mirror of
https://github.com/containous/traefik.git
synced 2025-09-08 13:44:22 +03:00
Compare commits
93 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
f34ea7a34a | ||
|
a70b864c55 | ||
|
e5e48d1cc1 | ||
|
42a110dd69 | ||
|
|
cf14b8fa92 | ||
|
e7dc6ec025 | ||
|
|
67483c1b17 | ||
|
4071f1e7f2 | ||
|
|
577709fff3 | ||
|
|
8cd45476ac | ||
|
a9776ceafc | ||
|
e471239955 | ||
|
|
2e8156bfaa | ||
|
|
5e2c929322 | ||
|
|
2b5355c849 | ||
|
|
f21f71786a | ||
|
|
a711f0d037 | ||
|
|
98fc6ca441 | ||
|
c10f1a3a36 | ||
|
79a14ce992 | ||
|
99ce26f7b1 | ||
|
|
16250361c3 | ||
|
|
be44385b42 | ||
|
|
54c77ecb54 | ||
|
a30f0dcabd | ||
|
|
efef7dce4f | ||
|
|
1c9e4c6050 | ||
|
92093a8c09 | ||
|
|
f69982aa9d | ||
|
82fdc569c2 | ||
|
|
def0c1a526 | ||
|
ef2d03d96e | ||
|
|
321c9421ea | ||
|
5a225b4196 | ||
|
525a6cf5b2 | ||
|
27ec0912d5 | ||
|
0a31225e65 | ||
|
|
db4a92d877 | ||
|
|
9df053e3f5 | ||
|
|
95dc43ce4a | ||
|
|
d91eefa74f | ||
|
|
ffdfc13461 | ||
|
|
a13b03ef3d | ||
|
|
69d504c905 | ||
|
bda7e025a2 | ||
|
|
596f04eae8 | ||
|
|
b39d226fb8 | ||
|
20dfb91948 | ||
|
|
e033355225 | ||
|
|
56ed45ae70 | ||
|
|
d3ff0c2cd4 | ||
|
|
566b205758 | ||
|
|
b537ccdb0c | ||
|
d9b8435a7d | ||
|
|
c0ba4d177f | ||
|
7377ab7b95 | ||
|
|
207ac94ed0 | ||
|
fe32a7e584 | ||
|
25e12aee14 | ||
|
5d716f0149 | ||
|
|
918a343557 | ||
|
|
89001ae9a4 | ||
|
c99221fa34 | ||
|
|
d28bcf24e5 | ||
|
8d739c411b | ||
|
|
46c1600ada | ||
|
|
126b32c579 | ||
|
61ceb7a32c | ||
|
|
c7e13eb082 | ||
|
|
6906a022ca | ||
|
|
bda0dba131 | ||
|
|
76867e39ea | ||
|
6f8e8ea252 | ||
|
|
8e7881094f | ||
|
|
7d09132a5c | ||
|
|
6f4a7fb604 | ||
|
|
6e28db513c | ||
|
|
a72d124551 | ||
|
55360c1eaf | ||
|
|
fffa413121 | ||
|
c011bdfdd8 | ||
|
|
871e04cb12 | ||
|
|
287cebb498 | ||
|
6c8d200373 | ||
|
0ac6f80b50 | ||
|
|
2b73860ea5 | ||
|
|
ddcb003b3b | ||
|
|
be52c5abb1 | ||
|
|
eb6c5fc34d | ||
|
|
4fc16f26a3 | ||
|
|
234d35f592 | ||
|
352a72a5d7 | ||
|
|
4d1ce986a6 |
37
.github/workflows/experimental.yaml
vendored
Normal file
37
.github/workflows/experimental.yaml
vendored
Normal file
@@ -0,0 +1,37 @@
|
||||
name: Build experimental image on branch
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- master
|
||||
- v*
|
||||
|
||||
jobs:
|
||||
|
||||
experimental:
|
||||
if: github.repository == 'traefik/traefik'
|
||||
name: Build experimental image on branch
|
||||
runs-on: ubuntu-20.04
|
||||
|
||||
steps:
|
||||
|
||||
# https://github.com/marketplace/actions/checkout
|
||||
- name: Check out code
|
||||
uses: actions/checkout@v2
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Branch name
|
||||
run: echo ${GITHUB_REF##*/}
|
||||
|
||||
- name: Build docker experimental image
|
||||
run: docker build -t traefik/traefik:experimental-${GITHUB_REF##*/} -f exp.Dockerfile .
