From f6c6d2bcd065cee11f325ab9fa2787b19efb5d1a Mon Sep 17 00:00:00 2001 From: Ludovic Fernandez Date: Thu, 15 Mar 2018 09:02:03 +0100 Subject: [PATCH 01/10] Add [file] in syntax reference --- docs/configuration/backends/file.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/configuration/backends/file.md b/docs/configuration/backends/file.md index 062cd89fa..6c5db3e17 100644 --- a/docs/configuration/backends/file.md +++ b/docs/configuration/backends/file.md @@ -5,6 +5,8 @@ Træfik can be configured with a file. ## Reference ```toml +[file] + # Backends [backends] From b1e34447981220ef73dbc6452f992199164628ab Mon Sep 17 00:00:00 2001 From: Ludovic Fernandez Date: Thu, 15 Mar 2018 10:14:03 +0100 Subject: [PATCH 02/10] Add lower-case passHostHeader key support. --- autogen/gentemplates/gen.go | 6 ++++++ docs/user-guide/kv-config.md | 2 +- templates/kv.tmpl | 6 ++++++ 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/autogen/gentemplates/gen.go b/autogen/gentemplates/gen.go index 455c05ed6..d0437b0d2 100644 --- a/autogen/gentemplates/gen.go +++ b/autogen/gentemplates/gen.go @@ -575,7 +575,13 @@ var _templatesKvTmpl = []byte(`{{$frontends := List .Prefix "/frontends/" }} {{$entryPoints := GetList . "/entrypoints"}} [frontends."{{$frontend}}"] backend = "{{Get "" . "/backend"}}" + {{ $passHostHeader := Get "" . "/passhostheader"}} + {{if $passHostHeader}} + passHostHeader = {{ $passHostHeader }} + {{else}} + # keep for compatibility reason passHostHeader = {{Get "true" . "/passHostHeader"}} + {{end}} priority = {{Get "0" . "/priority"}} entryPoints = [{{range $entryPoints}} "{{.}}", diff --git a/docs/user-guide/kv-config.md b/docs/user-guide/kv-config.md index 5366ebfce..e1d4bfcba 100644 --- a/docs/user-guide/kv-config.md +++ b/docs/user-guide/kv-config.md @@ -328,7 +328,7 @@ And there, the same dynamic configuration in a KV Store (using `prefix = "traefi | Key | Value | |----------------------------------------------------|--------------------| | `/traefik/frontends/frontend2/backend` | `backend1` | -| `/traefik/frontends/frontend2/passHostHeader` | `true` | +| `/traefik/frontends/frontend2/passhostheader` | `true` | | `/traefik/frontends/frontend2/priority` | `10` | | `/traefik/frontends/frontend2/entrypoints` | `http,https` | | `/traefik/frontends/frontend2/routes/test_2/rule` | `PathPrefix:/test` | diff --git a/templates/kv.tmpl b/templates/kv.tmpl index 21de5604e..6023dd2e6 100644 --- a/templates/kv.tmpl +++ b/templates/kv.tmpl @@ -53,7 +53,13 @@ {{$entryPoints := GetList . "/entrypoints"}} [frontends."{{$frontend}}"] backend = "{{Get "" . "/backend"}}" + {{ $passHostHeader := Get "" . "/passhostheader"}} + {{if $passHostHeader}} + passHostHeader = {{ $passHostHeader }} + {{else}} + # keep for compatibility reason passHostHeader = {{Get "true" . "/passHostHeader"}} + {{end}} priority = {{Get "0" . "/priority"}} entryPoints = [{{range $entryPoints}} "{{.}}", From d88263dbf91742ce88bb2c3e2d44c81540d088da Mon Sep 17 00:00:00 2001 From: SALLEYRON Julien Date: Thu, 15 Mar 2018 10:54:03 +0100 Subject: [PATCH 03/10] Use goroutine pool in throttleProvider --- server/server.go | 6 +++--- server/server_test.go | 5 ++++- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/server/server.go b/server/server.go index a4daf7128..94d8e39ac 100644 --- a/server/server.go +++ b/server/server.go @@ -367,7 +367,7 @@ func (s *Server) preLoadConfiguration(configMsg types.ConfigMessage) { providerConfigUpdateCh = make(chan types.ConfigMessage) s.providerConfigUpdateMap[configMsg.ProviderName] = providerConfigUpdateCh s.routinesPool.Go(func(stop chan