyType",
DNSChallenge: &acme.DNSChallenge{
Provider: "DNSProvider",
DelayBeforeCheck: 42,
Resolvers: []string{"resolver1", "resolver2"},
DisablePropagationCheck: true,
},
HTTPChallenge: &acme.HTTPChallenge{
EntryPoint: "MyEntryPoint",
},
TLSChallenge: &acme.TLSChallenge{},
},
},
}
config.Pilot = &static.Pilot{
Token: "token",
}
config.Experimental = &static.Experimental{
Plugins: map[string]plugins.Descriptor{
"Descriptor0": {
ModuleName: "foobar",
Version: "foobar",
},
"Descriptor1": {
ModuleName: "foobar",
Version: "foobar",
},
},
DevPlugin: &plugins.DevPlugin{
GoPath: "foobar",
ModuleName: "foobar",
},
}
expectedConfiguration, err := ioutil.ReadFile("./testdata/anonymized-static-config.json")
require.NoError(t, err)
cleanJSON, err := Do(config, true)
require.NoError(t, err)
if *updateExpected {
require.NoError(t, ioutil.WriteFile("testdata/anonymized-static-config.json", []byte(cleanJSON), 0666))
}
expected := strings.TrimSuffix(string(expectedConfiguration), "\n")
assert.Equal(t, expected, cleanJSON)
}

182
pkg/anonymize/anonymize_doOnJSON_test.go
View File

@@ -1,185 +1,23 @@
package anonymize
import (
"io/ioutil"
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
func Test_doOnJSON(t *testing.T) {
baseConfiguration := `
{
"GraceTimeOut": 10000000000,
"Debug": false,
"CheckNewVersion": true,
"AccessLogsFile": "",
"TraefikLogsFile": "",
"Level": "ERROR",
"EntryPoints": {
"http": {
"Network": "",
"Address": ":80",
"TLS": null,
"Auth": null,
"Compress": false
},
"https": {
"Address": ":443",
"TLS": {
"MinVersion": "",
"CipherSuites": null,
"Certificates": null,
"ClientCAFiles": null
},
"Auth": null,
"Compress": false
}
},
"Cluster": null,
"Constraints": [],
"ACME": {
"Email": "foo@bar.com",
"Domains": [
{
"Main": "foo@bar.com",
"SANs": null
},
{
"Main": "foo@bar.com",
"SANs": null
}
],
"Storage": "",
"StorageFile": "/acme/acme.json",
"OnDemand": true,
"OnHostRule": true,
"CAServer": "",
"EntryPoint": "https",
"DNSProvider": "",
"DelayDontCheckDNS": 0,
"ACMELogging": false,
"Options": null
},
"DefaultEntryPoints": [
"https",
"http"
],
"ProvidersThrottleDuration": 2000000000,
"MaxIdleConnsPerHost": 200,
"IdleTimeout": 180000000000,
"InsecureSkipVerify": false,
"Retry": null,
"HealthCheck": {
"Interval": 30000000000
},
"Docker": null,
"File": null,
"Web": null,
"Marathon": null,
"Consul": null,
"ConsulCatalog": null,
"Etcd": null,
"Zookeeper": null,
"Boltdb": null,
"KubernetesIngress": null,
"KubernetesCRD": null,
"Mesos": null,
"Eureka": null,
"ECS": null,
"Rancher": null,
"DynamoDB": null,
"ConfigFile": "/etc/traefik/traefik.toml"
}
`
expectedConfiguration := `
{
"GraceTimeOut": 10000000000,
"Debug": false,
"CheckNewVersion": true,
"AccessLogsFile": "",
"TraefikLogsFile": "",
"Level": "ERROR",
"EntryPoints": {
"http": {
"Network": "",
"Address": ":80",
"TLS": null,
"Auth": null,
"Compress": false
},
"https": {
"Address": ":443",
"TLS": {
"MinVersion": "",
"CipherSuites": null,
"Certificates": null,
"ClientCAFiles": null
},
"Auth": null,
"Compress": false
}
},
"Cluster": null,
"Constraints": [],
"ACME": {
"Email": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"Domains": [
{
"Main": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"SANs": null
},
{
"Main": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"SANs": null
}
],
"Storage": "",
"StorageFile": "/acme/acme.json",
"OnDemand": true,
"OnHostRule": true,
"CAServer": "",
"EntryPoint": "https",
"DNSProvider": "",
"DelayDontCheckDNS": 0,
"ACMELogging": false,
"Options": null
},
"DefaultEntryPoints": [
"https",
"http"
],
"ProvidersThrottleDuration": 2000000000,
"MaxIdleConnsPerHost": 200,
"IdleTimeout": 180000000000,
"InsecureSkipVerify": false,
"Retry": null,
"HealthCheck": {
"Interval": 30000000000
},
"Docker": null,
"File": null,
"Web": null,
"Marathon": null,
"Consul": null,
"ConsulCatalog": null,
"Etcd": null,
"Zookeeper": null,
"Boltdb": null,
"KubernetesIngress": null,
"KubernetesCRD": null,
"Mesos": null,
"Eureka": null,
"ECS": null,
"Rancher": null,
"DynamoDB": null,
"ConfigFile": "/etc/traefik/traefik.toml"
}
`
anomConfiguration := doOnJSON(baseConfiguration)
baseConfiguration, err := ioutil.ReadFile("./testdata/example.json")
require.NoError(t, err)
if anomConfiguration != expectedConfiguration {
t.Errorf("Got %s, want %s.", anomConfiguration, expectedConfiguration)
}
anomConfiguration := doOnJSON(string(baseConfiguration))
expectedConfiguration, err := ioutil.ReadFile("./testdata/expected.json")
require.NoError(t, err)
assert.JSONEq(t, string(expectedConfiguration), anomConfiguration)
}
func Test_doOnJSON_simple(t *testing.T) {

8
pkg/anonymize/anonymize_doOnStruct_test.go
View File

@@ -20,6 +20,8 @@ type Tomate struct {
type Carotte struct {
Name string
Value int
List []string
EList []string `export:"true"`
Courgette Courgette
ECourgette Courgette `export:"true"`
Pourgette *Courgette
@@ -44,9 +46,13 @@ func Test_doOnStruct(t *testing.T) {
base: &Carotte{
Name: "koko",
Value: 666,
List: []string{"test"},
EList: []string{"test"},
},
expected: &Carotte{
Name: "xxxx",
Name: "xxxx",
List: []string{"xxxx"},
EList: []string{"test"},
},
},
{

454
pkg/anonymize/testdata/anonymized-static-config.json vendored Normal file
View File

@@ -0,0 +1,454 @@
{
"global": {
"checkNewVersion": true,
"sendAnonymousUsage": true
},
"serversTransport": {
"insecureSkipVerify": true,
"rootCAs": [
"xxxx",
"xxxx",
"xxxx"
],
"maxIdleConnsPerHost": 111,
"forwardingTimeouts": {
"dialTimeout": 111000000000,
"responseHeaderTimeout": 111000000000,
"idleConnTimeout": 111000000000
}
},
"entryPoints": {
"foobar": {
"address": "xxxx",
"transport": {
"lifeCycle": {
"requestAcceptGraceTimeout": 111000000000,
"graceTimeOut": 111000000000
},
"respondingTimeouts": {
"readTimeout": 111000000000,
"writeTimeout": 111000000000,
"idleTimeout": 111000000000
}
},
"proxyProtocol": {
"insecure": true,
"trustedIPs": [
"xxxx",
"xxxx"
]
},
"forwardedHeaders": {
"insecure": true,
"trustedIPs": [
"xxxx",
"xxxx"
]
},
"http": {
"redirections": {
"entryPoint": {
"to": "foobar",
"scheme": "foobar",
"permanent": true,
"priority": 42
}
},
"middlewares": [
"foobar",
"foobar"
],
"tls": {
"options": "foobar",
"certResolver": "foobar",
"domains": [
{
"main": "xxxx",
"sans": [
"xxxx",
"xxxx"
]
}
]
}
}
}
},
"providers": {
"providersThrottleDuration": 111000000000,
"docker": {
"constraints": "Label(\"foo\", \"bar\")",
"watch": true,
"endpoint": "xxxx",
"defaultRule": "xxxx",
"tls": {
"ca": "xxxx",
"caOptional": true,
"cert": "xxxx",
"key": "xxxx",
"insecureSkipVerify": true
},
"exposedByDefault": true,
"useBindPortIP": true,
"swarmMode": true,
"network": "MyNetwork",
"swarmModeRefreshSeconds": 42
},
"file": {
"directory": "file Directory",
"watch": true,
"filename": "file Filename",
"debugLogGeneratedTemplate": true
},
"marathon": {
"constraints": "Label(\"foo\", \"bar\")",
"trace": true,
"watch": true,
"endpoint": "xxxx",
"defaultRule": "xxxx",
"exposedByDefault": true,
"dcosToken": "xxxx",
"tls": {
"ca": "xxxx",
"caOptional": true,
"cert": "xxxx",
"key": "xxxx",
"insecureSkipVerify": true
},
"dialerTimeout": 42,
"responseHeaderTimeout": 42,
"tlsHandshakeTimeout": 42,
"keepAlive": 42,
"forceTaskHostname": true,
"basic": {
"httpBasicAuthUser": "xxxx",
"httpBasicPassword": "xxxx"
},
"respectReadinessChecks": true
},
"kubernetesIngress": {
"endpoint": "xxxx",
"token": "xxxx",
"certAuthFilePath": "xxxx",
"disablePassHostHeaders": true,
"namespaces": [
"a",
"b"
],
"labelSelector": "myLabelSelector",
"ingressClass": "MyIngressClass",
"ingressEndpoint": {
"ip": "xxxx",
"hostname": "xxxx",
"publishedService": "xxxx"
},
"throttleDuration": 111000000000
},
"kubernetesCRD": {
"endpoint": "xxxx",
"token": "xxxx",
"certAuthFilePath": "xxxx",
"disablePassHostHeaders": true,
"namespaces": [
"a",
"b"
],
"labelSelector": "myLabelSelector",
"ingressClass": "MyIngressClass",
"throttleDuration": 111000000000
},
"rest": {
"insecure": true
},
"rancher": {
"constraints": "Label(\"foo\", \"bar\")",
"watch": true,
"defaultRule": "xxxx",
"exposedByDefault": true,
"enableServiceHealthFilter": true,
"refreshSeconds": 42,
"intervalPoll": true,
"prefix": "xxxx"
},
"consulCatalog": {
"constraints": "Label(\"foo\", \"bar\")",
"endpoint": {
"address": "xxxx",
"scheme": "xxxx",
"datacenter": "xxxx",
"token": "xxxx",
"tls": {
"ca": "xxxx",
"caOptional": true,
"cert": "xxxx",
"key": "xxxx",
"insecureSkipVerify": true
},
"httpAuth": {
"username": "xxxx",
"password": "xxxx"
},
"endpointWaitTime": 42
},
"prefix": "MyPrefix",
"refreshInterval": 42,
"requireConsistent": true,
"stale": true,
"cache": true,
"exposedByDefault": true,
"defaultRule": "xxxx"
},
"ecs": {
"constraints": "Label(\"foo\", \"bar\")",
"exposedByDefault": true,
"refreshSeconds": 42,
"defaultRule": "xxxx",
"clusters": [
"Cluster1",
"Cluster2"
],
"autoDiscoverClusters": true,
"region": "Awsregion",
"accessKeyID": "xxxx",
"secretAccessKey": "xxxx"
},
"consul": {
"rootKey": "RootKey",
"username": "xxxx",
"password": "xxxx",
"tls": {
"ca": "xxxx",
"caOptional": true,
"cert": "xxxx",
"key": "xxxx",
"insecureSkipVerify": true
}
},
"etcd": {
"rootKey": "RootKey",
"username": "xxxx",
"password": "xxxx",
"tls": {
"ca": "xxxx",
"caOptional": true,
"cert": "xxxx",
"key": "xxxx",
"insecureSkipVerify": true
}
},
"zooKeeper": {
"rootKey": "RootKey",
"username": "xxxx",
"password": "xxxx",
"tls": {
"ca": "xxxx",
"caOptional": true,
"cert": "xxxx",
"key": "xxxx",
"insecureSkipVerify": true
}
},
"redis": {
"rootKey": "RootKey",
"username": "xxxx",
"password": "xxxx",
"tls": {
"ca": "xxxx",
"caOptional": true,
"cert": "xxxx",
"key": "xxxx",
"insecureSkipVerify": true
}
},
"http": {
"endpoint": "xxxx",
"pollInterval": 42,
"pollTimeout": 42,
"tls": {
"ca": "xxxx",
"caOptional": true,
"cert": "xxxx",
"key": "xxxx",
"insecureSkipVerify": true
}
}
},
"api": {
"insecure": true,
"dashboard": true,
"debug": true
},
"metrics": {
"prometheus": {
"buckets": [
0.1,
0.3,
1.2,
5
],
"addEntryPointsLabels": true,
"addServicesLabels": true,
"entryPoint": "MyEntryPoint",
"manualRouting": true
},
"datadog": {
"address": "xxxx",
"pushInterval": 42,
"addEntryPointsLabels": true,
"addServicesLabels": true
},
"statsD": {
"address": "xxxx",
"pushInterval": 42,
"addEntryPointsLabels": true,
"addServicesLabels": true,
"prefix": "MyPrefix"
},
"influxDB": {
"address": "xxxx",
"protocol": "xxxx",
"pushInterval": 42,
"database": "myDB",
"retentionPolicy": "12",
"username": "xxxx",
"password": "xxxx",
"addEntryPointsLabels": true,
"addServicesLabels": true
}
},
"ping": {
"entryPoint": "MyEntryPoint",
"manualRouting": true,
"terminatingStatusCode": 42
},
"log": {
"level": "Level",
"filePath": "xxxx",
"format": "json"
},
"accessLog": {
"filePath": "xxxx",
"format": "AccessLog Format",
"filters": {
"statusCodes": [
"200",
"500"
],
"retryAttempts": true,
"minDuration": 42
},
"fields": {
"defaultMode": "drop",
"names": {
"RequestHost": "keep"
},
"headers": {
"defaultMode": "drop",
"names": {
"Referer": "keep"
}
}
},
"bufferingSize": 42
},
"tracing": {
"serviceName": "myServiceName",
"spanNameLimit": 42,
"jaeger": {
"samplingServerURL": "xxxx",
"samplingType": "foobar",
"samplingParam": 42,
"localAgentHostPort": "xxxx",
"gen128Bit": true,
"propagation": "foobar",
"traceContextHeaderName": "foobar",
"collector": {
"endpoint": "xxxx",
"user": "xxxx",
"password": "xxxx"
},
"disableAttemptReconnecting": true
},
"zipkin": {
"httpEndpoint": "xxxx",
"sameSpan": true,
"id128Bit": true,
"sampleRate": 42
},
"datadog": {
"localAgentHostPort": "xxxx",
"globalTag": "foobar",
"debug": true,
"prioritySampling": true,
"traceIDHeaderName": "foobar",
"parentIDHeaderName": "foobar",
"samplingPriorityHeaderName": "foobar",
"bagagePrefixHeaderName": "foobar"
},
"instana": {
"localAgentHost": "xxxx",
"logLevel": "foobar"
},
"haystack": {
"localAgentHost": "xxxx",
"globalTag": "foobar",
"traceIDHeaderName": "foobar",
"parentIDHeaderName": "foobar",
"spanIDHeaderName": "foobar",
"baggagePrefixHeaderName": "foobar"
},
"elastic": {
"serverURL": "xxxx",
"secretToken": "xxxx",
"serviceEnvironment": "foobar"
}
},
"hostResolver": {
"cnameFlattening": true,
"resolvConfig": "foobar",
"resolvDepth": 42
},
"certificatesResolvers": {
"CertificateResolver0": {
"acme": {
"email": "xxxx",
"caServer": "xxxx",
"preferredChain": "foobar",
"storage": "Storage",
"keyType": "MyKeyType",
"dnsChallenge": {
"provider": "DNSProvider",
"delayBeforeCheck": 42,
"resolvers": [
"xxxx",
"xxxx"
],
"disablePropagationCheck": true
},
"httpChallenge": {
"entryPoint": "MyEntryPoint"
},
"tlsChallenge": {}
}
}
},
"pilot": {
"token": "xxxx"
},
"experimental": {
"plugins": {
"Descriptor0": {
"moduleName": "foobar",
"version": "foobar"
},
"Descriptor1": {
"moduleName": "foobar",
"version": "foobar"
}
},
"devPlugin": {
"goPath": "foobar",
"moduleName": "foobar"
}
}
}