|
||||
|
||||
- name: Login to Docker Hub
|
||||
uses: docker/login-action@v1
|
||||
with:
|
||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||
|
||||
- name: Push to Docker Hub
|
||||
run: docker push traefik/traefik:experimental-${GITHUB_REF##*/}
|
||||
2
.github/workflows/validate.yaml
vendored
2
.github/workflows/validate.yaml
vendored
@@ -7,7 +7,7 @@ on:
|
||||
|
||||
env:
|
||||
GO_VERSION: 1.17
|
||||
GOLANGCI_LINT_VERSION: v1.41.1
|
||||
GOLANGCI_LINT_VERSION: v1.43.0
|
||||
MISSSPELL_VERSION: v0.3.4
|
||||
PRE_TARGET: ""
|
||||
|
||||
|
||||
1
.gitignore
vendored
1
.gitignore
vendored
@@ -5,6 +5,7 @@
|
||||
.DS_Store
|
||||
/dist
|
||||
/webui/.tmp/
|
||||
/webui/static/
|
||||
/site/
|
||||
/docs/site/
|
||||
/static/
|
||||
|
||||
@@ -16,9 +16,6 @@
|
||||
[linters-settings.gocyclo]
|
||||
min-complexity = 14.0
|
||||
|
||||
[linters-settings.maligned]
|
||||
suggest-new = true
|
||||
|
||||
[linters-settings.goconst]
|
||||
min-len = 3.0
|
||||
min-occurrences = 4.0
|
||||
@@ -51,6 +48,7 @@
|
||||
extensionsv1beta1 = "k8s.io/api/extensions/v1beta1"
|
||||
metav1 = "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
kubeerror = "k8s.io/apimachinery/pkg/api/errors"
|
||||
composeapi = "github.com/docker/compose/v2/pkg/api"
|
||||
|
||||
[linters-settings.gomoddirectives]
|
||||
replace-allow-list = [
|
||||
@@ -59,6 +57,7 @@
|
||||
"github.com/gorilla/mux",
|
||||
"github.com/mailgun/minheap",
|
||||
"github.com/mailgun/multibuf",
|
||||
"github.com/jaguilar/vt100",
|
||||
]
|
||||
|
||||
[linters]
|
||||
@@ -99,6 +98,10 @@
|
||||
"godox", # Too strict
|
||||
"forcetypeassert", # Too strict
|
||||
"tagliatelle", # Not compatible with current tags.
|
||||
"varnamelen", # not relevant
|
||||
"nilnil", # not relevant
|
||||
"ireturn", # not relevant
|
||||
"contextcheck", # too many false-positive
|
||||
]
|
||||
|
||||
[issues]
|
||||
|
||||
@@ -25,49 +25,31 @@ global_job_config:
|
||||
- export "PATH=${GOPATH}/bin:${PATH}"
|
||||
- mkdir -vp "${SEMAPHORE_GIT_DIR}" "${GOPATH}/bin"
|
||||
- export GOPROXY=https://proxy.golang.org,direct
|
||||
- curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b "${GOPATH}/bin" v1.41.1
|
||||
- curl -sfL https://install.goreleaser.com/github.com/goreleaser/goreleaser.sh | bash -s -- -b "${GOPATH}/bin"
|
||||
- curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b "${GOPATH}/bin" v1.43.0
|
||||
- curl -sSfL https://gist.githubusercontent.com/traefiker/6d7ac019c11d011e4f131bb2cca8900e/raw/goreleaser.sh | bash -s -- -b "${GOPATH}/bin"
|
||||
- go install github.com/containous/go-bindata/go-bindata@v1.0.0
|
||||
- checkout
|
||||
- cache restore traefik-$(checksum go.sum)
|
||||
|
||||
blocks:
|
||||
- name: Test Integration Container
|
||||
- name: Test Integration
|
||||
dependencies: []
|
||||
run:
|
||||
when: "branch =~ '.*' OR pull_request =~'.*'"
|
||||
task:
|
||||
jobs:
|
||||
- name: Test Integration Container
|
||||
- name: Test Integration
|
||||
commands:
|
||||
- make pull-images
|
||||
- mkdir -p static # Avoid to generate webui
|
||||
- PRE_TARGET="" make binary
|
||||
- make test-integration-container
|
||||
- make test-integration
|
||||
- df -h
|
||||
epilogue:
|
||||
always:
|
||||
commands:
|
||||
- cache store traefik-$(checksum go.sum) $HOME/go/pkg/mod
|
||||
|
||||
- name: Test Integration Host
|
||||
dependencies: []
|
||||
run:
|
||||
when: "branch =~ '.*' OR pull_request =~'.*'"
|
||||