bool) { - throttleProviderConfigReload(providersThrottleDuration, s.configurationValidatedChan, providerConfigUpdateCh, stop) + s.throttleProviderConfigReload(providersThrottleDuration, s.configurationValidatedChan, providerConfigUpdateCh, stop) }) } providerConfigUpdateCh <- configMsg @@ -378,11 +378,11 @@ func (s *Server) preLoadConfiguration(configMsg types.ConfigMessage) { // It will immediately publish a new configuration and then only publish the next configuration after the throttle duration. // Note that in the case it receives N new configs in the timeframe of the throttle duration after publishing, // it will publish the last of the newly received configurations. -func throttleProviderConfigReload(throttle time.Duration, publish chan<- types.ConfigMessage, in <-chan types.ConfigMessage, stop chan bool) { +func (s *Server) throttleProviderConfigReload(throttle time.Duration, publish chan<- types.ConfigMessage, in <-chan types.ConfigMessage, stop chan bool) { ring := channels.NewRingChannel(1) defer ring.Close() - safe.Go(func() { + s.routinesPool.Go(func(stop chan bool) { for { select { case <-stop: diff --git a/server/server_test.go b/server/server_test.go index 0a9f7228e..3bdc566cc 100644 --- a/server/server_test.go +++ b/server/server_test.go @@ -297,7 +297,10 @@ func TestThrottleProviderConfigReload(t *testing.T) { stop <- true }() - go throttleProviderConfigReload(throttleDuration, publishConfig, providerConfig, stop) + globalConfig := configuration.GlobalConfiguration{} + server := NewServer(globalConfig) + + go server.throttleProviderConfigReload(throttleDuration, publishConfig, providerConfig, stop) publishedConfigCount := 0 stopConsumeConfigs := make(chan bool) From eacb6ea15aba68c24833869626f3a7289bec8342 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Mirc?= Date: Thu, 15 Mar 2018 07:06:04 -0400 Subject: [PATCH 04/10] Fix Rancher Healthcheck when upgrading a service --- provider/rancher/rancher.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/provider/rancher/rancher.go b/provider/rancher/rancher.go index 4817c1e44..a53d0e586 100644 --- a/provider/rancher/rancher.go +++ b/provider/rancher/rancher.go @@ -283,7 +283,7 @@ func containerFilter(name, healthState, state string) bool { return false } - if state != "" && state != "running" && state != "updating-running" { + if state != "" && state != "running" && state != "updating-running" && state != "upgraded" { log.Debugf("Filtering container %s with state of %s", name, state) return false } @@ -319,7 +319,7 @@ func (p *Provider) serviceFilter(service rancherData) bool { return false } - if service.State != "" && service.State != "active" && service.State != "updating-active" && service.State != "upgraded" { + if service.State != "" && service.State != "active" && service.State != "updating-active" && service.State != "upgraded" && service.State != "upgrading" { log.Debugf("Filtering service %s with state of %s", service.Name, service.State) return false } From 35b83678bd6d31f3feeecdd4b9eb1ab63f017ef9 Mon Sep 17 00:00:00 2001 From: Daniel Tomcej Date: Thu, 15 Mar 2018 06:24:03 -0500 Subject: [PATCH 05/10] Add TLS Docs --- docs/configuration/backends/kubernetes.