82
pkg/anonymize/testdata/example.json vendored Normal file
View File

@@ -0,0 +1,82 @@
{
"GraceTimeOut": 10000000000,
"Debug": false,
"CheckNewVersion": true,
"AccessLogsFile": "",
"TraefikLogsFile": "",
"Level": "ERROR",
"EntryPoints": {
"http": {
"Network": "",
"Address": ":80",
"TLS": null,
"Auth": null,
"Compress": false
},
"https": {
"Address": ":443",
"TLS": {
"MinVersion": "",
"CipherSuites": null,
"Certificates": null,
"ClientCAFiles": null
},
"Auth": null,
"Compress": false
}
},
"Cluster": null,
"Constraints": [],
"ACME": {
"Email": "foo@bar.com",
"Domains": [
{
"Main": "foo@bar.com",
"SANs": null
},
{
"Main": "foo@bar.com",
"SANs": null
}
],
"Storage": "",
"StorageFile": "/acme/acme.json",
"OnDemand": true,
"OnHostRule": true,
"CAServer": "",
"EntryPoint": "https",
"DNSProvider": "",
"DelayDontCheckDNS": 0,
"ACMELogging": false,
"Options": null
},
"DefaultEntryPoints": [
"https",
"http"
],
"ProvidersThrottleDuration": 2000000000,
"MaxIdleConnsPerHost": 200,
"IdleTimeout": 180000000000,
"InsecureSkipVerify": false,
"Retry": null,
"HealthCheck": {
"Interval": 30000000000
},
"Docker": null,
"File": null,
"Web": null,
"Marathon": null,
"Consul": null,
"ConsulCatalog": null,
"Etcd": null,
"Zookeeper": null,
"Boltdb": null,
"KubernetesIngress": null,
"KubernetesCRD": null,
"Mesos": null,
"Eureka": null,
"ECS": null,
"Rancher": null,
"DynamoDB": null,
"ConfigFile": "/etc/traefik/traefik.toml"
}

82
pkg/anonymize/testdata/expected.json vendored Normal file
View File

@@ -0,0 +1,82 @@
{
"GraceTimeOut": 10000000000,
"Debug": false,
"CheckNewVersion": true,
"AccessLogsFile": "",
"TraefikLogsFile": "",
"Level": "ERROR",
"EntryPoints": {
"http": {
"Network": "",
"Address": ":80",
"TLS": null,
"Auth": null,
"Compress": false
},
"https": {
"Address": ":443",
"TLS": {
"MinVersion": "",
"CipherSuites": null,
"Certificates": null,
"ClientCAFiles": null
},
"Auth": null,
"Compress": false
}
},
"Cluster": null,
"Constraints": [],
"ACME": {
"Email": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"Domains": [
{
"Main": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"SANs": null
},
{
"Main": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"SANs": null
}
],
"Storage": "",
"StorageFile": "/acme/acme.json",
"OnDemand": true,
"OnHostRule": true,
"CAServer": "",
"EntryPoint": "https",
"DNSProvider": "",
"DelayDontCheckDNS": 0,
"ACMELogging": false,
"Options": null
},
"DefaultEntryPoints": [
"https",
"http"
],
"ProvidersThrottleDuration": 2000000000,
"MaxIdleConnsPerHost": 200,
"IdleTimeout": 180000000000,
"InsecureSkipVerify": false,
"Retry": null,
"HealthCheck": {
"Interval": 30000000000
},
"Docker": null,
"File": null,
"Web": null,
"Marathon": null,
"Consul": null,
"ConsulCatalog": null,
"Etcd": null,
"Zookeeper": null,
"Boltdb": null,
"KubernetesIngress": null,
"KubernetesCRD": null,
"Mesos": null,
"Eureka": null,
"ECS": null,
"Rancher": null,
"DynamoDB": null,
"ConfigFile": "/etc/traefik/traefik.toml"
}

2
pkg/config/dynamic/zz_generated.deepcopy.go
View File

@@ -3,7 +3,7 @@
/*
The MIT License (MIT)
Copyright (c) 2016-2020 Containous SAS; 2020-2020 Traefik Labs
Copyright (c) 2016-2020 Containous SAS; 2020-2021 Traefik Labs
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal

