Prepare release v1.7.12

Co-authored-by: Ludovic Fernandez <ldez@users.noreply.github.com>

.travis.yml

@@ -30,7 +30,7 @@ before_deploy:
         make -j${N_MAKE_JOBS} crossbinary-parallel;
         tar cfz dist/traefik-${VERSION}.src.tar.gz --exclude-vcs --exclude dist .;
       fi;
-      curl -sfL https://raw.githubusercontent.com/containous/structor/master/godownloader.sh | bash -s -- -b "${GOPATH}/bin" v1.7.0
+      curl -sfL https://raw.githubusercontent.com/containous/structor/master/godownloader.sh | bash -s -- -b "${GOPATH}/bin" ${STRUCTOR_VERSION}
       structor -o containous -r traefik --dockerfile-url="https://raw.githubusercontent.com/containous/traefik/v1.7/docs.Dockerfile" --menu.js-url="https://raw.githubusercontent.com/containous/structor/master/traefik-menu.js.gotmpl" --rqts-url="https://raw.githubusercontent.com/containous/structor/master/requirements-override.txt" --exp-branch=master --force-edit-url --debug;
     fi
 deploy:

CHANGELOG.md

@@ -1,5 +1,40 @@
 # Change Log
 
+## [v1.7.12](https://github.com/containous/traefik/tree/v1.7.12) (2019-05-29)
+[All Commits](https://github.com/containous/traefik/compare/v1.7.11...v1.7.12)
+
+**Bug fixes:**
+- **[acme]** Allow SANs for wildcards domain. ([#4821](https://github.com/containous/traefik/pull/4821) by [vizv](https://github.com/vizv))
+- **[acme]** fix: update lego. ([#4910](https://github.com/containous/traefik/pull/4910) by [ldez](https://github.com/ldez))
+- **[api,authentication]** Remove authentication hashes from API ([#4918](https://github.com/containous/traefik/pull/4918) by [ldez](https://github.com/ldez))
+- **[consul]** Enhance KV logs. ([#4877](https://github.com/containous/traefik/pull/4877) by [ldez](https://github.com/ldez))
+- **[k8s]** Fix kubernetes template for backend responseforwarding flushinterval setting ([#4901](https://github.com/containous/traefik/pull/4901) by [ravilr](https://github.com/ravilr))
+- **[metrics]** Upgraded DataDog tracing library to 1.13.0 ([#4878](https://github.com/containous/traefik/pull/4878) by [aantono](https://github.com/aantono))
+- **[server]** Add missing callback on close of hijacked connections ([#4900](https://github.com/containous/traefik/pull/4900) by [ravilr](https://github.com/ravilr))
+
+**Documentation:**
+- **[docker]** Docs: Troubleshooting help for Docker Swarm labels ([#4751](https://github.com/containous/traefik/pull/4751) by [gregberns](https://github.com/gregberns))
+- **[logs]** Adds a log fields documentation. ([#4890](https://github.com/containous/traefik/pull/4890) by [ldez](https://github.com/ldez))
+
+## [v1.7.11](https://github.com/containous/traefik/tree/v1.7.11) (2019-04-26)
+[All Commits](https://github.com/containous/traefik/compare/v1.7.10...v1.7.11)
+
+**Enhancements:**
+- **[k8s,k8s/ingress]** Enhance k8s tests maintainability ([#4696](https://github.com/containous/traefik/pull/4696) by [ldez](https://github.com/ldez))
+
+**Bug fixes:**
+- **[acme]** fix: update lego. ([#4800](https://github.com/containous/traefik/pull/4800) by [ldez](https://github.com/ldez))
+- **[authentication,middleware]** Forward all header values from forward auth response ([#4515](https://github.com/containous/traefik/pull/4515) by [ctas582](https://github.com/ctas582))
+- **[cluster]** Remove usage of github.com/satori/go.uuid ([#4722](https://github.com/containous/traefik/pull/4722) by [aaslamin](https://github.com/aaslamin))
+- **[kv]** Enhance KV client error management ([#4819](https://github.com/containous/traefik/pull/4819) by [jbdoumenjou](https://github.com/jbdoumenjou))
+- **[tls]** Improve log message about redundant TLS certificate ([#4765](https://github.com/containous/traefik/pull/4765) by [mpl](https://github.com/mpl))
+- **[tracing]** Update zipkin-go-opentracing. ([#4720](https://github.com/containous/traefik/pull/4720) by [ldez](https://github.com/ldez))
+
+**Documentation:**
+- **[acme]** Documentation Update: Hosting.de wildcard support tested ([#4747](https://github.com/containous/traefik/pull/4747) by [martinhoefling](https://github.com/martinhoefling))
+- **[acme]** Update Wildcard Domain documentation ([#4682](https://github.com/containous/traefik/pull/4682) by [DWSR](https://github.com/DWSR))
+- **[middleware]** Keep consistent order ([#4690](https://github.com/containous/traefik/pull/4690) by [maxifom](https://github.com/maxifom))
+
 ## [v1.7.10](https://github.com/containous/traefik/tree/v1.7.10) (2019-03-28)
 [All Commits](https://github.com/containous/traefik/compare/v1.7.9...v1.7.10)
 

CONTRIBUTING.md

@@ -158,7 +158,7 @@ Integration tests must be run from the `integration/` directory and require the
 
 ## Documentation
 
-The [documentation site](http://docs.traefik.io/) is built with [mkdocs](http://mkdocs.org/)
+The [documentation site](https://docs.traefik.io/) is built with [mkdocs](https://mkdocs.org/)
 
 ### Building Documentation
 

Gopkg.lock

@@ -96,6 +96,14 @@
   pruneopts = "NUT"
   revision = "2fd0705ce648e602e6c9c57329a174270a4f6688"
 
+[[projects]]
+  digest = "1:25870183293a3fb61cc9afd060a61d63a486f091db72af01a8ea3449f5ca530d"
+  name = "github.com/Masterminds/goutils"
+  packages = ["."]
+  pruneopts = "NUT"
+  revision = "41ac8693c5c10a92ea1ff5ac3a7f95646f6123b0"
+  version = "v1.1.0"
+
 [[projects]]
   digest = "1:0ce2a409217f52078c6b8642993deb1025940cded6d5054047c1d5c7379f753c"
   name = "github.com/Masterminds/semver"
@@ -105,11 +113,12 @@
   version = "v1.2.2"
 
 [[projects]]
-  digest = "1:a49472e7d73071005f436b7da85567220f24bb26fbfccbec45d2cd1359d4c67d"
+  digest = "1:876a1121171c083c4e3a4789683d02a40c0f644c8190da521d15b59799f556d6"
   name = "github.com/Masterminds/sprig"
   packages = ["."]
   pruneopts = "NUT"
-  revision = "e039e20e500c2c025d9145be375e27cf42a94174"
+  revision = "9f8fceff796fb9f4e992cd2bece016be0121ab74"
+  version = "2.19.0"
 
 [[projects]]
   digest = "1:c8e7aea759874984f67a75e43fe764137188b1b062e27639efcba4b801fbcf42"
@@ -238,20 +247,12 @@
   version = "1.27.7"
 
 [[projects]]
-  digest = "1:975108e8d4f5dab096fc991326e96a5716ee8d02e5e7386bb4796171afc4ab9a"
-  name = "github.com/aokoli/goutils"
-  packages = ["."]
-  pruneopts = "NUT"
-  revision = "3391d3790d23d03408670993e957e8f408993c34"
-  version = "v1.0.1"
-
-[[projects]]
-  digest = "1:9752dad5e89cd779096bf2477a4ded16bea7ac62de453c8d6b4bf841d51a8512"
+  digest = "1:b39cf81d5f440b9c0757a25058432d33af867e5201109bf53621356d9dab4b73"
   name = "github.com/apache/thrift"
   packages = ["lib/go/thrift"]
   pruneopts = "NUT"
-  revision = "b2a4d4ae21c789b689dd162deb819665567f481c"
-  version = "0.10.0"
+  revision = "384647d290e2e4a55a14b1b7ef1b7e66293a2c33"
+  version = "v0.12.0"
 
 [[projects]]
   branch = "master"
@@ -734,7 +735,7 @@
   revision = "73d445a93680fa1a78ae23a5839bad48f32ba1ee"
 
 [[projects]]
-  digest = "1:a04af13190b67ff69cf8fcd79ee133a24c4a7a900cacbc296261dd43f3fbde5c"
+  digest = "1:d82b2dc81c551e7c15f31523a2cc8ee9121b39cfbf63174d98a0bc8edf2d3c5e"
   name = "github.com/go-acme/lego"
   packages = [
     "acme",
@@ -758,6 +759,7 @@
     "providers/dns/alidns",
     "providers/dns/auroradns",
     "providers/dns/azure",
+    "providers/dns/bindman",
     "providers/dns/bluecat",
     "providers/dns/cloudflare",
     "providers/dns/cloudns",
@@ -776,6 +778,7 @@
     "providers/dns/dreamhost",
     "providers/dns/duckdns",
     "providers/dns/dyn",
+    "providers/dns/easydns",
     "providers/dns/exec",
     "providers/dns/exoscale",
     "providers/dns/fastdns",
@@ -788,6 +791,7 @@
     "providers/dns/httpreq",
     "providers/dns/iij",
     "providers/dns/inwx",
+    "providers/dns/joker",
     "providers/dns/lightsail",
     "providers/dns/linode",
     "providers/dns/linodev4",
@@ -819,8 +823,8 @@
     "registration",
   ]
   pruneopts = "NUT"
-  revision = "aaecc1ca7254190b71c5f01f57ee3bb6701bc937"
-  version = "v2.4.0"
+  revision = "01903cdfb9869df45cf5274c53226823a2532f2d"
+  version = "v2.6.0"
 
 [[projects]]
   branch = "fork-containous"
@@ -831,6 +835,14 @@
   revision = "ca0bf163426aa183d03fd4949101785c0347f273"
   source = "github.com/containous/check"
 
+[[projects]]
+  digest = "1:ea1d5bfdb4ec5c2ee48c97865e6de1a28fa8c4849a3f56b27d521aa619038e06"
+  name = "github.com/go-errors/errors"
+  packages = ["."]
+  pruneopts = "NUT"
+  revision = "a6af135bd4e28680facf08a3d206b454abc877a4"
+  version = "v1.0.1"
+
 [[projects]]
   digest = "1:5e92676b56ce4c69edf9ee1f6343c56f637e30af11b9d8b5edd1b6530f3fbc3d"
   name = "github.com/go-ini/ini"
@@ -1110,11 +1122,12 @@
   revision = "19f2c401e122352c047a84d6584dd51e2fb8fcc4"
 
 [[projects]]
-  digest = "1:45e66b20393507035c6a7d15bef5ffe8faf5b083621c1284d9824cc052776de5"
+  digest = "1:dc54242755f5b6721dd880843de6e45fe234838ea9149ec8249951880fd5802f"
   name = "github.com/huandu/xstrings"
   packages = ["."]
   pruneopts = "NUT"
-  revision = "3959339b333561bf62a38b424fd41517c2c90f40"
+  revision = "f02667b379e2fb5916c3cda2cf31e0eb885d79f8"
+  version = "v1.2.0"
 
 [[projects]]
   branch = "master"
@@ -1216,6 +1229,25 @@
   pruneopts = "NUT"
   revision = "b84e30acd515aadc4b783ad4ff83aff3299bdfe0"
 