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/docs/configuration/backends/kubernetes.md b/docs/configuration/backends/kubernetes.md index 632af9600..a664eb63f 100644 --- a/docs/configuration/backends/kubernetes.md +++ b/docs/configuration/backends/kubernetes.md @@ -94,6 +94,17 @@ A label selector can be defined to filter on specific Ingress objects only. See [label-selectors](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors) for details. +### TLS communication between Traefik and backend pods + +Traefik automatically requests endpoint information based on the service provided in the ingress spec. +Although traefik will connect directly to the endpoints (pods), it still checks the service port to see if TLS communication is required. +If the service port defined in the ingress spec is 443, then the backend communication protocol is assumed to be TLS, and will connect via TLS automatically. + +!!! note + Please note that by enabling TLS communication between traefik and your pods, you will have to have trusted certificates that have the proper trust chain and IP subject name. + If this is not an option, you may need to skip TLS certificate verification. + See the [InsecureSkipVerify](configuration/commons/#main-section) setting for more details. + ## Annotations ### General annotations From 79cd306ac25d20efec61e52da6eec4a6949d8348 Mon Sep 17 00:00:00 2001 From: Michael Date: Thu, 15 Mar 2018 14:26:03 +0100 Subject: [PATCH 06/10] Prepare release v1.5.4 --- CHANGELOG.md | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2833b3490..9f5b8ddd6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,30 @@ # Change Log +## [v1.5.4](https://github.com/containous/traefik/tree/v1.5.4) (2018-03-15) +[All Commits](https://github.com/containous/traefik/compare/v1.5.3...v1.5.4) + +**Bug fixes:** +- **[acme]** Fix panic when parsing resolv.conf ([#2955](https://github.com/containous/traefik/pull/2955) by [ldez](https://github.com/ldez)) +- **[acme]** Don't failed traefik start if register and subscribe failed on acme ([#2977](https://github.com/containous/traefik/pull/2977) by [Juliens](https://github.com/Juliens)) +- **[ecs]** Safe access to ECS API pointer values. ([#2983](https://github.com/containous/traefik/pull/2983) by [ldez](https://github.com/ldez)) +- **[kv]** Add lower-case passHostHeader key support. ([#3015](https://github.com/containous/traefik/pull/3015) by [ldez](https://github.com/ldez)) +- **[middleware]** Propagate insecure in white list. ([#2981](https://github.com/containous/traefik/pull/2981) by [ldez](https://github.com/ldez)) +- **[rancher]** Fix Rancher Healthcheck when upgrading a service ([#2962](https://github.com/containous/traefik/pull/2962) by [jmirc](https://github.com/jmirc)) +- **[websocket]** Capitalize Sec-WebSocket-Protocol Header ([#2975](https://github.com/containous/traefik/pull/2975) by [Juliens](https://github.com/Juliens)) +- Use goroutine pool in throttleProvider ([#3013](https://github.com/containous/traefik/pull/3013) by [Juliens](https://github.com/Juliens)) +- Handle quoted strings in UnmarshalJSON ([#3004](https://github.com/containous/traefik/pull/3004) by [Juliens](https://github.com/Juliens)) + +**Documentation:** +- **[acme]** Clarify some deprecations. ([#2959](https://github.com/containous/traefik/pull/2959) by [ldez](https://github.com/ldez)) +- **[acme]** Second defaultEntryPoint should be https, not http. ([#2948](https://github.com/containous/traefik/pull/2948) by [GerbenWelter](https://github.com/GerbenWelter)) +- **[api]** Enhance API, REST, ping documentation. ([#2950](https://github.com/containous/traefik/pull/2950) by [ldez](https://github.com/ldez)) +- **[k8s]** Add TLS Docs ([#3012](https://github.com/containous/traefik/pull/3012) by [dtomcej](https://github.com/dtomcej)) +- Enhance Traefik TOML sample. ([#2996](https://github.com/containous/traefik/pull/2996) by [ldez](https://github.com/ldez)) +- Fix typo in docs ([#2990](https://github.com/containous/traefik/pull/2990) by [mo](https://github.com/mo)) +- Clarify