30
pkg/config/static/entrypoints.go
View File

@@ -11,10 +11,10 @@ import (
// EntryPoint holds the entry point configuration.
type EntryPoint struct {
Address string `description:"Entry point address." json:"address,omitempty" toml:"address,omitempty" yaml:"address,omitempty"`
Transport *EntryPointsTransport `description:"Configures communication between clients and Traefik." json:"transport,omitempty" toml:"transport,omitempty" yaml:"transport,omitempty"`
ProxyProtocol *ProxyProtocol `description:"Proxy-Protocol configuration." json:"proxyProtocol,omitempty" toml:"proxyProtocol,omitempty" yaml:"proxyProtocol,omitempty" label:"allowEmpty" file:"allowEmpty"`
ForwardedHeaders *ForwardedHeaders `description:"Trust client forwarding headers." json:"forwardedHeaders,omitempty" toml:"forwardedHeaders,omitempty" yaml:"forwardedHeaders,omitempty"`
HTTP HTTPConfig `description:"HTTP configuration." json:"http,omitempty" toml:"http,omitempty" yaml:"http,omitempty"`
Transport *EntryPointsTransport `description:"Configures communication between clients and Traefik." json:"transport,omitempty" toml:"transport,omitempty" yaml:"transport,omitempty" export:"true"`
ProxyProtocol *ProxyProtocol `description:"Proxy-Protocol configuration." json:"proxyProtocol,omitempty" toml:"proxyProtocol,omitempty" yaml:"proxyProtocol,omitempty" label:"allowEmpty" file:"allowEmpty" export:"true"`
ForwardedHeaders *ForwardedHeaders `description:"Trust client forwarding headers." json:"forwardedHeaders,omitempty" toml:"forwardedHeaders,omitempty" yaml:"forwardedHeaders,omitempty" export:"true"`
HTTP HTTPConfig `description:"HTTP configuration." json:"http,omitempty" toml:"http,omitempty" yaml:"http,omitempty" export:"true"`
}
// GetAddress strips any potential protocol part of the address field of the
@@ -49,22 +49,22 @@ func (ep *EntryPoint) SetDefaults() {
// HTTPConfig is the HTTP configuration of an entry point.
type HTTPConfig struct {
Redirections *Redirections `description:"Set of redirection" json:"redirections,omitempty" toml:"redirections,omitempty" yaml:"redirections,omitempty"`
Middlewares []string `description:"Default middlewares for the routers linked to the entry point." json:"middlewares,omitempty" toml:"middlewares,omitempty" yaml:"middlewares,omitempty"`
TLS *TLSConfig `description:"Default TLS configuration for the routers linked to the entry point." json:"tls,omitempty" toml:"tls,omitempty" yaml:"tls,omitempty" label:"allowEmpty" file:"allowEmpty"`
Redirections *Redirections `description:"Set of redirection" json:"redirections,omitempty" toml:"redirections,omitempty" yaml:"redirections,omitempty" export:"true"`
Middlewares []string `description:"Default middlewares for the routers linked to the entry point." json:"middlewares,omitempty" toml:"middlewares,omitempty" yaml:"middlewares,omitempty" export:"true"`
TLS *TLSConfig `description:"Default TLS configuration for the routers linked to the entry point." json:"tls,omitempty" toml:"tls,omitempty" yaml:"tls,omitempty" label:"allowEmpty" file:"allowEmpty" export:"true"`
}
// Redirections is a set of redirection for an entry point.
type Redirections struct {
EntryPoint *RedirectEntryPoint `description:"Set of redirection for an entry point." json:"entryPoint,omitempty" toml:"entryPoint,omitempty" yaml:"entryPoint,omitempty"`
EntryPoint *RedirectEntryPoint `description:"Set of redirection for an entry point." json:"entryPoint,omitempty" toml:"entryPoint,omitempty" yaml:"entryPoint,omitempty" export:"true"`
}
// RedirectEntryPoint is the definition of an entry point redirection.
type RedirectEntryPoint struct {
To string `description:"Targeted entry point of the redirection." json:"to,omitempty" toml:"to,omitempty" yaml:"to,omitempty"`
Scheme string `description:"Scheme used for the redirection." json:"scheme,omitempty" toml:"scheme,omitempty" yaml:"scheme,omitempty"`
Permanent bool `description:"Applies a permanent redirection." json:"permanent,omitempty" toml:"permanent,omitempty" yaml:"permanent,omitempty"`
Priority int `description:"Priority of the generated router." json:"priority,omitempty" toml:"priority,omitempty" yaml:"priority,omitempty"`
To string `description:"Targeted entry point of the redirection." json:"to,omitempty" toml:"to,omitempty" yaml:"to,omitempty" export:"true"`
Scheme string `description:"Scheme used for the redirection." json:"scheme,omitempty" toml:"scheme,omitempty" yaml:"scheme,omitempty" export:"true"`
Permanent bool `description:"Applies a permanent redirection." json:"permanent,omitempty" toml:"permanent,omitempty" yaml:"permanent,omitempty" export:"true"`
Priority int `description:"Priority of the generated router." json:"priority,omitempty" toml:"priority,omitempty" yaml:"priority,omitempty" export:"true"`
}
// SetDefaults sets the default values.
@@ -76,9 +76,9 @@ func (r *RedirectEntryPoint) SetDefaults() {
// TLSConfig is the default TLS configuration for all the routers associated to the concerned entry point.
type TLSConfig struct {
Options string `description:"Default TLS options for the routers linked to the entry point." json:"options,omitempty" toml:"options,omitempty" yaml:"options,omitempty"`
CertResolver string `description:"Default certificate resolver for the routers linked to the entry point." json:"certResolver,omitempty" toml:"certResolver,omitempty" yaml:"certResolver,omitempty"`
Domains []types.Domain `description:"Default TLS domains for the routers linked to the entry point." json:"domains,omitempty" toml:"domains,omitempty" yaml:"domains,omitempty"`
Options string `description:"Default TLS options for the routers linked to the entry point." json:"options,omitempty" toml:"options,omitempty" yaml:"options,omitempty" export:"true"`
CertResolver string `description:"Default certificate resolver for the routers linked to the entry point." json:"certResolver,omitempty" toml:"certResolver,omitempty" yaml:"certResolver,omitempty" export:"true"`
Domains []types.Domain `description:"Default TLS domains for the routers linked to the entry point." json:"domains,omitempty" toml:"domains,omitempty" yaml:"domains,omitempty" export:"true"`
}
// ForwardedHeaders Trust client forwarding headers.

4
pkg/config/static/experimental.go
View File

@@ -4,6 +4,6 @@ import "github.com/traefik/traefik/v2/pkg/plugins"
// Experimental experimental Traefik features.
type Experimental struct {
Plugins map[string]plugins.Descriptor `description:"Plugins configuration." json:"plugins,omitempty" toml:"plugins,omitempty" yaml:"plugins,omitempty"`
DevPlugin *plugins.DevPlugin `description:"Dev plugin configuration." json:"devPlugin,omitempty" toml:"devPlugin,omitempty" yaml:"devPlugin,omitempty"`
Plugins map[string]plugins.Descriptor `description:"Plugins configuration." json:"plugins,omitempty" toml:"plugins,omitempty" yaml:"plugins,omitempty" export:"true"`
DevPlugin *plugins.DevPlugin `description:"Dev plugin configuration." json:"devPlugin,omitempty" toml:"devPlugin,omitempty" yaml:"devPlugin,omitempty" export:"true"`
}

18
pkg/config/static/static_config.go
View File

@@ -72,9 +72,9 @@ type Configuration struct {
CertificatesResolvers map[string]CertificateResolver `description:"Certificates resolvers configuration." json:"certificatesResolvers,omitempty" toml:"certificatesResolvers,omitempty" yaml:"certificatesResolvers,omitempty" export:"true"`
Pilot *Pilot `description:"Traefik Pilot configuration." json:"pilot,omitempty" toml:"pilot,omitempty" yaml:"pilot,omitempty"`
Pilot *Pilot `description:"Traefik Pilot configuration." json:"pilot,omitempty" toml:"pilot,omitempty" yaml:"pilot,omitempty" export:"true"`
Experimental *Experimental `description:"experimental features." json:"experimental,omitempty" toml:"experimental,omitempty" yaml:"experimental,omitempty"`
Experimental *Experimental `description:"experimental features." json:"experimental,omitempty" toml:"experimental,omitempty" yaml:"experimental,omitempty" export:"true"`
}
// CertificateResolver contains the configuration for the different types of certificates resolver.
@@ -176,14 +176,14 @@ type Providers struct {
KubernetesCRD *crd.Provider `description:"Enable Kubernetes backend with default settings." json:"kubernetesCRD,omitempty" toml:"kubernetesCRD,omitempty" yaml:"kubernetesCRD,omitempty" export:"true" label:"allowEmpty" file:"allowEmpty"`
Rest *rest.Provider `description:"Enable Rest backend with default settings." json:"rest,omitempty" toml:"rest,omitempty" yaml:"rest,omitempty" export:"true" label:"allowEmpty" file:"allowEmpty"`
Rancher *rancher.Provider `description:"Enable Rancher backend with default settings." json:"rancher,omitempty" toml:"rancher,omitempty" yaml:"rancher,omitempty" export:"true" label:"allowEmpty" file:"allowEmpty"`
ConsulCatalog *consulcatalog.Provider `description:"Enable ConsulCatalog backend with default settings." json:"consulCatalog,omitempty" toml:"consulCatalog,omitempty" yaml:"consulCatalog,omitempty"`
Ecs *ecs.Provider `description:"Enable AWS ECS backend with default settings." json:"ecs,omitempty" toml:"ecs,omitempty" yaml:"ecs,omitempty"`
ConsulCatalog *consulcatalog.Provider `description:"Enable ConsulCatalog backend with default settings." json:"consulCatalog,omitempty" toml:"consulCatalog,omitempty" yaml:"consulCatalog,omitempty" label:"allowEmpty" file:"allowEmpty" export:"true"`
Ecs *ecs.Provider `description:"Enable AWS ECS backend with default settings." json:"ecs,omitempty" toml:"ecs,omitempty" yaml:"ecs,omitempty" label:"allowEmpty" file:"allowEmpty" export:"true"`
Consul *consul.Provider `description:"Enable Consul backend with default settings." json:"consul,omitempty" toml:"consul,omitempty" yaml:"consul,omitempty" export:"true" label:"allowEmpty" file:"allowEmpty"`
Etcd *etcd.Provider `description:"Enable Etcd backend with default settings." json:"etcd,omitempty" toml:"etcd,omitempty" yaml:"etcd,omitempty" export:"true" label:"allowEmpty" file:"allowEmpty"`
ZooKeeper *zk.Provider `description:"Enable ZooKeeper backend with default settings." json:"zooKeeper,omitempty" toml:"zooKeeper,omitempty" yaml:"zooKeeper,omitempty" export:"true" label:"allowEmpty" file:"allowEmpty"`
Redis *redis.Provider `description:"Enable Redis backend with default settings." json:"redis,omitempty" toml:"redis,omitempty" yaml:"redis,omitempty" export:"true" label:"allowEmpty" file:"allowEmpty"`
HTTP *http.Provider `description:"Enable HTTP backend with default settings." json:"http,omitempty" toml:"http,omitempty" yaml:"http,omitempty" export:"true" label:"allowEmpty" file:"allowEmpty"`
Consul *consul.Provider `description:"Enable Consul backend with default settings." json:"consul,omitempty" toml:"consul,omitempty" yaml:"consul,omitempty" label:"allowEmpty" file:"allowEmpty" export:"true"`
Etcd *etcd.Provider `description:"Enable Etcd backend with default settings." json:"etcd,omitempty" toml:"etcd,omitempty" yaml:"etcd,omitempty" label:"allowEmpty" file:"allowEmpty" export:"true"`
ZooKeeper *zk.Provider `description:"Enable ZooKeeper backend with default settings." json:"zooKeeper,omitempty" toml:"zooKeeper,omitempty" yaml:"zooKeeper,omitempty" label:"allowEmpty" file:"allowEmpty" export:"true"`
Redis *redis.Provider `description:"Enable Redis backend with default settings." json:"redis,omitempty" toml:"redis,omitempty" yaml:"redis,omitempty" label:"allowEmpty" file:"allowEmpty" export:"true"`
HTTP *http.Provider `description:"Enable HTTP backend with default settings." json:"http,omitempty" toml:"http,omitempty" yaml:"http,omitempty" label:"allowEmpty" file:"allowEmpty" export:"true"`
}
// SetEffectiveConfiguration adds missing configuration parameters derived from existing ones.

2
pkg/log/log.go
View File

@@ -137,7 +137,7 @@ func RotateFile() error {
}
if err := OpenFile(logFilePath); err != nil {
return fmt.Errorf("error opening log file: %s", err)
return fmt.Errorf("error opening log file: %w", err)
}
return nil

30
pkg/metrics/prometheus.go
View File

@@ -2,6 +2,7 @@ package metrics
import (
"context"
"errors"
"net/http"
"sort"
"strings"
@@ -74,12 +75,15 @@ func RegisterPrometheus(ctx context.Context, config *types.Prometheus) Registry
standardRegistry := initStandardRegistry(config)
if err := promRegistry.Register(stdprometheus.NewProcessCollector(stdprometheus.ProcessCollectorOpts{})); err != nil {
if _, ok := err.(stdprometheus.AlreadyRegisteredError); !ok {
var arErr stdprometheus.AlreadyRegisteredError
if !errors.As(err, &arErr) {
log.FromContext(ctx).Warn("ProcessCollector is already registered")
}
}
if err := promRegistry.Register(stdprometheus.NewGoCollector()); err != nil {
if _, ok := err.(stdprometheus.AlreadyRegisteredError); !ok {
var arErr stdprometheus.AlreadyRegisteredError
if !errors.As(err, &arErr) {
log.FromContext(ctx).Warn("GoCollector is already registered")
}
}
@@ -212,15 +216,21 @@ func initStandardRegistry(config *types.Prometheus) Registry {
}
func registerPromState(ctx context.Context) bool {
if err := promRegistry.Register(promState); err != nil {
logger := log.FromContext(ctx)
if _, ok := err.(stdprometheus.AlreadyRegisteredError); !ok {
logger.Errorf("Unable to register Traefik to Prometheus: %v", err)
return false
}
logger.Debug("Prometheus collector already registered.")
err := promRegistry.Register(promState)
if err == nil {
return true
}
return true
logger := log.FromContext(ctx)
var arErr stdprometheus.AlreadyRegisteredError
if errors.As(err, &arErr) {
logger.Debug("Prometheus collector already registered.")
return true
}
logger.Errorf("Unable to register Traefik to Prometheus: %v", err)
return false
}
// OnConfigurationUpdate receives the current configuration from Traefik.