+[[projects]]
+  digest = "1:1082aeb059ff66b4fb6da53f9e7591726c6a81901f05ce48a470091784b23914"
+  name = "github.com/labbsr0x/bindman-dns-webhook"
+  packages = [
+    "src/client",
+    "src/types",
+  ]
+  pruneopts = "NUT"
+  revision = "234ca2a50eebc2095f42a884709a6e9013366d86"
+  version = "v1.0.0"
+
+[[projects]]
+  branch = "master"
+  digest = "1:ad2a63b2d6dfe7d66bf14c01f1171a3951abef6e0fb136170359c3f7c4f51615"
+  name = "github.com/labbsr0x/goh"
+  packages = ["gohclient"]
+  pruneopts = "NUT"
+  revision = "94bcf1cb07b70b26b72ad54b2b050bcd0a66a9c8"
+
 [[projects]]
   branch = "master"
   digest = "1:5a96e1f04259484b3dd183ca95d1e7bff768b1bab36c530e308a8d56243b50c7"
@@ -1480,8 +1512,8 @@
   version = "v1.0.2"
 
 [[projects]]
-  digest = "1:07c44a0ce6012eafd2f05b715d30852d576aeda7798b8760a2ff51b1e90eb753"
-  name = "github.com/openzipkin/zipkin-go-opentracing"
+  digest = "1:0f4793617dc898d3ee99fe1abab076d3976a9d17d14f8327af2dc3f1ec0fd92c"
+  name = "github.com/openzipkin-contrib/zipkin-go-opentracing"
   packages = [
     ".",
     "flag",
@@ -1491,7 +1523,8 @@
     "wire",
   ]
   pruneopts = "NUT"
-  revision = "1f5c07e90700ae93ddcba0c7af7d9c7201646ccc"
+  revision = "f0f479ad013a498e4cbfb369414e5d3880903779"
+  version = "v0.3.5"
 
 [[projects]]
   digest = "1:8a5a270130e940b167027e8c9a07c20d01410bd6053160432351139ddc2cb501"
@@ -1645,17 +1678,18 @@
   revision = "256dc444b735e061061cf46c809487313d5b0065"
 
 [[projects]]
-  branch = "master"
-  digest = "1:fff470b0a7bbf05cfe8bfc73bfdf4d21eb009ea84e601f3d27781474e5da960f"
+  digest = "1:253f275bd72c42f8d234712d1574c8b222fe9b72838bfaca11b21ace9c0e3d0a"
   name = "github.com/sacloud/libsacloud"
   packages = [
     ".",
     "api",
     "sacloud",
     "sacloud/ostype",
+    "utils/mutexkv",
   ]
   pruneopts = "NUT"
-  revision = "306ea89b6ef19334614f7b0fc5aa19595022bb8c"
+  revision = "41c392dee98a83260abbe0fcd5c13beb7c75d103"
+  version = "v1.21.1"
 
 [[projects]]
   digest = "1:142520cf3c9bb85449dd0000f820b8c604531587ee654793c54909be7dabadac"
@@ -1716,13 +1750,11 @@
   revision = "c4434f09ec131ecf30f986d5dcb1636508bfa49a"
 
 [[projects]]
-  branch = "containous-fork"
   digest = "1:84b9a5318d8ce3b8a9b1509bf15734f4f9dcd4decf9d9e9c7346a16c7b64d49e"
   name = "github.com/thoas/stats"
   packages = ["."]
   pruneopts = "NUT"
   revision = "4975baf6a358ed3ddaa42133996e1959f96c9300"
-  source = "github.com/containous/stats"
 
 [[projects]]
   branch = "master"
@@ -1836,7 +1868,7 @@
 
 [[projects]]
   branch = "master"
-  digest = "1:c878a802780168c80738d74607d14e7cb8765706990ae1260a3fd271c2c3b133"
+  digest = "1:86f14aadf288fe3ad8ac060bcb2b5083cec3829dd883803486ec834d031060c9"
   name = "github.com/vulcand/oxy"
   packages = [
     "buffer",
@@ -1849,7 +1881,7 @@
     "utils",
   ]
   pruneopts = "NUT"
-  revision = "c34b0c501e43223bc816ac9b40b0ac29c44c8952"
+  revision = "0d102f45103cf49a95b5c6e810e092973cbcb68c"
 
 [[projects]]
   digest = "1:ca6bac407fedc14fbeeba861dd33a821ba3a1624c10126ec6003b0a28d4139c5"
@@ -1882,6 +1914,42 @@
   pruneopts = "NUT"
   revision = "0c8571ac0ce161a5feb57375a9cdf148c98c0f70"
 
+[[projects]]
+  digest = "1:045bc0ab96bb83bdffd2606f019003da03d1c139d3cb8aad13596863e4dd37d6"
+  name = "go.opencensus.io"
+  packages = [
+    ".",
+    "internal",
+    "internal/tagencoding",
+    "metric/metricdata",
+    "metric/metricproducer",
+    "plugin/ochttp",
+    "plugin/ochttp/propagation/b3",
+    "resource",
+    "stats",
+    "stats/internal",
+    "stats/view",
+    "tag",
+    "trace",
+    "trace/internal",
+    "trace/propagation",
+    "trace/tracestate",
+  ]
+  pruneopts = "NUT"
+  revision = "75c0cca22312e51bfd4fafdbe9197ae399e18b38"
+  version = "v0.20.2"
+
+[[projects]]
+  branch = "master"
+  digest = "1:02fe59517e10f9b400b500af8ac228c74cecb0cba7a5f438d8283edb97e14270"
+  name = "go.uber.org/ratelimit"
+  packages = [
+    ".",
+    "internal/clock",
+  ]
+  pruneopts = "NUT"
+  revision = "c15da02342779cb6dc027fc95ee2277787698f36"
+
 [[projects]]
   branch = "master"
   digest = "1:30c1930f8c9fee79f3af60c8b7cd92edd12a4f22187f5527d53509b1a794f555"
@@ -1986,16 +2054,21 @@
 
 [[projects]]
   branch = "master"
-  digest = "1:da32ebe70dd3ec97d2df26281b08b18d05c2f12491ae79f389813f6c8d3006b3"
+  digest = "1:70c173b8ecc111dd01dc07f0ada72c076e4ed91618ee559312ef8adf154cc539"
   name = "google.golang.org/api"
   packages = [
     "dns/v1",
     "gensupport",
     "googleapi",
     "googleapi/internal/uritemplates",
+    "googleapi/transport",
+    "internal",
+    "option",
+    "transport/http",
+    "transport/http/internal/propagation",
   ]
   pruneopts = "NUT"
-  revision = "de943baf05a022a8f921b544b7827bacaba1aed5"
+  revision = "bbbc0e98e3cc6ddcebca23f9ac35acda33bd5b38"
 
 [[projects]]
   digest = "1:7206d98ec77c90c72ec2c405181a1dcf86965803b6dbc4f98ceab7a5047c37a9"
@@ -2057,7 +2130,7 @@
   version = "v1.12.0"
 
 [[projects]]
-  digest = "1:b886012746f19e2a7c6c3901ea9f86e8a5e32ff2b4407086f4f3181269976957"
+  digest = "1:2d9005f36a1bd4f00c3fd501f87cd82909aa69b5fe15aee28636cced39c9ecfe"
   name = "gopkg.in/DataDog/dd-trace-go.v1"
   packages = [
     "ddtrace",
@@ -2065,10 +2138,11 @@
     "ddtrace/internal",
     "ddtrace/opentracer",
     "ddtrace/tracer",
+    "internal/globalconfig",
   ]
   pruneopts = "NUT"
-  revision = "7fb2bce4b1ed6ab61f7a9e1be30dea56de19db7c"
-  version = "v1.8.0"
+  revision = "eed4d38387cb9c74f7a29cb3eb9b06155a09d259"
+  version = "v1.13.0"
 
 [[projects]]
   digest = "1:c970218a20933dd0a2eb2006de922217fa9276f57d25009b2a934eb1c50031cc"
@@ -2408,6 +2482,7 @@
     "github.com/go-kit/kit/metrics/statsd",
     "github.com/golang/protobuf/proto",
     "github.com/google/go-github/github",
+    "github.com/google/uuid",
     "github.com/gorilla/websocket",
     "github.com/hashicorp/consul/api",
     "github.com/hashicorp/go-version",
@@ -2433,7 +2508,7 @@
     "github.com/opentracing/opentracing-go",
     "github.com/opentracing/opentracing-go/ext",
     "github.com/opentracing/opentracing-go/log",
-    "github.com/openzipkin/zipkin-go-opentracing",
+    "github.com/openzipkin-contrib/zipkin-go-opentracing",
     "github.com/patrickmn/go-cache",
     "github.com/pkg/errors",
     "github.com/prometheus/client_golang/prometheus",
@@ -2442,7 +2517,6 @@
     "github.com/rancher/go-rancher-metadata/metadata",
     "github.com/rancher/go-rancher/v2",
     "github.com/ryanuber/go-glob",
-    "github.com/satori/go.uuid",
     "github.com/sirupsen/logrus",
     "github.com/stretchr/testify/assert",
     "github.com/stretchr/testify/mock",
@@ -2478,11 +2552,13 @@
     "k8s.io/apimachinery/pkg/api/errors",
     "k8s.io/apimachinery/pkg/apis/meta/v1",
     "k8s.io/apimachinery/pkg/labels",
+    "k8s.io/apimachinery/pkg/runtime",
     "k8s.io/apimachinery/pkg/runtime/schema",
     "k8s.io/apimachinery/pkg/types",
     "k8s.io/apimachinery/pkg/util/intstr",
     "k8s.io/client-go/informers",
     "k8s.io/client-go/kubernetes",
+    "k8s.io/client-go/kubernetes/scheme",
     "k8s.io/client-go/rest",
     "k8s.io/client-go/tools/cache",
   ]

Gopkg.toml

@@ -36,6 +36,10 @@
   branch = "master"
   name = "github.com/BurntSushi/ty"
 
+[[constraint]]
+  name = "github.com/Masterminds/sprig"
+  version = "2.19.0"
+
 [[constraint]]
   branch = "master"
   name = "github.com/NYTimes/gziphandler"
@@ -146,10 +150,6 @@
   branch = "master"
   name = "github.com/ryanuber/go-glob"
 
-[[constraint]]
-  name = "github.com/satori/go.uuid"
-  version = "1.1.0"
-
 [[constraint]]
   branch = "master"
   name = "github.com/stvp/go-udp-testing"
@@ -180,7 +180,7 @@
 
 [[constraint]]
   name = "github.com/go-acme/lego"
-  version = "2.4.0"
+  version = "2.6.0"
 
 [[constraint]]
   name = "google.golang.org/grpc"
@@ -255,4 +255,8 @@
 
 [[constraint]]
   name = "gopkg.in/DataDog/dd-trace-go.v1"
-  version = "1.7.0"
+  version = "1.13.0"
+
+[[constraint]]
+  name = "github.com/google/uuid"
+  version = "0.2.0"

acme/acme.go

@@ -751,12 +751,6 @@ func (a *ACME) getValidDomains(domains []string, wildcardAllowed bool) ([]string
 			return nil, fmt.Errorf("unable to generate a wildcard certificate for domain %q : ACME does not allow '*.*' wildcard domain", strings.Join(domains, ","))
 		}
 	}
-	for _, san := range domains[1:] {
-		if strings.HasPrefix(san, "*") {
-			return nil, fmt.Errorf("unable to generate a certificate for domains %q: SANs can not be a wildcard domain", strings.Join(domains, ","))
-
-		}
-	}
 
 	domains = fun.Map(types.CanonicalDomain, domains).([]string)
 	return domains, nil

acme/acme_test.go

@@ -419,12 +419,12 @@ func TestAcme_getValidDomain(t *testing.T) {
 			expectedDomains: []string{"*.traefik.wtf", "traefik.wtf"},
 		},
 		{
-			desc:            "unexpected SANs",
+			desc:            "wildcard SANs",
 			domains:         []string{"*.traefik.wtf", "*.acme.wtf"},
 			dnsChallenge:    &acmeprovider.DNSChallenge{},
 			wildcardAllowed: true,
-			expectedErr:     "unable to generate a certificate for domains \"*.traefik.wtf,*.acme.wtf\": SANs can not be a wildcard domain",
-			expectedDomains: nil,
+			expectedErr:     "",
+			expectedDomains: []string{"*.traefik.wtf", "*.acme.wtf"},
 		},
 	}
 	for _, test := range testCases {

autogen/gentemplates/gen.go

@@ -1316,7 +1316,7 @@ var _templatesKubernetesTmpl = []byte(`[backends]
 