how setting a frontend priority works ([#2984](https://github.com/containous/traefik/pull/2984) by [jbdoumenjou](https://github.com/jbdoumenjou)) +- Add [file] in syntax reference ([#3016](https://github.com/containous/traefik/pull/3016) by [ldez](https://github.com/ldez)) +- Updated the test-it example according to the latest docker version ([#3000](https://github.com/containous/traefik/pull/3000) by [geraldcroes](https://github.com/geraldcroes)) + ## [v1.5.3](https://github.com/containous/traefik/tree/v1.5.3) (2018-02-27) [All Commits](https://github.com/containous/traefik/compare/v1.5.2...v1.5.3) From 73c6007730b8fcc12f1c23624944918c8b0a1fed Mon Sep 17 00:00:00 2001 From: Timo Reimann Date: Mon, 19 Mar 2018 10:38:04 +0100 Subject: [PATCH 07/10] Set INFO log level in Kubernetes guide and examples. --- docs/user-guide/kubernetes.md | 2 +- examples/k8s/traefik-deployment.yaml | 1 + examples/k8s/traefik-ds.yaml | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/user-guide/kubernetes.md b/docs/user-guide/kubernetes.md index 17b866d79..8e4a4988e 100644 --- a/docs/user-guide/kubernetes.md +++ b/docs/user-guide/kubernetes.md @@ -184,9 +184,9 @@ spec: securityContext: privileged: true args: - - -d - --api - --kubernetes + - --logLevel=INFO --- kind: Service apiVersion: v1 diff --git a/examples/k8s/traefik-deployment.yaml b/examples/k8s/traefik-deployment.yaml index 23f81cbe2..ccf18bfb1 100644 --- a/examples/k8s/traefik-deployment.yaml +++ b/examples/k8s/traefik-deployment.yaml @@ -31,6 +31,7 @@ spec: args: - --api - --kubernetes + - --logLevel=INFO --- kind: Service apiVersion: v1 diff --git a/examples/k8s/traefik-ds.yaml b/examples/k8s/traefik-ds.yaml index 1836c95c8..285739e53 100644 --- a/examples/k8s/traefik-ds.yaml +++ b/examples/k8s/traefik-ds.yaml @@ -34,9 +34,9 @@ spec: securityContext: privileged: true args: - - -d - --api - --kubernetes + - --logLevel=INFO --- kind: Service apiVersion: v1 From 7afa33dfa144ea4b2f93ef5fe09c5f2098a71233 Mon Sep 17 00:00:00 2001 From: Timo Reimann Date: Tue, 20 Mar 2018 09:12:03 +0100 Subject: [PATCH 08/10] Fix link to InsecureSkipVerify option. --- docs/configuration/backends/kubernetes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuration/backends/kubernetes.md b/docs/configuration/backends/kubernetes.md index a664eb63f..e04d30369 100644 --- a/docs/configuration/backends/kubernetes.md +++ b/docs/configuration/backends/kubernetes.md @@ -103,7 +103,7 @@ If the service port defined in the ingress spec is 443, then the backend communi !!! note Please note that by enabling TLS communication between traefik and your pods, you will have to have trusted certificates that have the proper trust chain and IP subject name. If this is not an option, you may need to skip TLS certificate verification. - See the [InsecureSkipVerify](configuration/commons/#main-section) setting for more details. + See the [InsecureSkipVerify](/configuration/commons/#main-section) setting for more details. ## Annotations From 43a510c04642226b6a7cc128d196bc0cfa8e9c28 Mon Sep 17 00:00:00 2001 From: yutopp Date: Tue, 20 Mar 2018 22:36:03 +0900 Subject: [PATCH 09/10] Fix goroutine leak in consulcatalog when consul is down --- provider/consul/consul_catalog.go | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/provider/consul/consul_catalog.go b/provider/consul/consul_catalog.go index 97000ed67..cea07e1b9 100644 --- a/provider/consul/consul_catalog.go +++ b/provider/consul/consul_catalog.go @@ -6,6 +6,7 @@ import ( "sort" "strconv" "strings" + "sync" "text/template" "time" @@ -135,7 +136,7 @@ func getChangedIntKeys(currState []int, prevState []int) ([]int, []int) { return fun.Keys(addedKeys).