48
pkg/middlewares/accesslog/logger_formatters_test.go
View File

@@ -60,33 +60,31 @@ func TestCommonLogFormatter_Format(t *testing.T) {
expectedLog: `10.0.0.1 - Client [10/Nov/2009:23:00:00 +0000] "GET /foo http" 123 132 "referer" "agent" - "foo" "http://10.0.0.2/toto" 123000ms
`,
},
/*
{
name: "all data with local time",
data: map[string]interface{}{
StartLocal: time.Date(2009, time.November, 10, 23, 0, 0, 0, time.UTC),
Duration: 123 * time.Second,
ClientHost: "10.0.0.1",
ClientUsername: "Client",
RequestMethod: http.MethodGet,
RequestPath: "/foo",
RequestProtocol: "http",
OriginStatus: 123,
OriginContentSize: 132,
RequestRefererHeader: "referer",
RequestUserAgentHeader: "agent",
RequestCount: nil,
RouterName: "foo",
ServiceURL: "http://10.0.0.2/toto",
},
expectedLog: `10.0.0.1 - Client [10/Nov/2009:14:00:00 -0900] "GET /foo http" 123 132 "referer" "agent" - "foo" "http://10.0.0.2/toto" 123000ms
`,
},
*/
{
name: "all data with local time",
data: map[string]interface{}{
StartLocal: time.Date(2009, time.November, 10, 23, 0, 0, 0, time.UTC),
Duration: 123 * time.Second,
ClientHost: "10.0.0.1",
ClientUsername: "Client",
RequestMethod: http.MethodGet,
RequestPath: "/foo",
RequestProtocol: "http",
OriginStatus: 123,
OriginContentSize: 132,
RequestRefererHeader: "referer",
RequestUserAgentHeader: "agent",
RequestCount: nil,
RouterName: "foo",
ServiceURL: "http://10.0.0.2/toto",
},
expectedLog: `10.0.0.1 - Client [10/Nov/2009:14:00:00 -0900] "GET /foo http" 123 132 "referer" "agent" - "foo" "http://10.0.0.2/toto" 123000ms
`,
},
}
// Set timezone to Alaska to have a constant behavior
os.Setenv("TZ", "US/Alaska")
// Set timezone to Etc/GMT+9 to have a constant behavior
os.Setenv("TZ", "Etc/GMT+9")
for _, test := range testCases {
test := test

3
pkg/middlewares/auth/forward.go
View File

@@ -2,6 +2,7 @@ package auth
import (
"context"
"errors"
"fmt"
"io/ioutil"
"net"
@@ -124,7 +125,7 @@ func (fa *forwardAuth) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
redirectURL, err := forwardResponse.Location()
if err != nil {
if err != http.ErrNoLocation {
if !errors.Is(err, http.ErrNoLocation) {
logMessage := fmt.Sprintf("Error reading response location header %s. Cause: %s", fa.address, err)
logger.Debug(logMessage)
tracing.SetErrorWithEvent(req, logMessage)

2
pkg/middlewares/customerrors/custom_errors.go
View File

@@ -93,7 +93,7 @@ func (c *customErrors) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
code := catcher.getCode()
for _, block := range c.httpCodeRanges {
if code >= block[0] && code <= block[1] {
logger.Errorf("Caught HTTP Status Code %d, returning error page", code)
logger.Debugf("Caught HTTP Status Code %d, returning error page", code)
var query string
if len(c.backendQuery) > 0 {

1
pkg/middlewares/recovery/recovery.go
View File

@@ -54,5 +54,6 @@ func recoverFunc(ctx context.Context, rw http.ResponseWriter, r *http.Request) {
// https://github.com/golang/go/blob/a0d6420d8be2ae7164797051ec74fa2a2df466a1/src/net/http/server.go#L1761-L1775
// https://github.com/golang/go/blob/c33153f7b416c03983324b3e8f869ce1116d84bc/src/net/http/httputil/reverseproxy.go#L284
func shouldLogPanic(panicValue interface{}) bool {
//nolint:errorlint // false-positive because panicValue is an interface.
return panicValue != nil && panicValue != http.ErrAbortHandler
}

31
pkg/middlewares/redirect/redirect.go
View File

@@ -1,9 +1,6 @@
package redirect
import (
"bytes"
"html/template"
"io"
"net/http"
"net/url"
"regexp"
@@ -47,24 +44,17 @@ func (r *redirect) GetTracingInformation() (string, ext.SpanKindEnum) {
func (r *redirect) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
oldURL := rawURL(req)
// If the Regexp doesn't match, skip to the next handler
// If the Regexp doesn't match, skip to the next handler.
if !r.regex.MatchString(oldURL) {
r.next.ServeHTTP(rw, req)
return
}
// apply a rewrite regexp to the URL
// Apply a rewrite regexp to the URL.
newURL := r.regex.ReplaceAllString(oldURL, r.replacement)
// replace any variables that may be in there
rewrittenURL := &bytes.Buffer{}
if err := applyString(newURL, rewrittenURL, req); err != nil {
r.errHandler.ServeHTTP(rw, req, err)
return
}
// parse the rewritten URL and replace request URL with it
parsedURL, err := url.Parse(rewrittenURL.String())
// Parse the rewritten URL and replace request URL with it.
parsedURL, err := url.Parse(newURL)
if err != nil {
r.errHandler.ServeHTTP(rw, req, err)
return
@@ -78,7 +68,7 @@ func (r *redirect) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
req.URL = parsedURL
// make sure the request URI corresponds the rewritten URL
// Make sure the request URI corresponds the rewritten URL.
req.RequestURI = req.URL.RequestURI()
r.next.ServeHTTP(rw, req)
}
@@ -138,14 +128,3 @@ func rawURL(req *http.Request) string {
return strings.Join([]string{scheme, "://", host, port, uri}, "")
}
func applyString(in string, out io.Writer, req *http.Request) error {
t, err := template.New("t").Parse(in)
if err != nil {
return err
}
data := struct{ Request *http.Request }{Request: req}
return t.Execute(out, data)
}

13
pkg/middlewares/redirect/redirect_regex_test.go
View File

@@ -10,7 +10,6 @@ import (
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/traefik/traefik/v2/pkg/config/dynamic"
"github.com/traefik/traefik/v2/pkg/testhelpers"
)
func TestRedirectRegexHandler(t *testing.T) {
@@ -35,16 +34,6 @@ func TestRedirectRegexHandler(t *testing.T) {
expectedURL: "https://foobar.com:443",
expectedStatus: http.StatusFound,
},
{
desc: "use request header",
config: dynamic.RedirectRegex{
Regex: `^(?:http?:\/\/)(foo)(\.com)(:\d+)(.*)$`,
Replacement: `https://${1}{{ .Request.Header.Get "X-Foo" }}$2:443$4`,
},
url: "http://foo.com:80",
expectedURL: "https://foobar.com:443",
expectedStatus: http.StatusFound,
},
{
desc: "URL doesn't match regex",
config: dynamic.RedirectRegex{
@@ -186,7 +175,7 @@ func TestRedirectRegexHandler(t *testing.T) {
method = test.method
}
req := testhelpers.MustNewRequest(method, test.url, nil)
req := httptest.NewRequest(method, test.url, nil)
if test.secured {
req.TLS = &tls.ConnectionState{}
}

4
pkg/ping/ping.go
View File

@@ -9,8 +9,8 @@ import (
// Handler expose ping routes.
type Handler struct {
EntryPoint string `description:"EntryPoint" export:"true" json:"entryPoint,omitempty" toml:"entryPoint,omitempty" yaml:"entryPoint,omitempty"`
ManualRouting bool `description:"Manual routing" json:"manualRouting,omitempty" toml:"manualRouting,omitempty" yaml:"manualRouting,omitempty"`
TerminatingStatusCode int `description:"Terminating status code" json:"terminatingStatusCode,omitempty" toml:"terminatingStatusCode,omitempty" yaml:"terminatingStatusCode,omitempty"`
ManualRouting bool `description:"Manual routing" json:"manualRouting,omitempty" toml:"manualRouting,omitempty" yaml:"manualRouting,omitempty" export:"true"`
TerminatingStatusCode int `description:"Terminating status code" json:"terminatingStatusCode,omitempty" toml:"terminatingStatusCode,omitempty" yaml:"terminatingStatusCode,omitempty" export:"true"`
terminating bool
}

8
pkg/plugins/types.go
View File

@@ -3,19 +3,19 @@ package plugins
// Descriptor The static part of a plugin configuration (prod).
type Descriptor struct {
// ModuleName (required)
ModuleName string `description:"plugin's module name." json:"moduleName,omitempty" toml:"moduleName,omitempty" yaml:"moduleName,omitempty"`
ModuleName string `description:"plugin's module name." json:"moduleName,omitempty" toml:"moduleName,omitempty" yaml:"moduleName,omitempty" export:"true"`
// Version (required)
Version string `description:"plugin's version." json:"version,omitempty" toml:"version,omitempty" yaml:"version,omitempty"`
Version string `description:"plugin's version." json:"version,omitempty" toml:"version,omitempty" yaml:"version,omitempty" export:"true"`
}
// DevPlugin The static part of a plugin configuration (only for dev).
type DevPlugin struct {
// GoPath plugin's GOPATH. (required)
GoPath string `description:"plugin's GOPATH." json:"goPath,omitempty" toml:"goPath,omitempty" yaml:"goPath,omitempty"`
GoPath string `description:"plugin's GOPATH." json:"goPath,omitempty" toml:"goPath,omitempty" yaml:"goPath,omitempty" export:"true"`
// ModuleName (required)
ModuleName string `description:"plugin's module name." json:"moduleName,omitempty" toml:"moduleName,omitempty" yaml:"moduleName,omitempty"`
ModuleName string `description:"plugin's module name." json:"moduleName,omitempty" toml:"moduleName,omitempty" yaml:"moduleName,omitempty" export:"true"`
}
// Manifest The plugin manifest.