     {{if $backend.ResponseForwarding }}
     [backends."{{ $backendName }}".responseForwarding]
-      flushInterval = "{{ $backend.responseForwarding.FlushInterval }}"
+      flushInterval = "{{ $backend.ResponseForwarding.FlushInterval }}"
     {{end}}
 
     [backends."{{ $backendName }}".loadBalancer]

build.Dockerfile

@@ -1,8 +1,9 @@
 FROM golang:1.11-alpine
 
 RUN apk --update upgrade \
-&& apk --no-cache --no-progress add git mercurial bash gcc musl-dev curl tar \
-&& rm -rf /var/cache/apk/*
+    && apk --no-cache --no-progress add git mercurial bash gcc musl-dev curl tar ca-certificates tzdata \
+    && update-ca-certificates \
+    && rm -rf /var/cache/apk/*
 
 RUN go get golang.org/x/lint/golint \
 && go get github.com/kisielk/errcheck \

cluster/datastore.go

@@ -13,7 +13,7 @@ import (
 	"github.com/containous/traefik/job"
 	"github.com/containous/traefik/log"
 	"github.com/containous/traefik/safe"
-	uuid "github.com/satori/go.uuid"
+	"github.com/google/uuid"
 )
 
 // Metadata stores Object plus metadata
@@ -125,7 +125,7 @@ func (d *Datastore) reload() error {
 
 // Begin creates a transaction with the KV store.
 func (d *Datastore) Begin() (Transaction, Object, error) {
-	id := uuid.NewV4().String()
+	id := uuid.New().String()
 	log.Debugf("Transaction %s begins", id)
 	remoteLock, err := d.kv.NewLock(d.lockKey, &store.LockOptions{TTL: 20 * time.Second, Value: []byte(id)})
 	if err != nil {

docs/configuration/acme.md

@@ -282,6 +282,7 @@ For example, `CF_API_EMAIL_FILE=/run/secrets/traefik_cf-api-email` could be used
 | [Alibaba Cloud](https://www.vultr.com)                      | `alidns`       | `ALICLOUD_ACCESS_KEY`, `ALICLOUD_SECRET_KEY`, `ALICLOUD_REGION_ID`                                                                          | Not tested yet                 |
 | [Auroradns](https://www.pcextreme.com/aurora/dns)           | `auroradns`    | `AURORA_USER_ID`, `AURORA_KEY`, `AURORA_ENDPOINT`                                                                                           | Not tested yet                 |
 | [Azure](https://azure.microsoft.com/services/dns/)          | `azure`        | `AZURE_CLIENT_ID`, `AZURE_CLIENT_SECRET`, `AZURE_SUBSCRIPTION_ID`, `AZURE_TENANT_ID`, `AZURE_RESOURCE_GROUP`, `[AZURE_METADATA_ENDPOINT]`   | Not tested yet                 |
+| [Bindman](https://github.com/labbsr0x/bindman-dns-webhook)  | `bindman`      | `BINDMAN_MANAGER_ADDRESS`                                                                                                                   | YES                            |
 | [Blue Cat](https://www.bluecatnetworks.com/)                | `bluecat`      | `BLUECAT_SERVER_URL`, `BLUECAT_USER_NAME`, `BLUECAT_PASSWORD`, `BLUECAT_CONFIG_NAME`, `BLUECAT_DNS_VIEW`                                    | Not tested yet                 |
 | [ClouDNS](https://www.cloudns.net/)                         | `cloudns`      | `CLOUDNS_AUTH_ID`, `CLOUDNS_AUTH_PASSWORD`                                                                                                  | YES                            |
 | [Cloudflare](https://www.cloudflare.com)                    | `cloudflare`   | `CF_API_EMAIL`, `CF_API_KEY` - The `Global API Key` needs to be used, not the `Origin CA Key`                                               | YES                            |
@@ -295,6 +296,7 @@ For example, `CF_API_EMAIL_FILE=/run/secrets/traefik_cf-api-email` could be used
 | [DreamHost](https://www.dreamhost.com/)                     | `dreamhost`    | `DREAMHOST_API_KEY`                                                                                                                         | YES                            |
 | [Duck DNS](https://www.duckdns.org/)                        | `duckdns`      | `DUCKDNS_TOKEN`                                                                                                                             | YES                            |
 | [Dyn](https://dyn.com)                                      | `dyn`          | `DYN_CUSTOMER_NAME`, `DYN_USER_NAME`, `DYN_PASSWORD`                                                                                        | Not tested yet                 |
+| [EasyDNS](https://easydns.com/)                             | `easydns`      | `EASYDNS_TOKEN`, `EASYDNS_KEY`                                                                                                              | YES                            |
 | External Program                                            | `exec`         | `EXEC_PATH`                                                                                                                                 | YES                            |
 | [Exoscale](https://www.exoscale.com)                        | `exoscale`     | `EXOSCALE_API_KEY`, `EXOSCALE_API_SECRET`, `EXOSCALE_ENDPOINT`                                                                              | YES                            |
 | [Fast DNS](https://www.akamai.com/)                         | `fastdns`      | `AKAMAI_CLIENT_TOKEN`,  `AKAMAI_CLIENT_SECRET`,  `AKAMAI_ACCESS_TOKEN`                                                                      | YES                            |
@@ -303,10 +305,11 @@ For example, `CF_API_EMAIL_FILE=/run/secrets/traefik_cf-api-email` could be used
 | [Glesys](https://glesys.com/)                               | `glesys`       | `GLESYS_API_USER`, `GLESYS_API_KEY`, `GLESYS_DOMAIN`                                                                                        | Not tested yet                 |
 | [GoDaddy](https://godaddy.com/domains)                      | `godaddy`      | `GODADDY_API_KEY`, `GODADDY_API_SECRET`                                                                                                     | Not tested yet                 |
 | [Google Cloud DNS](https://cloud.google.com/dns/docs/)      | `gcloud`       | `GCE_PROJECT`, Application Default Credentials (2) (3), [`GCE_SERVICE_ACCOUNT_FILE`]                                                        | YES                            |
-| [hosting.de](https://www.hosting.de)                        | `hostingde`    | `HOSTINGDE_API_KEY`, `HOSTINGDE_ZONE_NAME`                                                                                                  | Not tested yet                 |
+| [hosting.de](https://www.hosting.de)                        | `hostingde`    | `HOSTINGDE_API_KEY`, `HOSTINGDE_ZONE_NAME`                                                                                                  | YES                            |
 | HTTP request                                                | `httpreq`      | `HTTPREQ_ENDPOINT`, `HTTPREQ_MODE`, `HTTPREQ_USERNAME`, `HTTPREQ_PASSWORD` (1)                                                              | YES                            |
 | [IIJ](https://www.iij.ad.jp/)                               | `iij`          | `IIJ_API_ACCESS_KEY`, `IIJ_API_SECRET_KEY`, `IIJ_DO_SERVICE_CODE`                                                                           | Not tested yet                 |
 | [INWX](https://www.inwx.de/en)                              | `inwx`         | `INWX_USERNAME`, `INWX_PASSWORD`                                                                                                            | YES                            |
+| [Joker.com](https://joker.com)                              | `joker`        | `JOKER_API_KEY`                                                                                                                             | YES                            |
 | [Lightsail](https://aws.amazon.com/lightsail/)              | `lightsail`    | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `DNS_ZONE`                                                                                    | Not tested yet                 |
 | [Linode](https://www.linode.com)                            | `linode`       | `LINODE_API_KEY`                                                                                                                            | Not tested yet                 |
 | [Linode v4](https://www.linode.com)                         | `linodev4`     | `LINODE_TOKEN`                                                                                                                              | Not tested yet                 |
@@ -394,7 +397,6 @@ As described in [Let's Encrypt's post](https://community.letsencrypt.org/t/stagi
 ```
 
 It is not possible to request a double wildcard certificate for a domain (for example `*.*.local.com`).
-Due to ACME limitation it is not possible to define wildcards in SANs (alternative domains). Thus, the wildcard domain has to be defined as a main domain.
 Most likely the root domain should receive a certificate too, so it needs to be specified as SAN and 2 `DNS-01` challenges are executed.
 In this case the generated DNS TXT record for both domains is the same.
 Even though this behaviour is [DNS RFC](https://community.letsencrypt.org/t/wildcard-issuance-two-txt-records-for-the-same-name/54528/2) compliant, it can lead to problems as all DNS providers keep DNS records cached for a certain time (TTL) and this TTL can be superior to the challenge timeout making the `DNS-01` challenge fail.

docs/configuration/backends/docker.md

@@ -257,6 +257,20 @@ services:
         traefik.docker.network: traefik
 ```
 
+Required labels:
+
+- `traefik.frontend.rule`
+- `traefik.port` - Without this the debug logs will show this service is deliberately filtered out.
+- `traefik.docker.network` - Without this a 504 may occur.
+
+#### Troubleshooting
+
+If service doesn't show up in the dashboard, check the debug logs to see if the port is missing:
+`Filtering container without port, <SERVICE_NAME>: port label is missing, ...')`
+
+If `504 Gateway Timeout` occurs and there are networks used, ensure that `traefik.docker.network` is defined. 
+The complete name is required, meaning if the network is internal the name needs to be `<project_name>_<network_name>`.
+
 ### Using Docker Compose
 
 If you are intending to use only Docker Compose commands (e.g. `docker-compose up --scale whoami=2 -d`), labels should be under your service, otherwise they will be ignored.