([]int), fun.Keys(removedKeys).([]int) } -func (p *CatalogProvider) watchHealthState(stopCh <-chan struct{}, watchCh chan<- map[string][]string, errorCh chan<- error) { +func (p *CatalogProvider) watchHealthState(stopCh <-chan struct{}, watchCh chan<- map[string][]string, notifyError func(error)) { health := p.client.Health() catalog := p.client.Catalog() @@ -156,7 +157,7 @@ func (p *CatalogProvider) watchHealthState(stopCh <-chan struct{}, watchCh chan< healthyState, meta, err := health.State("passing", options) if err != nil { log.WithError(err).Error("Failed to retrieve health checks") - errorCh <- err + notifyError(err) return } @@ -180,7 +181,7 @@ func (p *CatalogProvider) watchHealthState(stopCh <-chan struct{}, watchCh chan< data, _, err := catalog.Services(&api.QueryOptions{}) if err != nil { log.Errorf("Failed to list services: %s", err) - errorCh <- err + notifyError(err) return } @@ -214,7 +215,7 @@ type Service struct { Ports []int } -func (p *CatalogProvider) watchCatalogServices(stopCh <-chan struct{}, watchCh chan<- map[string][]string, errorCh chan<- error) { +func (p *CatalogProvider) watchCatalogServices(stopCh <-chan struct{}, watchCh chan<- map[string][]string, notifyError func(error)) { catalog := p.client.Catalog() safe.Go(func() { @@ -233,7 +234,7 @@ func (p *CatalogProvider) watchCatalogServices(stopCh <-chan struct{}, watchCh c data, meta, err := catalog.Services(options) if err != nil { log.Errorf("Failed to list services: %s", err) - errorCh <- err + notifyError(err) return } @@ -249,7 +250,7 @@ func (p *CatalogProvider) watchCatalogServices(stopCh <-chan struct{}, watchCh c nodes, _, err := catalog.Service(key, "", &api.QueryOptions{}) if err != nil { log.Errorf("Failed to get detail of service %s: %s", key, err) - errorCh <- err + notifyError(err) return } nodesID := getServiceIds(nodes) @@ -572,8 +573,15 @@ func (p *CatalogProvider) watch(configurationChan chan<- types.ConfigMessage, st watchCh := make(chan map[string][]string) errorCh := make(chan error) - p.watchHealthState(stopCh, watchCh, errorCh) - p.watchCatalogServices(stopCh, watchCh, errorCh) + var errorOnce sync.Once + notifyError := func(err error) { + errorOnce.Do(func() { + errorCh <- err + }) + } + + p.watchHealthState(stopCh, watchCh, notifyError) + p.watchCatalogServices(stopCh, watchCh, notifyError) defer close(stopCh) defer close(watchCh) From a3372acb6d49c24f7ecbe85a8661ff8a3e3b51c4 Mon Sep 17 00:00:00 2001 From: Michael Date: Wed, 21 Mar 2018 17:04:08 +0100 Subject: [PATCH 10/10] Dependency fsnotify organization has been renamed --- Gopkg.lock | 3 ++- Gopkg.toml | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/Gopkg.lock b/Gopkg.lock index 9ddbfb76b..45cadb3f6 100644 --- a/Gopkg.lock +++ b/Gopkg.lock @@ -1241,6 +1241,7 @@ name = "gopkg.in/fsnotify.v1" packages = ["."] revision = "629574ca2a5df945712d3079857300b5e4da0236" + source = "github.com/fsnotify/fsnotify" version = "v1.4.2" [[projects]] @@ -1399,6 +1400,6 @@ [solve-meta] analyzer-name = "dep" analyzer-version = 1 - inputs-digest = "bda37c8b43334917a61fd0b22facf044a35a9b822f709603a8cb58464d738d12" + inputs-digest = "7994872ae2ae128f087243191120faabaac8a738140a5ca664422a8f709827ec" solver-name = "gps-cdcl" solver-version = 1 diff --git a/Gopkg.toml b/Gopkg.toml index bb3844fbd..2b340a41f 100644 --- a/Gopkg.toml +++ b/Gopkg.toml @@ -162,6 +162,7 @@ ignored = ["github.com/sirupsen/logrus"] [[constraint]] name = "gopkg.in/fsnotify.v1" + source = "github.com/fsnotify/fsnotify" version = "1.4.2" [[constraint]]