20
pkg/provider/acme/provider.go
View File

@@ -35,12 +35,12 @@ var oscpMustStaple = false
type Configuration struct {
Email string `description:"Email address used for registration." json:"email,omitempty" toml:"email,omitempty" yaml:"email,omitempty"`
CAServer string `description:"CA server to use." json:"caServer,omitempty" toml:"caServer,omitempty" yaml:"caServer,omitempty"`
PreferredChain string `description:"Preferred chain to use." json:"preferredChain,omitempty" toml:"preferredChain,omitempty" yaml:"preferredChain,omitempty"`
Storage string `description:"Storage to use." json:"storage,omitempty" toml:"storage,omitempty" yaml:"storage,omitempty"`
KeyType string `description:"KeyType used for generating certificate private key. Allow value 'EC256', 'EC384', 'RSA2048', 'RSA4096', 'RSA8192'." json:"keyType,omitempty" toml:"keyType,omitempty" yaml:"keyType,omitempty"`
DNSChallenge *DNSChallenge `description:"Activate DNS-01 Challenge." json:"dnsChallenge,omitempty" toml:"dnsChallenge,omitempty" yaml:"dnsChallenge,omitempty" label:"allowEmpty" file:"allowEmpty"`
HTTPChallenge *HTTPChallenge `description:"Activate HTTP-01 Challenge." json:"httpChallenge,omitempty" toml:"httpChallenge,omitempty" yaml:"httpChallenge,omitempty" label:"allowEmpty" file:"allowEmpty"`
TLSChallenge *TLSChallenge `description:"Activate TLS-ALPN-01 Challenge." json:"tlsChallenge,omitempty" toml:"tlsChallenge,omitempty" yaml:"tlsChallenge,omitempty" label:"allowEmpty" file:"allowEmpty"`
PreferredChain string `description:"Preferred chain to use." json:"preferredChain,omitempty" toml:"preferredChain,omitempty" yaml:"preferredChain,omitempty" export:"true"`
Storage string `description:"Storage to use." json:"storage,omitempty" toml:"storage,omitempty" yaml:"storage,omitempty" export:"true"`
KeyType string `description:"KeyType used for generating certificate private key. Allow value 'EC256', 'EC384', 'RSA2048', 'RSA4096', 'RSA8192'." json:"keyType,omitempty" toml:"keyType,omitempty" yaml:"keyType,omitempty" export:"true"`
DNSChallenge *DNSChallenge `description:"Activate DNS-01 Challenge." json:"dnsChallenge,omitempty" toml:"dnsChallenge,omitempty" yaml:"dnsChallenge,omitempty" label:"allowEmpty" file:"allowEmpty" export:"true"`
HTTPChallenge *HTTPChallenge `description:"Activate HTTP-01 Challenge." json:"httpChallenge,omitempty" toml:"httpChallenge,omitempty" yaml:"httpChallenge,omitempty" label:"allowEmpty" file:"allowEmpty" export:"true"`
TLSChallenge *TLSChallenge `description:"Activate TLS-ALPN-01 Challenge." json:"tlsChallenge,omitempty" toml:"tlsChallenge,omitempty" yaml:"tlsChallenge,omitempty" label:"allowEmpty" file:"allowEmpty" export:"true"`
}
// SetDefaults sets the default values.
@@ -65,15 +65,15 @@ type Certificate struct {
// DNSChallenge contains DNS challenge Configuration.
type DNSChallenge struct {
Provider string `description:"Use a DNS-01 based challenge provider rather than HTTPS." json:"provider,omitempty" toml:"provider,omitempty" yaml:"provider,omitempty"`
DelayBeforeCheck ptypes.Duration `description:"Assume DNS propagates after a delay in seconds rather than finding and querying nameservers." json:"delayBeforeCheck,omitempty" toml:"delayBeforeCheck,omitempty" yaml:"delayBeforeCheck,omitempty"`
Provider string `description:"Use a DNS-01 based challenge provider rather than HTTPS." json:"provider,omitempty" toml:"provider,omitempty" yaml:"provider,omitempty" export:"true"`
DelayBeforeCheck ptypes.Duration `description:"Assume DNS propagates after a delay in seconds rather than finding and querying nameservers." json:"delayBeforeCheck,omitempty" toml:"delayBeforeCheck,omitempty" yaml:"delayBeforeCheck,omitempty" export:"true"`
Resolvers []string `description:"Use following DNS servers to resolve the FQDN authority." json:"resolvers,omitempty" toml:"resolvers,omitempty" yaml:"resolvers,omitempty"`
DisablePropagationCheck bool `description:"Disable the DNS propagation checks before notifying ACME that the DNS challenge is ready. [not recommended]" json:"disablePropagationCheck,omitempty" toml:"disablePropagationCheck,omitempty" yaml:"disablePropagationCheck,omitempty"`
DisablePropagationCheck bool `description:"Disable the DNS propagation checks before notifying ACME that the DNS challenge is ready. [not recommended]" json:"disablePropagationCheck,omitempty" toml:"disablePropagationCheck,omitempty" yaml:"disablePropagationCheck,omitempty" export:"true"`
}
// HTTPChallenge contains HTTP challenge Configuration.
type HTTPChallenge struct {
EntryPoint string `description:"HTTP challenge EntryPoint" json:"entryPoint,omitempty" toml:"entryPoint,omitempty" yaml:"entryPoint,omitempty"`
EntryPoint string `description:"HTTP challenge EntryPoint" json:"entryPoint,omitempty" toml:"entryPoint,omitempty" yaml:"entryPoint,omitempty" export:"true"`
}
// TLSChallenge contains TLS challenge Configuration.

78
pkg/provider/consulcatalog/consul_catalog.go
View File

@@ -55,10 +55,10 @@ type Provider struct {
// EndpointConfig holds configurations of the endpoint.
type EndpointConfig struct {
Address string `description:"The address of the Consul server" json:"address,omitempty" toml:"address,omitempty" yaml:"address,omitempty" export:"true"`
Scheme string `description:"The URI scheme for the Consul server" json:"scheme,omitempty" toml:"scheme,omitempty" yaml:"scheme,omitempty" export:"true"`
DataCenter string `description:"Data center to use. If not provided, the default agent data center is used" json:"datacenter,omitempty" toml:"datacenter,omitempty" yaml:"datacenter,omitempty" export:"true"`
Token string `description:"Token is used to provide a per-request ACL token which overrides the agent's default token" json:"token,omitempty" toml:"token,omitempty" yaml:"token,omitempty" export:"true"`
Address string `description:"The address of the Consul server" json:"address,omitempty" toml:"address,omitempty" yaml:"address,omitempty"`
Scheme string `description:"The URI scheme for the Consul server" json:"scheme,omitempty" toml:"scheme,omitempty" yaml:"scheme,omitempty"`
DataCenter string `description:"Data center to use. If not provided, the default agent data center is used" json:"datacenter,omitempty" toml:"datacenter,omitempty" yaml:"datacenter,omitempty"`
Token string `description:"Token is used to provide a per-request ACL token which overrides the agent's default token" json:"token,omitempty" toml:"token,omitempty" yaml:"token,omitempty"`
TLS *types.ClientTLS `description:"Enable TLS support." json:"tls,omitempty" toml:"tls,omitempty" yaml:"tls,omitempty" export:"true"`
HTTPAuth *EndpointHTTPAuthConfig `description:"Auth info to use for http access" json:"httpAuth,omitempty" toml:"httpAuth,omitempty" yaml:"httpAuth,omitempty" export:"true"`
EndpointWaitTime ptypes.Duration `description:"WaitTime limits how long a Watch will block. If not provided, the agent default values will be used" json:"endpointWaitTime,omitempty" toml:"endpointWaitTime,omitempty" yaml:"endpointWaitTime,omitempty" export:"true"`
@@ -71,8 +71,8 @@ func (c *EndpointConfig) SetDefaults() {
// EndpointHTTPAuthConfig holds configurations of the authentication.
type EndpointHTTPAuthConfig struct {
Username string `description:"Basic Auth username" json:"username,omitempty" toml:"username,omitempty" yaml:"username,omitempty" export:"true"`
Password string `description:"Basic Auth password" json:"password,omitempty" toml:"password,omitempty" yaml:"password,omitempty" export:"true"`
Username string `description:"Basic Auth username" json:"username,omitempty" toml:"username,omitempty" yaml:"username,omitempty"`
Password string `description:"Basic Auth password" json:"password,omitempty" toml:"password,omitempty" yaml:"password,omitempty"`
}
// SetDefaults sets the default values.
@@ -108,27 +108,28 @@ func (p *Provider) Provide(configurationChan chan<- dynamic.Message, pool *safe.
p.client, err = createClient(p.Endpoint)
if err != nil {
return fmt.Errorf("error create consul client, %w", err)
return fmt.Errorf("unable to create consul client: %w", err)
}
// get configuration at the provider's startup.
err = p.loadConfiguration(routineCtx, configurationChan)
if err != nil {
return fmt.Errorf("failed to get consul catalog data: %w", err)
}
// Periodic refreshes.
ticker := time.NewTicker(time.Duration(p.RefreshInterval))
defer ticker.Stop()
for {
select {
case <-ticker.C:
data, err := p.getConsulServicesData(routineCtx)
err = p.loadConfiguration(routineCtx, configurationChan)
if err != nil {
logger.Errorf("error get consul catalog data, %v", err)
return err
return fmt.Errorf("failed to refresh consul catalog data: %w", err)
}
configuration := p.buildConfiguration(routineCtx, data)
configurationChan <- dynamic.Message{
ProviderName: "consulcatalog",
Configuration: configuration,
}
case <-routineCtx.Done():
ticker.Stop()
return nil
}
}
@@ -147,6 +148,20 @@ func (p *Provider) Provide(configurationChan chan<- dynamic.Message, pool *safe.
return nil
}
func (p *Provider) loadConfiguration(ctx context.Context, configurationChan chan<- dynamic.Message) error {
data, err := p.getConsulServicesData(ctx)
if err != nil {
return err
}
configurationChan <- dynamic.Message{
ProviderName: "consulcatalog",
Configuration: p.buildConfiguration(ctx, data),
}
return nil
}
func (p *Provider) getConsulServicesData(ctx context.Context) ([]itemData, error) {
consulServiceNames, err := p.fetchServices(ctx)
if err != nil {
@@ -155,17 +170,22 @@ func (p *Provider) getConsulServicesData(ctx context.Context) ([]itemData, error
var data []itemData
for _, name := range consulServiceNames {
consulServices, healthServices, err := p.fetchService(ctx, name)
consulServices, statuses, err := p.fetchService(ctx, name)
if err != nil {
return nil, err
}
for i, consulService := range consulServices {
for _, consulService := range consulServices {
address := consulService.ServiceAddress
if address == "" {
address = consulService.Address
}
status, exists := statuses[consulService.ID+consulService.ServiceID]
if !exists {
status = api.HealthAny
}
item := itemData{
ID: consulService.ServiceID,
Node: consulService.Node,
@@ -174,7 +194,7 @@ func (p *Provider) getConsulServicesData(ctx context.Context) ([]itemData, error
Port: strconv.Itoa(consulService.ServicePort),
Labels: tagsToNeutralLabels(consulService.ServiceTags, p.Prefix),
Tags: consulService.ServiceTags,
Status: healthServices[i].Checks.AggregatedStatus(),
Status: status,
}
extraConf, err := p.getConfiguration(item)
@@ -190,13 +210,14 @@ func (p *Provider) getConsulServicesData(ctx context.Context) ([]itemData, error
return data, nil
}
func (p *Provider) fetchService(ctx context.Context, name string) ([]*api.CatalogService, []*api.ServiceEntry, error) {
func (p *Provider) fetchService(ctx context.Context, name string) ([]*api.CatalogService, map[string]string, error) {
var tagFilter string
if !p.ExposedByDefault {
tagFilter = p.Prefix + ".enable=true"
}
opts := &api.QueryOptions{AllowStale: p.Stale, RequireConsistent: p.RequireConsistent, UseCache: p.Cache}
opts = opts.WithContext(ctx)
consulServices, _, err := p.client.Catalog().Service(name, tagFilter, opts)
if err != nil {
@@ -204,7 +225,22 @@ func (p *Provider) fetchService(ctx context.Context, name string) ([]*api.Catalo
}
healthServices, _, err := p.client.Health().Service(name, tagFilter, false, opts)
return consulServices, healthServices, err
if err != nil {
return nil, nil, err
}
// Index status by service and node so it can be retrieved from a CatalogService even if the health and services
// are not in sync.
statuses := make(map[string]string)
for _, health := range healthServices {
if health.Service == nil || health.Node == nil {
continue
}
statuses[health.Node.ID+health.Service.ID] = health.Checks.AggregatedStatus()
}
return consulServices, statuses, err
}
func (p *Provider) fetchServices(ctx context.Context) ([]string, error) {