docs/configuration/commons.md

@@ -249,8 +249,8 @@ Multiple sets of rates can be added to each frontend, but the time periods must
 ```
 
 In the above example, frontend1 is configured to limit requests by the client's ip address.  
-An average of 5 requests every 3 seconds is allowed and an average of 100 requests every 10 seconds.  
-These can "burst" up to 10 and 200 in each period respectively. 
+An average of 100 requests every 10 seconds is allowed and an average of 5 requests every 3 seconds.  
+These can "burst" up to 200 and 10 in each period respectively. 
 
 Valid values for `extractorfunc` are:
   * `client.ip`

docs/configuration/logs.md

@@ -230,38 +230,38 @@ format = "json"
 
 ### List of all available fields
 
-```ini
-StartUTC
-StartLocal
-Duration
-FrontendName
-BackendName
-BackendURL
-BackendAddr
-ClientAddr
-ClientHost
-ClientPort
-ClientUsername
-RequestAddr
-RequestHost
-RequestPort
-RequestMethod
-RequestPath
-RequestProtocol
-RequestLine
-RequestContentSize
-OriginDuration
-OriginContentSize
-OriginStatus
-OriginStatusLine
-DownstreamStatus
-DownstreamStatusLine
-DownstreamContentSize
-RequestCount
-GzipRatio
-Overhead
-RetryAttempts
-```
+| Field                   | Description                                                                                                                                                         |
+|-------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `StartUTC`              | The time at which request processing started.                                                                                                                       |
+| `StartLocal`            | The local time at which request processing started.                                                                                                                 |
+| `Duration`              | The total time taken by processing the response, including the origin server's time but not the log writing time.                                                   |
+| `FrontendName`          | The name of the Traefik frontend.                                                                                                                                   |
+| `BackendName`           | The name of the Traefik backend.                                                                                                                                    |
+| `BackendURL`            | The URL of the Traefik backend.                                                                                                                                     |
+| `BackendAddr`           | The IP:port of the Traefik backend (extracted from `BackendURL`)                                                                                                    |
+| `ClientAddr`            | The remote address in its original form (usually IP:port).                                                                                                          |
+| `ClientHost`            | The remote IP address from which the client request was received.                                                                                                   |
+| `ClientPort`            | The remote TCP port from which the client request was received.                                                                                                     |
+| `ClientUsername`        | The username provided in the URL, if present.                                                                                                                       |
+| `RequestAddr`           | The HTTP Host header (usually IP:port). This is treated as not a header by the Go API.                                                                              |
+| `RequestHost`           | The HTTP Host server name (not including port).                                                                                                                     |
+| `RequestPort`           | The TCP port from the HTTP Host.                                                                                                                                    |
+| `RequestMethod`         | The HTTP method.                                                                                                                                                    |
+| `RequestPath`           | The HTTP request URI, not including the scheme, host or port.                                                                                                       |
+| `RequestProtocol`       | The version of HTTP requested.                                                                                                                                      |
+| `RequestLine`           | `RequestMethod` + `RequestPath` + `RequestProtocol`                                                                                                                 |
+| `RequestContentSize`    | The number of bytes in the request entity (a.k.a. body) sent by the client.                                                                                         |
+| `OriginDuration`        | The time taken by the origin server ('upstream') to return its response.                                                                                            |
+| `OriginContentSize`     | The content length specified by the origin server, or 0 if unspecified.                                                                                             |
+| `OriginStatus`          | The HTTP status code returned by the origin server. If the request was handled by this Traefik instance (e.g. with a redirect), then this value will be absent.     |
+| `OriginStatusLine`      | `OriginStatus` + Status code explanation                                                                                                                            |
+| `DownstreamStatus`      | The HTTP status code returned to the client.                                                                                                                        |
+| `DownstreamStatusLine`  | `DownstreamStatus` + Status code explanation                                                                                                                        |
+| `DownstreamContentSize` | The number of bytes in the response entity returned to the client. This is in addition to the "Content-Length" header, which may be present in the origin response. |
+| `RequestCount`          | The number of requests received since the Traefik instance started.                                                                                                 |
+| `GzipRatio`             | The response body compression ratio achieved.                                                                                                                       |
+| `Overhead`              | The processing time overhead caused by Traefik.                                                                                                                     |
+| `RetryAttempts`         | The amount of attempts the request was retried.                                                                                                                     |
 
 Deprecated way (before 1.4):
 

docs/theme/partials/footer.html

@@ -88,9 +88,9 @@
                 </div>
                 {% endif %}
                 powered by
-                <a href="http://www.mkdocs.org" title="MkDocs">MkDocs</a>
+                <a href="https://www.mkdocs.org" title="MkDocs">MkDocs</a>
                 and
-                <a href="http://squidfunk.github.io/mkdocs-material/"
+                <a href="https://squidfunk.github.io/mkdocs-material/"
                    title="Material for MkDocs">
                     Material for MkDocs</a>
             </div>

exp.Dockerfile

@@ -15,8 +15,9 @@ RUN npm run build
 FROM golang:1.11-alpine as gobuild
 
 RUN apk --update upgrade \
-&& apk --no-cache --no-progress add git mercurial bash gcc musl-dev curl tar \
-&& rm -rf /var/cache/apk/*
+    && apk --no-cache --no-progress add git mercurial bash gcc musl-dev curl tar ca-certificates tzdata \
+    && update-ca-certificates \
+    && rm -rf /var/cache/apk/*
 
 RUN mkdir -p /usr/local/bin \
     && curl -fsSL -o /usr/local/bin/go-bindata https://github.com/containous/go-bindata/releases/download/v1.0.0/go-bindata \
@@ -33,7 +34,8 @@ RUN ./script/make.sh generate binary
 ## IMAGE
 FROM scratch
 
-COPY script/ca-certificates.crt /etc/ssl/certs/
+COPY --from=gobuild /usr/share/zoneinfo /usr/share/zoneinfo
+COPY --from=gobuild /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
 COPY --from=gobuild /go/src/github.com/containous/traefik/dist/traefik /
 
 EXPOSE 80

integration/resources/compose/tracing.yml

@@ -1,7 +1,5 @@
 zipkin:
-  # Fix zipkin version 2.4.2
-  # due to a bug in latest version https://github.com/openzipkin/zipkin/releases/tag/2.4.4
-  image: openzipkin/zipkin:2.4.2
+  image: openzipkin/zipkin:2.12.6
   environment:
     STORAGE_TYPE: mem
     JAVA_OPTS: -Dlogging.level.zipkin=DEBUG

middlewares/auth/forward.go

@@ -96,7 +96,11 @@ func Forward(config *types.Forward, w http.ResponseWriter, r *http.Request, next
 	}
 
 	for _, headerName := range config.AuthResponseHeaders {
-		r.Header.Set(headerName, forwardResponse.Header.Get(headerName))
+		headerKey := http.CanonicalHeaderKey(headerName)
+		r.Header.Del(headerKey)
+		if len(forwardResponse.Header[headerKey]) > 0 {
+			r.Header[headerKey] = append([]string(nil), forwardResponse.Header[headerKey]...)
+		}
 	}
 
 	r.RequestURI = r.URL.RequestURI()

middlewares/auth/forward_test.go

@@ -50,6 +50,8 @@ func TestForwardAuthFail(t *testing.T) {
 func TestForwardAuthSuccess(t *testing.T) {
 	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		w.Header().Set("X-Auth-User", "user@example.com")
+		w.Header().Add("X-Auth-Group", "group1")
+		w.Header().Add("X-Auth-Group", "group2")
 		w.Header().Set("X-Auth-Secret", "secret")
 		fmt.Fprintln(w, "Success")
 	}))
@@ -58,13 +60,14 @@ func TestForwardAuthSuccess(t *testing.T) {
 	middleware, err := NewAuthenticator(&types.Auth{
 		Forward: &types.Forward{
 			Address:             server.URL,
-			AuthResponseHeaders: []string{"X-Auth-User"},
+			AuthResponseHeaders: []string{"X-Auth-User", "X-Auth-Group"},
 		},
 	}, &tracing.Tracing{})
 	assert.NoError(t, err, "there should be no error")
 
 	handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		assert.Equal(t, "user@example.com", r.Header.Get("X-Auth-User"))
+		assert.Equal(t, []string{"group1", "group2"}, r.Header["X-Auth-Group"])
 		assert.Empty(t, r.Header.Get("X-Auth-Secret"))
 		fmt.Fprintln(w, "traefik")
 	})
@@ -74,6 +77,7 @@ func TestForwardAuthSuccess(t *testing.T) {
 	defer ts.Close()
 
 	req := testhelpers.MustNewRequest(http.MethodGet, ts.URL, nil)
+	req.Header.Set("X-Auth-Group", "admin_group")
 	res, err := http.DefaultClient.Do(req)
 	assert.NoError(t, err, "there should be no error")
 	assert.Equal(t, http.StatusOK, res.StatusCode, "they should be equal")

middlewares/tracing/zipkin/zipkin.go

@@ -5,7 +5,7 @@ import (
 
 	"github.com/containous/traefik/log"
 	"github.com/opentracing/opentracing-go"
-	zipkin "github.com/openzipkin/zipkin-go-opentracing"
+	zipkin "github.com/openzipkin-contrib/zipkin-go-opentracing"
 )
 
 // Name sets the name of this tracer

provider/acme/provider.go

@@ -49,7 +49,7 @@ type Configuration struct {
 	DNSChallenge  *DNSChallenge  `description:"Activate DNS-01 Challenge"`
 	HTTPChallenge *HTTPChallenge `description:"Activate HTTP-01 Challenge"`
 	TLSChallenge  *TLSChallenge  `description:"Activate TLS-ALPN-01 Challenge"`
-	Domains       []types.Domain `description:"CN and SANs (alternative domains) to each main domain using format: --acme.domains='main.com,san1.com,san2.com' --acme.domains='*.main.net'. No SANs for wildcards domain. Wildcard domains only accepted with DNSChallenge"`
+	Domains       []types.Domain `description:"CN and SANs (alternative domains) to each main domain using format: --acme.domains='main.com,san1.com,san2.com' --acme.domains='*.main.net'. Wildcard domains only accepted with DNSChallenge"`
 }
 
 // Provider holds configurations of the provider.
@@ -756,12 +756,6 @@ func (p *Provider) getValidDomains(domain types.Domain, wildcardAllowed bool) ([
 		}
 	}
 
-	for _, san := range domain.SANs {
-		if strings.HasPrefix(san, "*") {
-			return nil, fmt.Errorf("unable to generate a certificate in ACME provider for domains %q: SAN %q can not be a wildcard domain", strings.Join(domains, ","), san)
-		}
-	}
-
 	var cleanDomains []string
 	for _, domain := range domains {
 		canonicalDomain := types.CanonicalDomain(domain)

provider/acme/provider_test.go

@@ -267,12 +267,12 @@ func TestGetValidDomain(t *testing.T) {
 			expectedDomains: []string{"*.traefik.wtf", "traefik.wtf"},
 		},
 		{
-			desc:            "unexpected SANs",
+			desc:            "wildcard SANs",
 			domains:         types.Domain{Main: "*.traefik.wtf", SANs: []string{"*.acme.wtf"}},
 			dnsChallenge:    &DNSChallenge{},
 			wildcardAllowed: true,
-			expectedErr:     "unable to generate a certificate in ACME provider for domains \"*.traefik.wtf,*.acme.wtf\": SAN \"*.acme.wtf\" can not be a wildcard domain",
-			expectedDomains: nil,
+			expectedErr:     "",
+			expectedDomains: []string{"*.traefik.wtf", "*.acme.wtf"},
 		},
 	}
 

provider/kubernetes/builder_configuration_test.go

@@ -230,9 +230,25 @@ func auth(opt func(*types.Auth)) func(*types.Frontend) {
 	}
 }
 
-func basicAuth(users ...string) func(*types.Auth) {
+func basicAuth(opts ...func(*types.Basic)) func(*types.Auth) {
 	return func(a *types.Auth) {
-		a.Basic = &types.Basic{Users: users}
+		basic := &types.Basic{}
+		for _, opt := range opts {
+			opt(basic)
+		}
+		a.Basic = basic
+	}
+}
+
+func baUsers(users ...string) func(*types.Basic) {
+	return func(b *types.Basic) {
+		b.Users = users
+	}
+}
+
+func baRemoveHeaders() func(*types.Basic) {
+	return func(b *types.Basic) {
+		b.RemoveHeader = true
 	}
 }
 

provider/kubernetes/builder_endpoint_test.go

@@ -61,13 +61,6 @@ func eAddress(ip string) func(*corev1.EndpointAddress) {
 	}
 }
 
-func eAddressWithTargetRef(targetRef, ip string) func(*corev1.EndpointAddress) {
-	return func(address *corev1.EndpointAddress) {
-		address.TargetRef = &corev1.ObjectReference{Name: targetRef}
-		address.IP = ip
-	}
-}
-
 func ePorts(opts ...func(port *corev1.EndpointPort)) func(*corev1.EndpointSubset) {
 	return func(spec *corev1.EndpointSubset) {
 		for _, opt := range opts {

provider/kubernetes/builder_service_test.go

@@ -35,15 +35,6 @@ func sUID(value types.UID) func(*corev1.Service) {
 	}
 }
 
-func sAnnotation(name string, value string) func(*corev1.Service) {
-	return func(s *corev1.Service) {
-		if s.Annotations == nil {
-			s.Annotations = make(map[string]string)
-		}
-		s.Annotations[name] = value
-	}
-}
-
 func sSpec(opts ...func(*corev1.ServiceSpec)) func(*corev1.Service) {
 	return func(s *corev1.Service) {
 		spec := &corev1.ServiceSpec{}
@@ -54,30 +45,6 @@ func sSpec(opts ...func(*corev1.ServiceSpec)) func(*corev1.Service) {
 	}
 }
 
-func sLoadBalancerStatus(opts ...func(*corev1.LoadBalancerStatus)) func(service *corev1.Service) {
-	return func(s *corev1.Service) {
-		loadBalancer := &corev1.LoadBalancerStatus{}
-		for _, opt := range opts {
-			if opt != nil {
-				opt(loadBalancer)
-			}
-		}
-		s.Status = corev1.ServiceStatus{
-			LoadBalancer: *loadBalancer,
-		}
-	}
-}
-
-func sLoadBalancerIngress(ip string, hostname string) func(*corev1.LoadBalancerStatus) {
-	return func(status *corev1.LoadBalancerStatus) {
-		ingress := corev1.LoadBalancerIngress{
-			IP:       ip,
-			Hostname: hostname,
-		}
-		status.Ingress = append(status.Ingress, ingress)
-	}
-}
-
 func clusterIP(ip string) func(*corev1.ServiceSpec) {
 	return func(spec *corev1.ServiceSpec) {
 		spec.ClusterIP = ip

provider/kubernetes/client_mock_test.go

@@ -1,21 +1,57 @@
 package kubernetes
 
 import (
+	"fmt"
+	"io/ioutil"
+
 	corev1 "k8s.io/api/core/v1"
 	extensionsv1beta1 "k8s.io/api/extensions/v1beta1"
+	v1beta12 "k8s.io/api/extensions/v1beta1"
 )
 
+var _ Client = (*clientMock)(nil)
+
 type clientMock struct {
 	ingresses []*extensionsv1beta1.Ingress
 	services  []*corev1.Service
 	secrets   []*corev1.Secret
 	endpoints []*corev1.Endpoints
-	watchChan chan interface{}
 
 	apiServiceError       error
 	apiSecretError        error
 	apiEndpointsError     error
 	apiIngressStatusError error
+
+	watchChan chan interface{}
+}
+
+func newClientMock(paths ...string) clientMock {
+	var c clientMock
+
+	for _, path := range paths {
+		yamlContent, err := ioutil.ReadFile(path)
+		if err != nil {
+			panic(err)
+		}
+
+		k8sObjects := MustDecodeYaml(yamlContent)
+		for _, obj := range k8sObjects {
+			switch o := obj.(type) {
+			case *corev1.Service:
+				c.services = append(c.services, o)
+			case *corev1.Secret:
+				c.secrets = append(c.secrets, o)
+			case *corev1.Endpoints:
+				c.endpoints = append(c.endpoints, o)
+			case *v1beta12.Ingress:
+				c.ingresses = append(c.ingresses, o)
+			default:
+				panic(fmt.Sprintf("Unknown runtime object %+v %T", o, o))
+			}
+		}
+	}
+
+	return c
 }
 
 func (c clientMock) GetIngresses() []*extensionsv1beta1.Ingress {

provider/kubernetes/fixtures/computeServiceWeights/1_path_2_service_ingresses.yml

@@ -0,0 +1,21 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  annotations:
+    ingress.kubernetes.io/service-weights: |2
+
+      service1: 10%
+  namespace: testing
+spec:
+  rules:
+  - host: foo.test
+    http:
+      paths:
+      - backend:
+          serviceName: service1
+          servicePort: 8080
+        path: /foo
+      - backend:
+          serviceName: service2
+          servicePort: 8080
+        path: /foo

provider/kubernetes/fixtures/computeServiceWeights/1_path_4_service_ingresses.yml

@@ -0,0 +1,31 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  annotations:
+    ingress.kubernetes.io/service-weights: |2
+
+      service1: 20%
+      service2: 40%
+      service3: 40%
+  namespace: testing
+spec:
+  rules:
+  - host: foo.test
+    http:
+      paths:
+      - backend:
+          serviceName: service1
+          servicePort: 8080
+        path: /foo
+      - backend:
+          serviceName: service2
+          servicePort: 8080
+        path: /foo
+      - backend:
+          serviceName: service3
+          servicePort: 8080
+        path: /foo
+      - backend:
+          serviceName: service4
+          servicePort: 8080
+        path: /foo

provider/kubernetes/fixtures/computeServiceWeights/2_path_2_service_ingresses.yml

@@ -0,0 +1,29 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  annotations:
+    ingress.kubernetes.io/service-weights: |2
+
+      service1: 60%
+  namespace: testing
+spec:
+  rules:
+  - host: foo.test
+    http:
+      paths:
+      - backend:
+          serviceName: service1
+          servicePort: 8080
+        path: /foo
+      - backend:
+          serviceName: service2
+          servicePort: 8080
+        path: /foo
+      - backend:
+          serviceName: service1
+          servicePort: 8080
+        path: /bar
+      - backend:
+          serviceName: service3
+          servicePort: 8080
+        path: /bar

provider/kubernetes/fixtures/computeServiceWeights/2_path_3_service_ingresses.yml

@@ -0,0 +1,30 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  annotations:
+    ingress.kubernetes.io/service-weights: |2
+
+      service1: 20%
+      service3: 20%
+  namespace: testing
+spec:
+  rules:
+  - host: foo.test
+    http:
+      paths:
+      - backend:
+          serviceName: service1
+          servicePort: 8080
+        path: /foo
+      - backend:
+          serviceName: service2
+          servicePort: 8080
+        path: /foo
+      - backend:
+          serviceName: service2
+          servicePort: 8080
+        path: /bar
+      - backend:
+          serviceName: service3
+          servicePort: 8080
+        path: /bar

provider/kubernetes/fixtures/computeServiceWeights/2_path_no_service_ingresses.yml

@@ -0,0 +1,23 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  annotations:
+    ingress.kubernetes.io/service-weights: |2
+
+      service1: 20%
+      service2: 40%
+      service3: 40%
+  namespace: testing
+spec:
+  rules:
+  - host: foo.test
+    http:
+      paths:
+      - backend:
+          serviceName: noservice
+          servicePort: 8080
+        path: /foo
+      - backend:
+          serviceName: noservice
+          servicePort: 8080
+        path: /bar

provider/kubernetes/fixtures/computeServiceWeights/2_path_overflow_ingresses.yml

@@ -0,0 +1,22 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  annotations:
+    ingress.kubernetes.io/service-weights: |2
+
+      service1: 70%
+      service2: 80%
+  namespace: testing
+spec:
+  rules:
+  - host: foo.test
+    http:
+      paths:
+      - backend:
+          serviceName: service1
+          servicePort: 8080
+        path: /foo
+      - backend:
+          serviceName: service2
+          servicePort: 8080
+        path: /foo

provider/kubernetes/fixtures/computeServiceWeights/2_path_without_weight_ingresses.yml

@@ -0,0 +1,19 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  annotations:
+    ingress.kubernetes.io/service-weights: ""
+  namespace: testing
+spec:
+  rules:
+  - host: foo.test
+    http:
+      paths:
+      - backend:
+          serviceName: service1
+          servicePort: 8080
+        path: /foo
+      - backend:
+          serviceName: service2
+          servicePort: 8080
+        path: /bar

provider/kubernetes/fixtures/computeServiceWeights_endpoints.yml

@@ -0,0 +1,62 @@
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: service1
+  namespace: testing
+subsets:
+- addresses:
+  - ip: 10.10.0.1
+  ports:
+  - port: 8080
+- addresses:
+  - ip: 10.21.0.2
+  ports:
+  - port: 8080
+
+---
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: service2
+  namespace: testing
+subsets:
+- addresses:
+  - ip: 10.10.0.3
+  ports:
+  - port: 8080
+
+---
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: service3
+  namespace: testing
+subsets:
+- addresses:
+  - ip: 10.10.0.4
+  ports:
+  - port: 8080
+- addresses:
+  - ip: 10.21.0.5
+  ports:
+  - port: 8080
+- addresses:
+  - ip: 10.21.0.6
+  ports:
+  - port: 8080
+- addresses:
+  - ip: 10.21.0.7
+  ports:
+  - port: 8080
+
+---
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: service4
+  namespace: testing
+subsets:
+- addresses:
+  - ip: 10.10.0.7
+  ports:
+  - port: 8080

provider/kubernetes/fixtures/computeServiceWeights_services.yml

@@ -0,0 +1,26 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: service1
+  namespace: testing
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: service2
+  namespace: testing
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: service3
+  namespace: testing
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: service4
+  namespace: testing

provider/kubernetes/fixtures/divergingIngressDefinitions_endpoints.yml

@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: service1
+  namespace: testing
+subsets:
+- addresses:
+  - ip: 10.10.0.1
+  ports:
+  - name: http
+    port: 80
+- addresses:
+  - ip: 10.10.0.2
+  ports:
+  - name: http
+    port: 80

provider/kubernetes/fixtures/divergingIngressDefinitions_ingresses.yml

@@ -0,0 +1,26 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  namespace: testing
+spec:
+  rules:
+  - host: host-a
+    http:
+      paths:
+      - backend:
+          serviceName: service1
+          servicePort: "80"
+
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  namespace: testing
+spec:
+  rules:
+  - host: host-a
+    http:
+      paths:
+      - backend:
+          serviceName: missing
+          servicePort: "80"

provider/kubernetes/fixtures/divergingIngressDefinitions_services.yml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: service1
+  namespace: testing
+spec:
+  clusterIP: 10.0.0.1
+  ports:
+  - name: http
+    port: 80

provider/kubernetes/fixtures/getPassHostHeader_ingresses.yml

@@ -0,0 +1,13 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  namespace: awesome