3
pkg/provider/docker/docker.go
View File

@@ -2,6 +2,7 @@ package docker
import (
"context"
"errors"
"fmt"
"io"
"net"
@@ -307,7 +308,7 @@ func (p *Provider) Provide(configurationChan chan<- dynamic.Message, pool *safe.
startStopHandle(event)
}
case err := <-errc:
if err == io.EOF {
if errors.Is(err, io.EOF) {
logger.Debug("Provider event stream closed")
}
return err

7
pkg/provider/ecs/config.go
View File

@@ -307,6 +307,13 @@ func (p Provider) getIPAddress(instance ecsInstance) string {
func getPort(instance ecsInstance, serverPort string) string {
if len(serverPort) > 0 {
for _, port := range instance.machine.ports {
containerPort := strconv.FormatInt(port.containerPort, 10)
if serverPort == containerPort {
return strconv.FormatInt(port.hostPort, 10)
}
}
return serverPort
}

135
pkg/provider/ecs/config_test.go
View File

@@ -1721,13 +1721,13 @@ func Test_buildConfiguration(t *testing.T) {
name("Test"),
labels(map[string]string{
"traefik.http.services.Service1.LoadBalancer.server.scheme": "h2c",
"traefik.http.services.Service1.LoadBalancer.server.port": "8080",
"traefik.http.services.Service1.LoadBalancer.server.port": "80",
}),
iMachine(
mState(ec2.InstanceStateNameRunning),
mPrivateIP("127.0.0.1"),
mPorts(
mPort(0, 80, "tcp"),
mPort(80, 8080, "tcp"),
),
),
),
@@ -1764,6 +1764,125 @@ func Test_buildConfiguration(t *testing.T) {
},
},
},
{
desc: "one container with label port not exposed by container",
containers: []ecsInstance{
instance(
name("Test"),
labels(map[string]string{
"traefik.http.services.Service1.LoadBalancer.server.scheme": "h2c",
"traefik.http.services.Service1.LoadBalancer.server.port": "8040",
}),
iMachine(
mState(ec2.InstanceStateNameRunning),
mPrivateIP("127.0.0.1"),
mPorts(
mPort(80, 8080, "tcp"),
),
),
),
},
expected: &dynamic.Configuration{
TCP: &dynamic.TCPConfiguration{
Routers: map[string]*dynamic.TCPRouter{},
Services: map[string]*dynamic.TCPService{},
},
UDP: &dynamic.UDPConfiguration{
Routers: map[string]*dynamic.UDPRouter{},
Services: map[string]*dynamic.UDPService{},
},
HTTP: &dynamic.HTTPConfiguration{
Routers: map[string]*dynamic.Router{
"Test": {
Service: "Service1",
Rule: "Host(`Test.traefik.wtf`)",
},
},
Middlewares: map[string]*dynamic.Middleware{},
Services: map[string]*dynamic.Service{
"Service1": {
LoadBalancer: &dynamic.ServersLoadBalancer{
Servers: []dynamic.Server{
{
URL: "h2c://127.0.0.1:8040",
},
},
PassHostHeader: Bool(true),
},
},
},
},
},
},
{
desc: "one container with label and multiple ports",
containers: []ecsInstance{
instance(
name("Test"),
labels(map[string]string{
"traefik.http.routers.Test.rule": "Host(`Test.traefik.wtf`)",
"traefik.http.routers.Test.service": "Service1",
"traefik.http.services.Service1.LoadBalancer.server.port": "4445",
"traefik.http.routers.Test2.rule": "Host(`Test.traefik.local`)",
"traefik.http.routers.Test2.service": "Service2",
"traefik.http.services.Service2.LoadBalancer.server.port": "4444",
}),
iMachine(
mState(ec2.InstanceStateNameRunning),
mPrivateIP("127.0.0.1"),
mPorts(
mPort(4444, 32123, "tcp"),
mPort(4445, 32124, "tcp"),
),
),
),
},
expected: &dynamic.Configuration{
TCP: &dynamic.TCPConfiguration{
Routers: map[string]*dynamic.TCPRouter{},
Services: map[string]*dynamic.TCPService{},
},
UDP: &dynamic.UDPConfiguration{
Routers: map[string]*dynamic.UDPRouter{},
Services: map[string]*dynamic.UDPService{},
},
HTTP: &dynamic.HTTPConfiguration{
Routers: map[string]*dynamic.Router{
"Test": {
Service: "Service1",
Rule: "Host(`Test.traefik.wtf`)",
},
"Test2": {
Service: "Service2",
Rule: "Host(`Test.traefik.local`)",
},
},
Middlewares: map[string]*dynamic.Middleware{},
Services: map[string]*dynamic.Service{
"Service1": {
LoadBalancer: &dynamic.ServersLoadBalancer{
Servers: []dynamic.Server{
{
URL: "http://127.0.0.1:32124",
},
},
PassHostHeader: Bool(true),
},
},
"Service2": {
LoadBalancer: &dynamic.ServersLoadBalancer{
Servers: []dynamic.Server{
{
URL: "http://127.0.0.1:32123",
},
},
PassHostHeader: Bool(true),
},
},
},
},
},
},
{
desc: "one container with label port on two services",
containers: []ecsInstance{
@@ -2274,13 +2393,13 @@ func Test_buildConfiguration(t *testing.T) {
labels(map[string]string{
"traefik.tcp.routers.foo.rule": "HostSNI(`foo.bar`)",
"traefik.tcp.routers.foo.tls.options": "foo",
"traefik.tcp.services.foo.loadbalancer.server.port": "8080",
"traefik.tcp.services.foo.loadbalancer.server.port": "80",
}),
iMachine(
mState(ec2.InstanceStateNameRunning),
mPrivateIP("127.0.0.1"),
mPorts(
mPort(0, 80, "tcp"),
mPort(80, 8080, "tcp"),
),
),
),
@@ -2327,13 +2446,13 @@ func Test_buildConfiguration(t *testing.T) {
name("Test"),
labels(map[string]string{
"traefik.udp.routers.foo.entrypoints": "mydns",
"traefik.udp.services.foo.loadbalancer.server.port": "8080",
"traefik.udp.services.foo.loadbalancer.server.port": "80",
}),
iMachine(
mState(ec2.InstanceStateNameRunning),
mPrivateIP("127.0.0.1"),
mPorts(
mPort(0, 80, "udp"),
mPort(80, 8080, "udp"),
),
),
),
@@ -2506,14 +2625,14 @@ func Test_buildConfiguration(t *testing.T) {
instance(
name("Test"),
labels(map[string]string{
"traefik.tcp.services.foo.loadbalancer.server.port": "8080",
"traefik.tcp.services.foo.loadbalancer.server.port": "80",
"traefik.tcp.services.foo.loadbalancer.terminationdelay": "200",
}),
iMachine(
mState(ec2.InstanceStateNameRunning),
mPrivateIP("127.0.0.1"),
mPorts(
mPort(0, 80, "tcp"),
mPort(80, 8080, "tcp"),
),
),
),

49
pkg/provider/ecs/ecs.go
View File

@@ -151,35 +151,25 @@ func (p Provider) Provide(configurationChan chan<- dynamic.Message, pool *safe.P
operation := func() error {
awsClient, err := p.createClient(logger)
if err != nil {
return err
return fmt.Errorf("unable to create AWS client: %w", err)
}
configuration, err := p.loadECSConfig(ctxLog, awsClient)
err = p.loadConfiguration(ctxLog, awsClient, configurationChan)
if err != nil {
return err
return fmt.Errorf("failed to get ECS configuration: %w", err)
}
configurationChan <- dynamic.Message{
ProviderName: "ecs",
Configuration: configuration,
}
reload := time.NewTicker(time.Second * time.Duration(p.RefreshSeconds))
defer reload.Stop()
ticker := time.NewTicker(time.Second * time.Duration(p.RefreshSeconds))
defer ticker.Stop()
for {
select {
case <-reload.C:
configuration, err := p.loadECSConfig(ctxLog, awsClient)
case <-ticker.C:
err = p.loadConfiguration(ctxLog, awsClient, configurationChan)
if err != nil {
logger.Errorf("Failed to load ECS configuration, error %s", err)
return err
return fmt.Errorf("failed to refresh ECS configuration: %w", err)
}
configurationChan <- dynamic.Message{
ProviderName: "ecs",
Configuration: configuration,
}
case <-routineCtx.Done():
return nil
}
@@ -198,6 +188,20 @@ func (p Provider) Provide(configurationChan chan<- dynamic.Message, pool *safe.P
return nil
}
func (p *Provider) loadConfiguration(ctx context.Context, client *awsClient, configurationChan chan<- dynamic.Message) error {
instances, err := p.listInstances(ctx, client)
if err != nil {
return err
}
configurationChan <- dynamic.Message{
ProviderName: "ecs",
Configuration: p.buildConfiguration(ctx, instances),
}
return nil
}
// Find all running Provider tasks in a cluster, also collect the task definitions (for docker labels)
// and the EC2 instance data.
func (p *Provider) listInstances(ctx context.Context, client *awsClient) ([]ecsInstance, error) {
@@ -365,15 +369,6 @@ func (p *Provider) listInstances(ctx context.Context, client *awsClient) ([]ecsI
return instances, nil
}
func (p *Provider) loadECSConfig(ctx context.Context, client *awsClient) (*dynamic.Configuration, error) {
instances, err := p.listInstances(ctx, client)
if err != nil {
return nil, err
}
return p.buildConfiguration(ctx, instances), nil
}
func (p *Provider) lookupEc2Instances(ctx context.Context, client *awsClient, clusterName *string, ecsDatas map[string]*ecs.Task) (map[string]*ec2.Instance, error) {
logger := log.FromContext(ctx)
instanceIds := make(map[string]string)

6
pkg/provider/http/http.go
View File

@@ -24,9 +24,9 @@ var _ provider.Provider = (*Provider)(nil)
// Provider is a provider.Provider implementation that queries an HTTP(s) endpoint for a configuration.
type Provider struct {
Endpoint string `description:"Load configuration from this endpoint." json:"endpoint" toml:"endpoint" yaml:"endpoint" export:"true"`
PollInterval ptypes.Duration `description:"Polling interval for endpoint." json:"pollInterval,omitempty" toml:"pollInterval,omitempty" yaml:"pollInterval,omitempty"`
PollTimeout ptypes.Duration `description:"Polling timeout for endpoint." json:"pollTimeout,omitempty" toml:"pollTimeout,omitempty" yaml:"pollTimeout,omitempty"`
Endpoint string `description:"Load configuration from this endpoint." json:"endpoint" toml:"endpoint" yaml:"endpoint"`
PollInterval ptypes.Duration `description:"Polling interval for endpoint." json:"pollInterval,omitempty" toml:"pollInterval,omitempty" yaml:"pollInterval,omitempty" export:"true"`
PollTimeout ptypes.Duration `description:"Polling timeout for endpoint." json:"pollTimeout,omitempty" toml:"pollTimeout,omitempty" yaml:"pollTimeout,omitempty" export:"true"`
TLS *types.ClientTLS `description:"Enable TLS support." json:"tls,omitempty" toml:"tls,omitempty" yaml:"tls,omitempty" export:"true"`
httpClient *http.Client
lastConfigurationHash uint64

90
pkg/provider/kubernetes/crd/client.go
View File

@@ -17,7 +17,6 @@ import (
"k8s.io/client-go/informers"
"k8s.io/client-go/kubernetes"
"k8s.io/client-go/rest"
"k8s.io/client-go/tools/cache"
"k8s.io/client-go/tools/clientcmd"
)
@@ -61,13 +60,14 @@ type Client interface {
// TODO: add tests for the clientWrapper (and its methods) itself.
type clientWrapper struct {
csCrd *versioned.Clientset
csKube *kubernetes.Clientset
csCrd versioned.Interface
csKube kubernetes.Interface
factoriesCrd map[string]externalversions.SharedInformerFactory
factoriesKube map[string]informers.SharedInformerFactory
factoriesCrd map[string]externalversions.SharedInformerFactory
factoriesKube map[string]informers.SharedInformerFactory
factoriesSecret map[string]informers.SharedInformerFactory
labelSelector labels.Selector
labelSelector string
isNamespaceAll bool
watchedNamespaces []string
@@ -87,12 +87,13 @@ func createClientFromConfig(c *rest.Config) (*clientWrapper, error) {
return newClientImpl(csKube, csCrd), nil
}
func newClientImpl(csKube *kubernetes.Clientset, csCrd *versioned.Clientset) *clientWrapper {
func newClientImpl(csKube kubernetes.Interface, csCrd versioned.Interface) *clientWrapper {
return &clientWrapper{
csCrd: csCrd,
csKube: csKube,
factoriesCrd: make(map[string]externalversions.SharedInformerFactory),
factoriesKube: make(map[string]informers.SharedInformerFactory),
csCrd: csCrd,
csKube: csKube,
factoriesCrd: make(map[string]externalversions.SharedInformerFactory),
factoriesKube: make(map[string]informers.SharedInformerFactory),
factoriesSecret: make(map[string]informers.SharedInformerFactory),
}
}
@@ -147,16 +148,25 @@ func newExternalClusterClient(endpoint, token, caFilePath string) (*clientWrappe
// WatchAll starts namespace-specific controllers for all relevant kinds.
func (c *clientWrapper) WatchAll(namespaces []string, stopCh <-chan struct{}) (<-chan interface{}, error) {
eventCh := make(chan interface{}, 1)
eventHandler := c.newResourceEventHandler(eventCh)
eventHandler := &resourceEventHandler{ev: eventCh}
if len(namespaces) == 0 {
namespaces = []string{metav1.NamespaceAll}
c.isNamespaceAll = true
}
c.watchedNamespaces = namespaces
notOwnedByHelm := func(opts *metav1.ListOptions) {
opts.LabelSelector = "owner!=helm"
}
matchesLabelSelector := func(opts *metav1.ListOptions) {
opts.LabelSelector = c.labelSelector
}
for _, ns := range namespaces {
factoryCrd := externalversions.NewSharedInformerFactoryWithOptions(c.csCrd, resyncPeriod, externalversions.WithNamespace(ns))
factoryCrd := externalversions.NewSharedInformerFactoryWithOptions(c.csCrd, resyncPeriod, externalversions.WithNamespace(ns), externalversions.WithTweakListOptions(matchesLabelSelector))
factoryCrd.Traefik().V1alpha1().IngressRoutes().Informer().AddEventHandler(eventHandler)
factoryCrd.Traefik().V1alpha1().Middlewares().Informer().AddEventHandler(eventHandler)
factoryCrd.Traefik().V1alpha1().IngressRouteTCPs().Informer().AddEventHandler(eventHandler)
@@ -166,18 +176,21 @@ func (c *clientWrapper) WatchAll(namespaces []string, stopCh <-chan struct{}) (<
factoryCrd.Traefik().V1alpha1().TraefikServices().Informer().AddEventHandler(eventHandler)
factoryKube := informers.NewSharedInformerFactoryWithOptions(c.csKube, resyncPeriod, informers.WithNamespace(ns))
factoryKube.Extensions().V1beta1().Ingresses().Informer().AddEventHandler(eventHandler)
factoryKube.Core().V1().Services().Informer().AddEventHandler(eventHandler)
factoryKube.Core().V1().Endpoints().Informer().AddEventHandler(eventHandler)
factoryKube.Core().V1().Secrets().Informer().AddEventHandler(eventHandler)
factorySecret := informers.NewSharedInformerFactoryWithOptions(c.csKube, resyncPeriod, informers.WithNamespace(ns), informers.WithTweakListOptions(notOwnedByHelm))
factorySecret.Core().V1().Secrets().Informer().AddEventHandler(eventHandler)
c.factoriesCrd[ns] = factoryCrd
c.factoriesKube[ns] = factoryKube
c.factoriesSecret[ns] = factorySecret
}
for _, ns := range namespaces {
c.factoriesCrd[ns].Start(stopCh)
c.factoriesKube[ns].Start(stopCh)
c.factoriesSecret[ns].Start(stopCh)
}
for _, ns := range namespaces {
@@ -192,6 +205,12 @@ func (c *clientWrapper) WatchAll(namespaces []string, stopCh <-chan struct{}) (<
return nil, fmt.Errorf("timed out waiting for controller caches to sync %s in namespace %q", t.String(), ns)
}
}
for t, ok := range c.factoriesSecret[ns].WaitForCacheSync(stopCh) {
if !ok {
return nil, fmt.Errorf("timed out waiting for controller caches to sync %s in namespace %q", t.String(), ns)
}
}
}
return eventCh, nil
@@ -201,7 +220,7 @@ func (c *clientWrapper) GetIngressRoutes() []*v1alpha1.IngressRoute {
var result []*v1alpha1.IngressRoute
for ns, factory := range c.factoriesCrd {
ings, err := factory.Traefik().V1alpha1().IngressRoutes().Lister().List(c.labelSelector)
ings, err := factory.Traefik().V1alpha1().IngressRoutes().Lister().List(labels.Everything())
if err != nil {
log.Errorf("Failed to list ingress routes in namespace %s: %v", ns, err)
}
@@ -215,7 +234,7 @@ func (c *clientWrapper) GetIngressRouteTCPs() []*v1alpha1.IngressRouteTCP {
var result []*v1alpha1.IngressRouteTCP
for ns, factory := range c.factoriesCrd {
ings, err := factory.Traefik().V1alpha1().IngressRouteTCPs().Lister().List(c.labelSelector)
ings, err := factory.Traefik().V1alpha1().IngressRouteTCPs().Lister().List(labels.Everything())
if err != nil {
log.Errorf("Failed to list tcp ingress routes in namespace %s: %v", ns, err)
}
@@ -229,7 +248,7 @@ func (c *clientWrapper) GetIngressRouteUDPs() []*v1alpha1.IngressRouteUDP {
var result []*v1alpha1.IngressRouteUDP
for ns, factory := range c.factoriesCrd {
ings, err := factory.Traefik().V1alpha1().IngressRouteUDPs().Lister().List(c.labelSelector)
ings, err := factory.Traefik().V1alpha1().IngressRouteUDPs().Lister().List(labels.Everything())
if err != nil {
log.Errorf("Failed to list udp ingress routes in namespace %s: %v", ns, err)
}
@@ -243,7 +262,7 @@ func (c *clientWrapper) GetMiddlewares() []*v1alpha1.Middleware {
var result []*v1alpha1.Middleware
for ns, factory := range c.factoriesCrd {
middlewares, err := factory.Traefik().V1alpha1().Middlewares().Lister().List(c.labelSelector)
middlewares, err := factory.Traefik().V1alpha1().Middlewares().Lister().List(labels.Everything())
if err != nil {
log.Errorf("Failed to list middlewares in namespace %s: %v", ns, err)
}
@@ -269,7 +288,7 @@ func (c *clientWrapper) GetTraefikServices() []*v1alpha1.TraefikService {
var result []*v1alpha1.TraefikService
for ns, factory := range c.factoriesCrd {
ings, err := factory.Traefik().V1alpha1().TraefikServices().Lister().List(c.labelSelector)
ings, err := factory.Traefik().V1alpha1().TraefikServices().Lister().List(labels.Everything())
if err != nil {
log.Errorf("Failed to list Traefik services in namespace %s: %v", ns, err)
}
@@ -284,7 +303,7 @@ func (c *clientWrapper) GetTLSOptions() []*v1alpha1.TLSOption {
var result []*v1alpha1.TLSOption
for ns, factory := range c.factoriesCrd {
options, err := factory.Traefik().V1alpha1().TLSOptions().Lister().List(c.labelSelector)
options, err := factory.Traefik().V1alpha1().TLSOptions().Lister().List(labels.Everything())
if err != nil {
log.Errorf("Failed to list tls options in namespace %s: %v", ns, err)
}
@@ -299,7 +318,7 @@ func (c *clientWrapper) GetTLSStores() []*v1alpha1.TLSStore {
var result []*v1alpha1.TLSStore
for ns, factory := range c.factoriesCrd {
stores, err := factory.Traefik().V1alpha1().TLSStores().Lister().List(c.labelSelector)
stores, err := factory.Traefik().V1alpha1().TLSStores().Lister().List(labels.Everything())
if err != nil {
log.Errorf("Failed to list tls stores in namespace %s: %v", ns, err)
}
@@ -337,7 +356,7 @@ func (c *clientWrapper) GetSecret(namespace, name string) (*corev1.Secret, bool,
return nil, false, fmt.Errorf("failed to get secret %s/%s: namespace is not within watched namespaces", namespace, name)
}
secret, err := c.factoriesKube[c.lookupNamespace(namespace)].Core().V1().Secrets().Lister().Secrets(namespace).Get(name)
secret, err := c.factoriesSecret[c.lookupNamespace(namespace)].Core().V1().Secrets().Lister().Secrets(namespace).Get(name)
exist, err := translateNotFoundError(err)
return secret, exist, err
}
@@ -355,31 +374,6 @@ func (c *clientWrapper) lookupNamespace(ns string) string {
return ns
}
func (c *clientWrapper) newResourceEventHandler(events chan<- interface{}) cache.ResourceEventHandler {
return &cache.FilteringResourceEventHandler{
FilterFunc: func(obj interface{}) bool {
// Ignore Ingresses that do not match our custom label selector.
switch v := obj.(type) {
case *v1alpha1.IngressRoute:
return c.labelSelector.Matches(labels.Set(v.GetLabels()))
case *v1alpha1.IngressRouteTCP:
return c.labelSelector.Matches(labels.Set(v.GetLabels()))
case *v1alpha1.TraefikService:
return c.labelSelector.Matches(labels.Set(v.GetLabels()))
case *v1alpha1.TLSOption:
return c.labelSelector.Matches(labels.Set(v.GetLabels()))
case *v1alpha1.TLSStore:
return c.labelSelector.Matches(labels.Set(v.GetLabels()))
case *v1alpha1.Middleware:
return c.labelSelector.Matches(labels.Set(v.GetLabels()))
default:
return true
}
},
Handler: &resourceEventHandler{ev: events},
}
}
// eventHandlerFunc will pass the obj on to the events channel or drop it.
// This is so passing the events along won't block in the case of high volume.
// The events are only used for signaling anyway so dropping a few is ok.