+spec:
+  rules:
+  - host: foo
+    http:
+      paths:
+      - backend:
+          serviceName: service1
+          servicePort: 801
+        path: /bar

provider/kubernetes/fixtures/getPassHostHeader_services.yml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: service1
+  namespace: awesome
+spec:
+  ports:
+  - name: http
+    port: 801

provider/kubernetes/fixtures/getPassTLSCert_ingresses.yml

@@ -0,0 +1,13 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  namespace: awesome
+spec:
+  rules:
+  - host: foo
+    http:
+      paths:
+      - backend:
+          serviceName: service1
+          servicePort: 80
+        path: /bar

provider/kubernetes/fixtures/getPassTLSCert_services.yml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: service1
+  namespace: awesome
+spec:
+  ports:
+  - name: http
+    port: 801

provider/kubernetes/fixtures/hostlessIngress_ingresses.yml

@@ -0,0 +1,12 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  namespace: awesome
+spec:
+  rules:
+  - http:
+      paths:
+      - backend:
+          serviceName: service1
+          servicePort: 801
+        path: /bar

provider/kubernetes/fixtures/hostlessIngress_services.yml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: service1
+  namespace: awesome
+spec:
+  clusterIP: 10.0.0.1
+  ports:
+  - name: http
+    port: 801

provider/kubernetes/fixtures/ingressAnnotations_ingresses.yml

@@ -0,0 +1,431 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  annotations:
+    ingress.kubernetes.io/preserve-host: "false"
+  namespace: testing
+spec:
+  rules:
+  - host: foo
+    http:
+      paths:
+      - backend:
+          serviceName: service1
+          servicePort: 80
+        path: /bar
+
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  annotations:
+    ingress.kubernetes.io/preserve-host: "true"
+    kubernetes.io/ingress.class: traefik
+  namespace: testing
+spec:
+  rules:
+  - host: other
+    http:
+      paths:
+      - backend:
+          serviceName: service1
+          servicePort: 80
+        path: /stuff
+
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  annotations:
+    ingress.kubernetes.io/pass-client-tls-cert: |2
+
+      pem: true
+      infos:
+        notafter: true
+        notbefore: true
+        sans: true
+        subject:
+          country: true
+          province: true
+          locality: true
+          organization: true
+          commonname: true
+          serialnumber: true
+          domaincomponent: true
+        issuer:
+          country: true
+          province: true
+          locality: true
+          organization: true
+          commonname: true
+          serialnumber: true
+          domaincomponent: true
+    ingress.kubernetes.io/pass-tls-cert: "true"
+    kubernetes.io/ingress.class: traefik
+  namespace: testing
+spec:
+  rules:
+  - host: other
+    http:
+      paths:
+      - backend:
+          serviceName: service1
+          servicePort: 80
+        path: /sslstuff
+
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  annotations:
+    ingress.kubernetes.io/frontend-entry-points: http,https
+    kubernetes.io/ingress.class: traefik
+  namespace: testing
+spec:
+  rules:
+  - host: other
+    http:
+      paths:
+      - backend:
+          serviceName: service1
+          servicePort: 80
+        path: /
+
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  annotations:
+    ingress.kubernetes.io/auth-secret: mySecret
+    ingress.kubernetes.io/auth-type: basic
+  namespace: testing
+spec:
+  rules:
+  - host: basic
+    http:
+      paths:
+      - backend:
+          serviceName: service1
+          servicePort: 80
+        path: /auth
+
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  annotations:
+    kubernetes.io/ingress.class: traefik-other
+  namespace: testing
+spec:
+  rules:
+  - host: herp
+    http:
+      paths:
+      - backend:
+          serviceName: service2
+          servicePort: 80
+        path: /derp
+
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  annotations:
+    ingress.kubernetes.io/whitelist-source-range: 1.1.1.1/24, 1234:abcd::42/32
+    ingress.kubernetes.io/whitelist-x-forwarded-for: "true"
+  namespace: testing
+spec:
+  rules:
+  - host: test
+    http:
+      paths:
+      - backend:
+          serviceName: service1
+          servicePort: 80
+        path: /whitelist-source-range
+
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  annotations:
+    ingress.kubernetes.io/rewrite-target: /
+  namespace: testing
+spec:
+  rules:
+  - host: rewrite
+    http:
+      paths:
+      - backend:
+          serviceName: service1
+          servicePort: 80
+        path: /api
+
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  annotations:
+    ingress.kubernetes.io/auth-realm: customized
+  namespace: testing
+spec:
+  rules:
+  - host: auth-realm-customized
+    http:
+      paths:
+      - backend:
+          serviceName: service1
+          servicePort: 80
+        path: /auth-realm-customized
+
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  annotations:
+    ingress.kubernetes.io/redirect-entry-point: https
+  namespace: testing
+spec:
+  rules:
+  - host: redirect
+    http:
+      paths:
+      - backend:
+          serviceName: service1
+          servicePort: 80
+        path: /https
+
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  annotations:
+    ingress.kubernetes.io/error-pages: |2
+
+      foo:
+        status:
+        - "123"
+        - "456"
+        backend: bar
+        query: /bar
+    kubernetes.io/ingress.class: traefik
+  namespace: testing
+spec:
+  rules:
+  - host: error-pages
+    http:
+      paths:
+      - backend:
+          serviceName: service1
+          servicePort: 80
+        path: /errorpages
+
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  annotations:
+    ingress.kubernetes.io/rate-limit: |2
+
+      extractorfunc: client.ip
+      rateset:
+        bar:
+          period: 3s
+          average: 6
+          burst: 9
+        foo:
+          period: 6s
+          average: 12
+          burst: 18
+    kubernetes.io/ingress.class: traefik
+  namespace: testing
+spec:
+  rules:
+  - host: rate-limit
+    http:
+      paths:
+      - backend:
+          serviceName: service1
+          servicePort: 80
+        path: /ratelimit
+
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  annotations:
+    ingress.kubernetes.io/app-root: /root
+  namespace: testing
+spec:
+  rules:
+  - host: root
+    http:
+      paths:
+      - backend:
+          serviceName: service1
+          servicePort: 80
+        path: /
+      - backend:
+          serviceName: service1
+          servicePort: 80
+        path: /root1
+
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  annotations:
+    ingress.kubernetes.io/app-root: /root2
+    ingress.kubernetes.io/rewrite-target: /abc
+  namespace: testing
+spec:
+  rules:
+  - host: root2
+    http:
+      paths:
+      - backend:
+          serviceName: service2
+          servicePort: 80
+        path: /
+
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  annotations:
+    ingress.kubernetes.io/rewrite-target: /abc
+    ingress.kubernetes.io/rule-type: ReplacePath
+  namespace: testing
+spec:
+  rules:
+  - host: root2
+    http:
+      paths:
+      - backend:
+          serviceName: service2
+          servicePort: 80
+        path: /
+
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  annotations:
+    ingress.kubernetes.io/app-root: /root
+  namespace: testing
+spec:
+  rules:
+  - host: root3
+    http:
+      paths:
+      - backend:
+          serviceName: service1
+          servicePort: 80
+
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  annotations:
+    ingress.kubernetes.io/allowed-hosts: foo, fii, fuu
+    ingress.kubernetes.io/browser-xss-filter: "true"
+    ingress.kubernetes.io/content-security-policy: foo
+    ingress.kubernetes.io/content-type-nosniff: "true"
+    ingress.kubernetes.io/custom-browser-xss-value: foo
+    ingress.kubernetes.io/custom-frame-options-value: foo
+    ingress.kubernetes.io/custom-request-headers: 'Access-Control-Allow-Methods:POST,GET,OPTIONS
+      || Content-type: application/json; charset=utf-8'
+    ingress.kubernetes.io/custom-response-headers: 'Access-Control-Allow-Methods:POST,GET,OPTIONS
+      || Content-type: application/json; charset=utf-8'
+    ingress.kubernetes.io/force-hsts: "true"
+    ingress.kubernetes.io/frame-deny: "true"
+    ingress.kubernetes.io/hsts-include-subdomains: "true"
+    ingress.kubernetes.io/hsts-max-age: "666"
+    ingress.kubernetes.io/hsts-preload: "true"
+    ingress.kubernetes.io/is-development: "true"
+    ingress.kubernetes.io/proxy-headers: foo, fii, fuu
+    ingress.kubernetes.io/public-key: foo
+    ingress.kubernetes.io/referrer-policy: foo
+    ingress.kubernetes.io/ssl-force-host: "true"
+    ingress.kubernetes.io/ssl-host: foo
+    ingress.kubernetes.io/ssl-proxy-headers: 'Access-Control-Allow-Methods:POST,GET,OPTIONS
+      || Content-type: application/json; charset=utf-8'
+    ingress.kubernetes.io/ssl-redirect: "true"
+    ingress.kubernetes.io/ssl-temporary-redirect: "true"
+    kubernetes.io/ingress.class: traefik
+  namespace: testing
+spec:
+  rules:
+  - host: custom-headers
+    http:
+      paths:
+      - backend:
+          serviceName: service1
+          servicePort: 80
+        path: /customheaders
+
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  annotations:
+    ingress.kubernetes.io/protocol: h2c
+  namespace: testing
+spec:
+  rules:
+  - host: protocol
+    http:
+      paths:
+      - backend:
+          serviceName: service1
+          servicePort: 80
+        path: /valid
+
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  annotations:
+    ingress.kubernetes.io/protocol: foobar
+  namespace: testing
+spec:
+  rules:
+  - host: protocol
+    http:
+      paths:
+      - backend:
+          serviceName: service1
+          servicePort: 80
+        path: /notvalid
+
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  annotations:
+    ingress.kubernetes.io/protocol: http
+  namespace: testing
+spec:
+  rules:
+  - host: protocol
+    http:
+      paths:
+      - backend:
+          serviceName: serviceHTTPS
+          servicePort: 443
+        path: /missmatch
+
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  namespace: testing
+spec:
+  rules:
+  - host: protocol
+    http:
+      paths:
+      - backend:
+          serviceName: serviceHTTPS
+          servicePort: 443
+        path: /noAnnotation

provider/kubernetes/fixtures/ingressAnnotations_secrets.yml

@@ -0,0 +1,7 @@
+apiVersion: v1
+data:
+  auth: bXlVc2VyOm15RW5jb2RlZFBX
+kind: Secret
+metadata:
+  name: mySecret
+  namespace: testing

provider/kubernetes/fixtures/ingressAnnotations_services.yml

@@ -0,0 +1,37 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: service1
+  namespace: testing
+spec:
+  clusterIP: 10.0.0.1
+  externalName: example.com
+  ports:
+  - name: http
+    port: 80
+  type: ExternalName
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: service2
+  namespace: testing
+spec:
+  clusterIP: 10.0.0.2
+  ports:
+  - port: 802
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: serviceHTTPS
+  namespace: testing
+spec:
+  clusterIP: 10.0.0.3
+  externalName: example.com
+  ports:
+  - name: https
+    port: 443
+  type: ExternalName

provider/kubernetes/fixtures/ingressClassAnnotation_endpoints.yml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: service2
+  namespace: testing
+subsets:
+- addresses:
+  - ip: 10.10.0.1
+  ports:
+  - name: http
+    port: 80

provider/kubernetes/fixtures/ingressClassAnnotation_ingresses.yml

@@ -0,0 +1,81 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  annotations:
+    kubernetes.io/ingress.class: traefik
+  namespace: testing
+spec:
+  rules:
+  - host: other
+    http:
+      paths:
+      - backend:
+          serviceName: service1
+          servicePort: 80
+        path: /stuff
+
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  annotations:
+    kubernetes.io/ingress.class: ""