65
pkg/provider/kubernetes/crd/client_test.go Normal file
View File

@@ -0,0 +1,65 @@
package crd
import (
"testing"
"time"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
crdfake "github.com/traefik/traefik/v2/pkg/provider/kubernetes/crd/generated/clientset/versioned/fake"
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
kubefake "k8s.io/client-go/kubernetes/fake"
)
func TestClientIgnoresHelmOwnedSecrets(t *testing.T) {
secret := &corev1.Secret{
ObjectMeta: metav1.ObjectMeta{
Namespace: "default",
Name: "secret",
},
}
helmSecret := &corev1.Secret{
ObjectMeta: metav1.ObjectMeta{
Namespace: "default",
Name: "helm-secret",
Labels: map[string]string{
"owner": "helm",
},
},
}
kubeClient := kubefake.NewSimpleClientset(helmSecret, secret)
crdClient := crdfake.NewSimpleClientset()
client := newClientImpl(kubeClient, crdClient)
stopCh := make(chan struct{})
eventCh, err := client.WatchAll(nil, stopCh)
require.NoError(t, err)
select {
case event := <-eventCh:
secret, ok := event.(*corev1.Secret)
require.True(t, ok)
assert.NotEqual(t, "helm-secret", secret.Name)
case <-time.After(50 * time.Millisecond):
assert.Fail(t, "expected to receive event for secret")
}
select {
case <-eventCh:
assert.Fail(t, "received more than one event")
case <-time.After(50 * time.Millisecond):
}
_, found, err := client.GetSecret("default", "secret")
require.NoError(t, err)
assert.True(t, found)
_, found, err = client.GetSecret("default", "helm-secret")
require.NoError(t, err)
assert.False(t, found)
}

70
pkg/provider/kubernetes/crd/fixtures/services.yml
View File

@@ -119,6 +119,35 @@ subsets:
- name: websecure2
port: 8443
---
apiVersion: v1
kind: Service
metadata:
name: whoami-ipv6
namespace: default
spec:
ports:
- name: web
port: 8080
selector:
app: traefiklabs
task: whoami-ipv6
---
kind: Endpoints
apiVersion: v1
metadata:
name: whoami-ipv6
namespace: default
subsets:
- addresses:
- ip: "2001:db8:85a3:8d3:1319:8a2e:370:7348"
ports:
- name: web
port: 8080
---
apiVersion: v1
kind: Service
@@ -157,5 +186,46 @@ spec:
protocol: TCP
port: 443
---
apiVersion: v1
kind: Service
metadata:
name: external-svc-with-ipv6
namespace: default
spec:
externalName: "2001:db8:85a3:8d3:1319:8a2e:370:7347"
type: ExternalName
ports:
- name: http
protocol: TCP
port: 8080
---
apiVersion: v1
kind: Service
metadata:
name: whoami-svc
namespace: cross-ns
spec:
ports:
- name: web
port: 80
selector:
app: traefiklabs
task: whoami
---
kind: Endpoints
apiVersion: v1
metadata:
name: whoami-svc
namespace: cross-ns
subsets:
- addresses:
- ip: 10.10.0.1
- ip: 10.10.0.2
ports:
- name: web
port: 80

72
pkg/provider/kubernetes/crd/fixtures/tcp/services.yml
View File

@@ -132,6 +132,36 @@ subsets:
- name: myapp4
port: 8084
---
apiVersion: v1
kind: Service
metadata:
name: whoamitcp-ipv6
namespace: default
spec:
ports:
- name: myapp-ipv6
port: 8080
selector:
app: traefiklabs
task: whoamitcp-ipv6
---
kind: Endpoints
apiVersion: v1
metadata:
name: whoamitcp-ipv6
namespace: default
subsets:
- addresses:
- ip: "fd00:10:244:0:1::3"
- ip: "2001:db8:85a3:8d3:1319:8a2e:370:7348"
ports:
- name: myapp-ipv6
port: 8080
---
apiVersion: v1
kind: Service
@@ -167,4 +197,44 @@ spec:
type: ExternalName
ports:
- name: http
protocol: TCP
protocol: TCP
---
apiVersion: v1
kind: Service
metadata:
name: external.service.with.ipv6
namespace: default
spec:
externalName: "fe80::200:5aee:feaa:20a2"
type: ExternalName
---
apiVersion: v1
kind: Service
metadata:
name: whoamitcp-cross-ns
namespace: cross-ns
spec:
ports:
- name: myapp
port: 8000
selector:
app: traefiklabs
task: whoamitcp
---
kind: Endpoints
apiVersion: v1
metadata:
name: whoamitcp-cross-ns
namespace: cross-ns
subsets:
- addresses:
- ip: 10.10.0.1
- ip: 10.10.0.2
ports:
- name: myapp
port: 8000

16
pkg/provider/kubernetes/crd/fixtures/tcp/with_cross_namespace.yml Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteTCP
metadata:
name: test.route
namespace: default
spec:
entryPoints:
- foo
routes:
- match: HostSNI(`foo.com`)
services:
- name: whoamitcp-cross-ns
namespace: cross-ns
port: 8000

17
pkg/provider/kubernetes/crd/fixtures/tcp/with_ipv6.yml Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteTCP
metadata:
name: test.route
namespace: default
spec:
entryPoints:
- foo
routes:
- match: HostSNI(`*`)
services:
- name: whoamitcp-ipv6
port: 8080
- name: external.service.with.ipv6
port: 8080

59
pkg/provider/kubernetes/crd/fixtures/udp/services.yml
View File

@@ -101,3 +101,62 @@ subsets:
ports:
- name: myapp4
port: 8084
---
apiVersion: v1
kind: Service
metadata:
name: whoamiudp-ipv6
namespace: default
spec:
ports:
- name: myapp-ipv6
port: 8080
selector:
app: traefiklabs
task: whoamiudp-ipv6
---
kind: Endpoints
apiVersion: v1
metadata:
name: whoamiudp-ipv6
namespace: default
subsets:
- addresses:
- ip: "fd00:10:244:0:1::3"
ports:
- name: myapp-ipv6
port: 8080
---
apiVersion: v1
kind: Service
metadata:
name: whoamiudp-cross-ns
namespace: cross-ns
spec:
ports:
- name: myapp
port: 8000
selector:
app: traefiklabs
task: whoamiudp
---
kind: Endpoints
apiVersion: v1
metadata:
name: whoamiudp-cross-ns
namespace: cross-ns
subsets:
- addresses:
- ip: 10.10.0.1
- ip: 10.10.0.2
ports:
- name: myapp
port: 8000

15
pkg/provider/kubernetes/crd/fixtures/udp/with_cross_namespace.yml Normal file
View File

@@ -0,0 +1,15 @@
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteUDP
metadata:
name: test.route
namespace: default
spec:
entryPoints:
- foo
routes:
- services:
- name: whoamiudp-cross-ns
namespace: cross-ns
port: 8000

14
pkg/provider/kubernetes/crd/fixtures/udp/with_ipv6.yml Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteUDP
metadata:
name: test.route
namespace: default
spec:
entryPoints:
- foo
routes:
- services:
- name: whoamiudp-ipv6
port: 8080

91
pkg/provider/kubernetes/crd/fixtures/with_cross_namespace.yml Normal file
View File

@@ -0,0 +1,91 @@
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: cross-ns-route
namespace: default
spec:
entryPoints:
- foo
routes:
- match: Host(`foo.com`) && PathPrefix(`/bar`)
kind: Rule
priority: 12
services:
- name: whoami-svc
namespace: cross-ns
port: 80
- name: tr-svc-wrr1
kind: TraefikService
- name: tr-svc-wrr2
namespace: cross-ns
kind: TraefikService
- name: tr-svc-mirror1
kind: TraefikService
- name: tr-svc-mirror2
namespace: cross-ns
kind: TraefikService
---
apiVersion: traefik.containo.us/v1alpha1
kind: TraefikService
metadata:
name: tr-svc-wrr1
namespace: default
spec:
weighted:
services:
- name: whoami-svc
namespace: cross-ns
weight: 1
port: 80
---
apiVersion: traefik.containo.us/v1alpha1
kind: TraefikService
metadata:
name: tr-svc-wrr2
namespace: cross-ns
spec:
weighted:
services:
- name: whoami-svc
weight: 1
port: 80
---
apiVersion: traefik.containo.us/v1alpha1
kind: TraefikService
metadata:
name: tr-svc-mirror1
namespace: default
spec:
mirroring:
name: whoami
port: 80
mirrors:
- name: whoami-svc
namespace: cross-ns
percent: 20
port: 80
---
apiVersion: traefik.containo.us/v1alpha1
kind: TraefikService
metadata:
name: tr-svc-mirror2
namespace: cross-ns
spec:
mirroring:
name: whoami-svc
port: 80
mirrors:
- name: whoami-svc
namespace: cross-ns
percent: 20
port: 80

18
pkg/provider/kubernetes/crd/fixtures/with_ipv6.yml Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: test.route
namespace: default
spec:
entryPoints:
- foo
routes:
- match: Host(`foo.com`) && PathPrefix(`/bar`)
kind: Rule
services:
- name: whoami-ipv6
port: 8080
- name: external-svc-with-ipv6
port: 8080

58
pkg/provider/kubernetes/crd/fixtures/with_middleware_cross_namespace.yml Normal file
View File

@@ -0,0 +1,58 @@
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: test-crossnamespace.route
namespace: default
spec:
entryPoints:
- foo
routes:
- match: Host(`foo.com`) && PathPrefix(`/bar`)
kind: Rule
priority: 12
services:
- name: whoami
namespace: default
port: 80
middlewares:
- name: stripprefix
namespace: cross-ns
- match: Host(`foo.com`) && PathPrefix(`/bir`)
kind: Rule
priority: 12
services:
- name: whoami
namespace: default
port: 80
middlewares:
- name: test-errorpage
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: stripprefix
namespace: cross-ns
spec:
stripPrefix:
prefixes:
- /stripit
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: test-errorpage
namespace: default
spec:
errors:
status:
- 500-599
query: /{status}.html
service:
name: whoami-svc
namespace: cross-ns
port: 80

2
pkg/provider/kubernetes/crd/generated/clientset/versioned/clientset.go
View File

@@ -1,7 +1,7 @@
/*
The MIT License (MIT)
Copyright (c) 2016-2020 Containous SAS; 2020-2020 Traefik Labs
Copyright (c) 2016-2020 Containous SAS; 2020-2021 Traefik Labs
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal

2
pkg/provider/kubernetes/crd/generated/clientset/versioned/doc.go
View File

@@ -1,7 +1,7 @@
/*
The MIT License (MIT)
Copyright (c) 2016-2020 Containous SAS; 2020-2020 Traefik Labs
Copyright (c) 2016-2020 Containous SAS; 2020-2021 Traefik Labs
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal

2
pkg/provider/kubernetes/crd/generated/clientset/versioned/fake/clientset_generated.go
View File

@@ -1,7 +1,7 @@
/*
The MIT License (MIT)
Copyright (c) 2016-2020 Containous SAS; 2020-2020 Traefik Labs
Copyright (c) 2016-2020 Containous SAS; 2020-2021 Traefik Labs
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal

2
pkg/provider/kubernetes/crd/generated/clientset/versioned/fake/doc.go
View File

@@ -1,7 +1,7 @@
/*
The MIT License (MIT)
Copyright (c) 2016-2020 Containous SAS; 2020-2020 Traefik Labs
Copyright (c) 2016-2020 Containous SAS; 2020-2021 Traefik Labs
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal

2
pkg/provider/kubernetes/crd/generated/clientset/versioned/fake/register.go
View File

@@ -1,7 +1,7 @@
/*
The MIT License (MIT)
Copyright (c) 2016-2020 Containous SAS; 2020-2020 Traefik Labs
Copyright (c) 2016-2020 Containous SAS; 2020-2021 Traefik Labs
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal

2
pkg/provider/kubernetes/crd/generated/clientset/versioned/scheme/doc.go
View File

@@ -1,7 +1,7 @@
/*
The MIT License (MIT)
Copyright (c) 2016-2020 Containous SAS; 2020-2020 Traefik Labs
Copyright (c) 2016-2020 Containous SAS; 2020-2021 Traefik Labs
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal

Some files were not shown because too many files have changed in this diff Show More