+  namespace: testing
+spec:
+  rules:
+  - host: other
+    http:
+      paths:
+      - backend:
+          serviceName: service1
+          servicePort: 80
+        path: /sslstuff
+
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  namespace: testing
+spec:
+  rules:
+  - host: other
+    http:
+      paths:
+      - backend:
+          serviceName: service1
+          servicePort: 80
+        path: /
+
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  annotations:
+    kubernetes.io/ingress.class: traefik-other
+  namespace: testing
+spec:
+  rules:
+  - host: foo
+    http:
+      paths:
+      - backend:
+          serviceName: service1
+          servicePort: 80
+        path: /bar
+
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  annotations:
+    kubernetes.io/ingress.class: custom
+  namespace: testing
+spec:
+  rules:
+  - host: foo
+    http:
+      paths:
+      - backend:
+          serviceName: service2
+          servicePort: 80
+        path: /bar

provider/kubernetes/fixtures/ingressClassAnnotation_services.yml

@@ -0,0 +1,24 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: service1
+  namespace: testing
+spec:
+  clusterIP: 10.0.0.1
+  externalName: example.com
+  ports:
+  - name: http
+    port: 80
+  type: ExternalName
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: service2
+  namespace: testing
+spec:
+  clusterIP: 10.0.0.2
+  ports:
+  - name: http
+    port: 80

provider/kubernetes/fixtures/invalidPassHostHeaderValue_ingresses.yml

@@ -0,0 +1,15 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  annotations:
+    ingress.kubernetes.io/preserve-host: herpderp
+  namespace: testing
+spec:
+  rules:
+  - host: foo
+    http:
+      paths:
+      - backend:
+          serviceName: service1
+          servicePort: 80
+        path: /bar

provider/kubernetes/fixtures/invalidPassHostHeaderValue_services.yml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: service1
+  namespace: testing
+spec:
+  clusterIP: 10.0.0.1
+  externalName: example.com
+  ports:
+  - name: http
+    port: 80
+  type: ExternalName

provider/kubernetes/fixtures/invalidPassTLSCertValue_ingresses.yml

@@ -0,0 +1,15 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  annotations:
+    ingress.kubernetes.io/pass-tls-cert: herpderp
+  namespace: testing
+spec:
+  rules:
+  - host: foo
+    http:
+      paths:
+      - backend:
+          serviceName: service1
+          servicePort: 80
+        path: /bar

provider/kubernetes/fixtures/invalidPassTLSCertValue_services.yml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: service1
+  namespace: testing
+spec:
+  clusterIP: 10.0.0.1
+  externalName: example.com
+  ports:
+  - name: http
+    port: 80
+  type: ExternalName

provider/kubernetes/fixtures/loadGlobalIngressWithExternalName_ingresses.yml

@@ -0,0 +1,8 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  namespace: testing
+spec:
+  backend:
+    serviceName: service1
+    servicePort: 80

provider/kubernetes/fixtures/loadGlobalIngressWithExternalName_services.yml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: service1
+  namespace: testing
+spec:
+  externalName: some-external-name
+  ports:
+  - port: 80
+  type: ExternalName

provider/kubernetes/fixtures/loadGlobalIngressWithHttpsPortNames_endpoints.yml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: service1
+  namespace: testing
+subsets:
+- addresses:
+  - ip: 10.10.0.1
+  ports:
+  - name: https-global
+    port: 8080

provider/kubernetes/fixtures/loadGlobalIngressWithHttpsPortNames_ingresses.yml

@@ -0,0 +1,8 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  namespace: testing
+spec:
+  backend:
+    serviceName: service1
+    servicePort: https-global

provider/kubernetes/fixtures/loadGlobalIngressWithHttpsPortNames_services.yml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: service1
+  namespace: testing
+spec:
+  clusterIP: 10.0.0.1
+  ports:
+  - name: https-global
+    port: 8443

provider/kubernetes/fixtures/loadGlobalIngressWithPortNumbers_endpoints.yml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: service1
+  namespace: testing
+subsets:
+- addresses:
+  - ip: 10.10.0.1
+  ports:
+  - port: 8080

provider/kubernetes/fixtures/loadGlobalIngressWithPortNumbers_ingresses.yml

@@ -0,0 +1,8 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  namespace: testing
+spec:
+  backend:
+    serviceName: service1
+    servicePort: 80

provider/kubernetes/fixtures/loadGlobalIngressWithPortNumbers_services.yml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: service1
+  namespace: testing
+spec:
+  clusterIP: 10.0.0.1
+  ports:
+  - port: 80

provider/kubernetes/fixtures/loadIngressesBasicAuth_ingresses.yml

@@ -0,0 +1,17 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  annotations:
+    ingress.kubernetes.io/auth-remove-header: "true"
+    ingress.kubernetes.io/auth-secret: mySecret
+    ingress.kubernetes.io/auth-type: basic
+  namespace: testing
+spec:
+  rules:
+  - host: basic
+    http:
+      paths:
+      - backend:
+          serviceName: service1
+          servicePort: 80
+        path: /auth

provider/kubernetes/fixtures/loadIngressesBasicAuth_secrets.yml

@@ -0,0 +1,7 @@
+apiVersion: v1
+data:
+  auth: bXlVc2VyOm15RW5jb2RlZFBX
+kind: Secret
+metadata:
+  name: mySecret
+  namespace: testing

provider/kubernetes/fixtures/loadIngressesBasicAuth_services.yml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: service1
+  namespace: testing
+spec:
+  clusterIP: 10.0.0.1
+  externalName: example.com
+  ports:
+  - name: http
+    port: 80
+  type: ExternalName

provider/kubernetes/fixtures/loadIngressesForwardAuthMissingURL_endpoints.yml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: service1
+  namespace: testing
+subsets:
+- addresses:
+  - ip: 10.10.0.1
+  ports:
+  - port: 8080

provider/kubernetes/fixtures/loadIngressesForwardAuthMissingURL_ingresses.yml

@@ -0,0 +1,15 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  annotations:
+    ingress.kubernetes.io/auth-type: forward
+  namespace: testing
+spec:
+  rules:
+  - host: foo
+    http:
+      paths:
+      - backend:
+          serviceName: service1
+          servicePort: 80
+        path: /bar

provider/kubernetes/fixtures/loadIngressesForwardAuthMissingURL_services.yml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: service1
+  namespace: testing
+spec:
+  clusterIP: 10.0.0.1
+  ports:
+  - port: 80

provider/kubernetes/fixtures/loadIngressesForwardAuthWithTLSSecretFailures_endpoints.yml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: service1
+  namespace: testing
+subsets:
+- addresses:
+  - ip: 10.10.0.1
+  ports:
+  - port: 8080

provider/kubernetes/fixtures/loadIngressesForwardAuthWithTLSSecretFailures_ingresses.yml

@@ -0,0 +1,17 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  annotations:
+    ingress.kubernetes.io/auth-tls-secret: secret
+    ingress.kubernetes.io/auth-type: forward
+    ingress.kubernetes.io/auth-url: https://auth.host
+  namespace: testing
+spec:
+  rules:
+  - host: foo
+    http:
+      paths:
+      - backend:
+          serviceName: service1
+          servicePort: 80
+        path: /bar

provider/kubernetes/fixtures/loadIngressesForwardAuthWithTLSSecretFailures_services.yml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: service1
+  namespace: testing
+spec:
+  clusterIP: 10.0.0.1
+  ports:
+  - port: 80
+    targetPort: 0

provider/kubernetes/fixtures/loadIngressesForwardAuthWithTLSSecret_endpoints.yml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: service1
+  namespace: testing
+subsets:
+- addresses:
+  - ip: 10.10.0.1
+  ports:
+  - port: 8080

provider/kubernetes/fixtures/loadIngressesForwardAuthWithTLSSecret_ingresses.yml

@@ -0,0 +1,18 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  annotations:
+    ingress.kubernetes.io/auth-tls-insecure: "true"
+    ingress.kubernetes.io/auth-tls-secret: secret
+    ingress.kubernetes.io/auth-type: forward
+    ingress.kubernetes.io/auth-url: https://auth.host
+  namespace: testing
+spec:
+  rules:
+  - host: foo
+    http:
+      paths:
+      - backend:
+          serviceName: service1
+          servicePort: 80
+        path: /bar

provider/kubernetes/fixtures/loadIngressesForwardAuthWithTLSSecret_secrets.yml

@@ -0,0 +1,8 @@
+apiVersion: v1
+data:
+  tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
+  tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0=
+kind: Secret
+metadata:
+  name: secret
+  namespace: testing

provider/kubernetes/fixtures/loadIngressesForwardAuthWithTLSSecret_services.yml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: service1
+  namespace: testing
+spec:
+  clusterIP: 10.0.0.1
+  ports:
+  - port: 80

provider/kubernetes/fixtures/loadIngressesForwardAuth_endpoints.yml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: service1
+  namespace: testing
+subsets:
+- addresses:
+  - ip: 10.10.0.1
+  ports:
+  - port: 8080

provider/kubernetes/fixtures/loadIngressesForwardAuth_ingresses.yml

@@ -0,0 +1,18 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  annotations:
+    ingress.kubernetes.io/auth-response-headers: X-Auth,X-Test,X-Secret
+    ingress.kubernetes.io/auth-trust-headers: "true"
+    ingress.kubernetes.io/auth-type: forward
+    ingress.kubernetes.io/auth-url: https://auth.host
+  namespace: testing
+spec:
+  rules:
+  - host: foo
+    http:
+      paths:
+      - backend:
+          serviceName: service1
+          servicePort: 80
+        path: /bar

provider/kubernetes/fixtures/loadIngressesForwardAuth_services.yml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: service1
+  namespace: testing
+spec:
+  clusterIP: 10.0.0.1
+  ports:
+  - port: 80

provider/kubernetes/fixtures/loadIngresses_endpoints.yml

@@ -0,0 +1,74 @@
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: service1
+  namespace: testing
+subsets:
+- addresses:
+  - ip: 10.10.0.1
+  ports:
+  - port: 8080
+- addresses:
+  - ip: 10.21.0.1
+  ports:
+  - port: 8080
+
+---
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: service3
+  namespace: testing
+subsets:
+- addresses:
+  - ip: 10.15.0.1
+  ports:
+  - name: http
+    port: 8080
+  - name: https
+    port: 8443
+- addresses:
+  - ip: 10.15.0.2
+  ports:
+  - name: http
+    port: 9080
+  - name: https
+    port: 9443
+
+---
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: service6
+  namespace: testing
+subsets:
+- addresses:
+  - ip: 10.15.0.3
+    targetRef:
+      name: http://10.15.0.3:80
+  ports:
+  - port: 80
+
+---
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: service7
+  namespace: testing
+subsets:
+- addresses:
+  - ip: 10.10.0.7
+  ports:
+  - port: 80
+
+---
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: service8
+  namespace: testing
+subsets:
+- addresses:
+  - ip: 10.10.0.8
+  ports:
+  - port: 80

provider/kubernetes/fixtures/loadIngresses_ingresses.yml

@@ -0,0 +1,49 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  namespace: testing
+spec:
+  rules:
+  - host: foo
+    http:
+      paths:
+      - backend:
+          serviceName: service1
+          servicePort: 80
+        path: /bar
+      - backend:
+          serviceName: service4
+          servicePort: https
+        path: /namedthing
+  - host: bar
+    http:
+      paths:
+      - backend:
+          serviceName: service3
+          servicePort: https
+      - backend:
+          serviceName: service2
+          servicePort: 802
+  - host: service5
+    http:
+      paths:
+      - backend:
+          serviceName: service5
+          servicePort: 8888
+  - host: service6
+    http:
+      paths:
+      - backend:
+          serviceName: service6
+          servicePort: 80
+  - host: '*.service7'
+    http:
+      paths:
+      - backend:
+          serviceName: service7
+          servicePort: 80
+  - http:
+      paths:
+      - backend:
+          serviceName: service8
+          servicePort: 80

provider/kubernetes/fixtures/loadIngresses_services.yml

@@ -0,0 +1,95 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: service1
+  namespace: testing
+spec:
+  clusterIP: 10.0.0.1
+  ports:
+  - port: 80
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: service2
+  namespace: testing
+spec:
+  clusterIP: 10.0.0.2
+  ports:
+  - port: 802
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: service3
+  namespace: testing
+spec:
+  clusterIP: 10.0.0.3
+  ports:
+  - name: http
+    port: 80
+  - name: https
+    port: 443
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: service4
+  namespace: testing
+spec:
+  clusterIP: 10.0.0.4
+  externalName: example.com
+  ports:
+  - name: https
+    port: 443
+  type: ExternalName
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: service5
+  namespace: testing
+spec:
+  clusterIP: 10.0.0.5
+  externalName: example.com
+  ports:
+  - name: http
+    port: 8888
+  type: ExternalName
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: service6
+  namespace: testing
+spec:
+  clusterIP: 10.0.0.6
+  ports:
+  - port: 80
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: service7
+  namespace: testing
+spec:
+  clusterIP: 10.0.0.7
+  ports:
+  - port: 80
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: service8
+  namespace: testing
+spec:
+  clusterIP: 10.0.0.8
+  ports:
+  - port: 80

provider/kubernetes/fixtures/missingResources_endpoints.yml

@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: fully_working_service
+  namespace: testing
+subsets:
+- addresses:
+  - ip: 10.10.0.1
+  ports:
+  - port: 8080
+
+---
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: missing_endpoint_subsets_service
+  namespace: testing
+subsets: null

provider/kubernetes/fixtures/missingResources_ingresses.yml

@@ -0,0 +1,30 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  namespace: testing
+spec:
+  rules:
+  - host: fully_working
+    http:
+      paths:
+      - backend:
+          serviceName: fully_working_service
+          servicePort: 80
+  - host: missing_service
+    http:
+      paths:
+      - backend:
+          serviceName: missing_service_service
+          servicePort: 80
+  - host: missing_endpoints
+    http:
+      paths:
+      - backend:
+          serviceName: missing_endpoints_service
+          servicePort: 80
+  - host: missing_endpoint_subsets
+    http:
+      paths:
+      - backend:
+          serviceName: missing_endpoint_subsets_service
+          servicePort: 80

provider/kubernetes/fixtures/missingResources_services.yml

@@ -0,0 +1,31 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: fully_working_service
+  namespace: testing
+spec:
+  clusterIP: 10.0.0.1
+  ports:
+  - port: 80
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: missing_endpoints_service
+  namespace: testing
+spec:
+  clusterIP: 10.0.0.3
+  ports:
+  - port: 80
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: missing_endpoint_subsets_service
+  namespace: testing
+spec:
+  clusterIP: 10.0.0.4
+  ports:
+  - port: 80

provider/kubernetes/fixtures/multiPortServices_endpoints.yml

@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: service
+  namespace: testing
+subsets:
+- addresses:
+  - ip: 10.10.0.1
+  - ip: 10.10.0.2
+  ports:
+  - name: cheddar
+    port: 8080
+- addresses:
+  - ip: 10.20.0.1
+  - ip: 10.20.0.2
+  ports:
+  - name: stilton
+    port: 8081

provider/kubernetes/fixtures/multiPortServices_ingresses.yml

@@ -0,0 +1,16 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  namespace: testing
+spec:
+  rules:
+  - http:
+      paths:
+      - backend:
+          serviceName: service
+          servicePort: cheddar
+        path: /cheddar
+      - backend:
+          serviceName: service
+          servicePort: stilton
+        path: /stilton

provider/kubernetes/fixtures/multiPortServices_services.yml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: service
+  namespace: testing
+spec:
+  clusterIP: 10.0.0.1
+  ports:
+  - name: cheddar
+    port: 80
+  - name: stilton
+    port: 81

provider/kubernetes/fixtures/onlyReferencesServicesFromOwnNamespace_ingresses.yml

@@ -0,0 +1,12 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  namespace: awesome
+spec:
+  rules:
+  - host: foo
+    http:
+      paths:
+      - backend:
+          serviceName: service
+          servicePort: 80

provider/kubernetes/fixtures/onlyReferencesServicesFromOwnNamespace_services.yml

@@ -0,0 +1,22 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: service
+  namespace: awesome
+spec:
+  clusterIP: 10.0.0.1
+  ports:
+  - name: http
+    port: 80
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: service
+  namespace: not-awesome
+spec:
+  clusterIP: 10.0.0.2
+  ports:
+  - name: http
+    port: 80

provider/kubernetes/fixtures/percentageWeightServiceAnnotation_endpoints.yml

@@ -0,0 +1,24 @@
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: service1
+  namespace: testing
+subsets:
+- addresses:
+  - ip: 10.10.0.1
+  - ip: 10.10.0.2
+  ports:
+  - port: 8080
+
+---
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: service2
+  namespace: testing
+subsets:
+- addresses:
+  - ip: 10.10.0.3
+  - ip: 10.10.0.4
+  ports:
+  - port: 7070

provider/kubernetes/fixtures/percentageWeightServiceAnnotation_ingresses.yml

@@ -0,0 +1,30 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  annotations:
+    ingress.kubernetes.io/service-weights: |2
+
+      service1: 10%
+      service3: 20%
+  namespace: testing
+spec:
+  rules:
+  - host: host1
+    http:
+      paths:
+      - backend:
+          serviceName: service1
+          servicePort: "8080"
+        path: /foo
+      - backend:
+          serviceName: service2
+          servicePort: "7070"
+        path: /foo
+      - backend:
+          serviceName: service3
+          servicePort: "9090"
+        path: /foo
+      - backend:
+          serviceName: service2
+          servicePort: "7070"
+        path: /bar

provider/kubernetes/fixtures/percentageWeightServiceAnnotation_services.yml

@@ -0,0 +1,32 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: service1
+  namespace: testing
+spec:
+  clusterIP: 10.0.0.1
+  ports:
+  - port: 8080
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: service2
+  namespace: testing
+spec:
+  clusterIP: 10.0.0.1
+  ports:
+  - port: 7070
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: service3
+  namespace: testing
+spec:
+  externalName: example.com
+  ports:
+  - port: 9090
+  type: ExternalName

provider/kubernetes/fixtures/priorityHeaderValue_ingresses.yml

@@ -0,0 +1,15 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  annotations:
+    ingress.kubernetes.io/priority: "1337"
+  namespace: testing
+spec:
+  rules:
+  - host: foo
+    http:
+      paths:
+      - backend:
+          serviceName: service1
+          servicePort: 80
+        path: /bar

provider/kubernetes/fixtures/priorityHeaderValue_services.yml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: service1
+  namespace: testing
+spec:
+  clusterIP: 10.0.0.1
+  externalName: example.com
+  ports:
+  - name: http
+    port: 80
+  type: ExternalName

provider/kubernetes/fixtures/providerUpdateIngressStatus_services.yml

@@ -0,0 +1,24 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: service-empty-status
+  namespace: testing
+spec:
+  clusterIP: 10.0.0.1
+  ports:
+  - port: 80
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: service
+  namespace: testing
+spec:
+  clusterIP: 10.0.0.2
+  ports:
+  - port: 80
+status:
+  loadBalancer:
+    ingress:
+    - ip: 127.0.0.1

provider/kubernetes/fixtures/serviceAnnotations_endpoints.yml

@@ -0,0 +1,84 @@
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: service1
+  namespace: testing
+subsets:
+- addresses:
+  - ip: 10.10.0.1
+  ports:
+  - port: 8080
+- addresses:
+  - ip: 10.21.0.1
+  ports:
+  - port: 8080
+
+---
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: service2
+  namespace: testing
+subsets:
+- addresses:
+  - ip: 10.15.0.1
+  ports:
+  - port: 8080
+- addresses:
+  - ip: 10.15.0.2
+  ports:
+  - port: 8080
+
+---
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: service3
+  namespace: testing
+subsets:
+- addresses:
+  - ip: 10.14.0.1
+  ports:
+  - name: http
+    port: 8080
+- addresses:
+  - ip: 10.12.0.1
+  ports:
+  - name: http
+    port: 8080
+
+---
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: service4
+  namespace: testing
+subsets:
+- addresses:
+  - ip: 10.4.0.1
+  ports:
+  - name: http
+    port: 8080
+- addresses:
+  - ip: 10.4.0.2
+  ports:
+  - name: http
+    port: 8080
+
+---
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: service5
+  namespace: testing
+subsets:
+- addresses:
+  - ip: 10.4.0.1
+  ports:
+  - name: http
+    port: 8080
+- addresses:
+  - ip: 10.4.0.2
+  ports:
+  - name: http
+    port: 8080

provider/kubernetes/fixtures/serviceAnnotations_ingresses.yml

@@ -0,0 +1,37 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  namespace: testing
+spec:
+  rules:
+  - host: foo
+    http:
+      paths:
+      - backend:
+          serviceName: service1
+          servicePort: 80
+        path: /bar
+  - host: bar
+    http:
+      paths:
+      - backend:
+          serviceName: service2
+          servicePort: 802
+  - host: baz
+    http:
+      paths:
+      - backend:
+          serviceName: service3
+          servicePort: 803
+  - host: max-conn
+    http:
+      paths:
+      - backend:
+          serviceName: service4
+          servicePort: 804
+  - host: flush
+    http:
+      paths:
+      - backend:
+          serviceName: service5
+          servicePort: 805

provider/kubernetes/fixtures/serviceAnnotations_services.yml

@@ -0,0 +1,74 @@
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    ingress.kubernetes.io/circuit-breaker-expression: NetworkErrorRatio() > 0.5
+    ingress.kubernetes.io/load-balancer-method: drr
+  name: service1
+  namespace: testing
+spec:
+  clusterIP: 10.0.0.1
+  ports:
+  - port: 80
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    ingress.kubernetes.io/circuit-breaker-expression: ""
+    traefik.backend.loadbalancer.sticky: "true"
+  name: service2
+  namespace: testing
+spec:
+  clusterIP: 10.0.0.2
+  ports:
+  - port: 802
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    ingress.kubernetes.io/buffering: |2
+
+      maxrequestbodybytes: 10485760
+      memrequestbodybytes: 2097153
+      maxresponsebodybytes: 10485761
+      memresponsebodybytes: 2097152
+      retryexpression: IsNetworkError() && Attempts() <= 2
+  name: service3
+  namespace: testing
+spec:
+  clusterIP: 10.0.0.3
+  ports:
+  - name: http
+    port: 803
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    ingress.kubernetes.io/max-conn-amount: "6"
+    ingress.kubernetes.io/max-conn-extractor-func: client.ip
+  name: service4
+  namespace: testing
+spec:
+  clusterIP: 10.0.0.4
+  ports:
+  - name: http
+    port: 804
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    ingress.kubernetes.io/responseforwarding-flushinterval: 10ms
+  name: service5
+  namespace: testing
+spec:
+  clusterIP: 10.0.0.5
+  ports:
+  - port: 80

provider/kubernetes/fixtures/tLSSecretLoad_ingresses.yml

@@ -0,0 +1,40 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  annotations:
+    ingress.kubernetes.io/frontend-entry-points: ep1,ep2
+  namespace: testing
+spec:
+  rules:
+  - host: example.com
+    http:
+      paths:
+      - backend:
+          serviceName: example-com
+          servicePort: 80
+  - host: example.org
+    http:
+      paths:
+      - backend:
+          serviceName: example-org
+          servicePort: 80
+  tls:
+  - secretName: myTlsSecret
+
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  annotations:
+    ingress.kubernetes.io/frontend-entry-points: ep3
+  namespace: testing
+spec:
+  rules:
+  - host: example.fail
+    http:
+      paths:
+      - backend:
+          serviceName: example-fail
+          servicePort: 80
+  tls:
+  - secretName: myUndefinedSecret

provider/kubernetes/fixtures/tLSSecretLoad_secrets.yml

@@ -0,0 +1,8 @@
+apiVersion: v1
+data:
+  tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
+  tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0=
+kind: Secret
+metadata:
+  name: myTlsSecret
+  namespace: testing