task:
|
||||
env_vars:
|
||||
- name: PRE_TARGET
|
||||
value: ""
|
||||
jobs:
|
||||
- name: Test Integration Host
|
||||
commands:
|
||||
- mkdir -p static # Avoid to generate webui
|
||||
- make test-integration-host
|
||||
epilogue:
|
||||
always:
|
||||
commands:
|
||||
- cache store traefik-$(checksum go.sum) $HOME/go/pkg/mod
|
||||
|
||||
- name: Release
|
||||
dependencies: []
|
||||
run:
|
||||
@@ -83,7 +65,7 @@ blocks:
|
||||
- name: GH_VERSION
|
||||
value: 1.12.1
|
||||
- name: CODENAME
|
||||
value: "livarot"
|
||||
value: "brie"
|
||||
- name: PRE_TARGET
|
||||
value: ""
|
||||
prologue:
|
||||
|
||||
112
CHANGELOG.md
112
CHANGELOG.md
@@ -1,3 +1,115 @@
|
||||
## [v2.5.7](https://github.com/traefik/traefik/tree/v2.5.7) (2022-01-20)
|
||||
[All Commits](https://github.com/traefik/traefik/compare/v2.5.6...v2.5.7)
|
||||
|
||||
**Bug fixes:**
|
||||
- **[acme]** Update go-acme/lego to v4.6.0 ([#8716](https://github.com/traefik/traefik/pull/8716) by [ldez](https://github.com/ldez))
|
||||
- **[logs]** Adjust log level from info to debug ([#8718](https://github.com/traefik/traefik/pull/8718) by [tomMoulard](https://github.com/tomMoulard))
|
||||
- **[plugins]** Fix middleware plugins memory leak ([#8702](https://github.com/traefik/traefik/pull/8702) by [ldez](https://github.com/ldez))
|
||||
- **[server]** Mitigate memory leak ([#8706](https://github.com/traefik/traefik/pull/8706) by [mpl](https://github.com/mpl))
|
||||
- **[webui,middleware]** Fix middleware regexp's display ([#8697](https://github.com/traefik/traefik/pull/8697) by [tomMoulard](https://github.com/tomMoulard))
|
||||
|
||||
**Documentation:**
|
||||
- **[http]** Fix HTTP provider endpoint config example ([#8715](https://github.com/traefik/traefik/pull/8715) by [kevinpollet](https://github.com/kevinpollet))
|
||||
- **[k8s]** Remove typo in Kubernetes providers labelSelector examples ([#8676](https://github.com/traefik/traefik/pull/8676) by [colinwilson](https://github.com/colinwilson))
|
||||
- **[rules]** Improve regexp matcher documentation ([#8686](https://github.com/traefik/traefik/pull/8686) by [Hades32](https://github.com/Hades32))
|
||||
- **[tracing]** Fix broken jaeger documentation link ([#8665](https://github.com/traefik/traefik/pull/8665) by [tomMoulard](https://github.com/tomMoulard))
|
||||
- Update copyright for 2022 ([#8679](https://github.com/traefik/traefik/pull/8679) by [kevinpollet](https://github.com/kevinpollet))
|
||||
|
||||
## [v2.5.6](https://github.com/traefik/traefik/tree/v2.5.6) (2021-12-22)
|
||||
[All Commits](https://github.com/traefik/traefik/compare/v2.5.5...v2.5.6)
|
||||
|
||||
**Bug fixes:**
|
||||
- **[middleware]** Process all X-Forwarded-For headers in the request ([#8596](https://github.com/traefik/traefik/pull/8596) by [kevinpollet](https://github.com/kevinpollet))
|
||||
- **[plugins]** Update Yaegi to v0.11.2 ([#8650](https://github.com/traefik/traefik/pull/8650) by [ldez](https://github.com/ldez))
|
||||
- **[server]** Update golang.org/x/net dependency version ([#8635](https://github.com/traefik/traefik/pull/8635) by [kevinpollet](https://github.com/kevinpollet))
|
||||
|
||||
**Documentation:**
|
||||
- **[api]** Add missing API endpoints documentation ([#8649](https://github.com/traefik/traefik/pull/8649) by [ichxxx](https://github.com/ichxxx))
|
||||
- **[middleware]** Fix passTLSClientCert CRD example name ([#8637](https://github.com/traefik/traefik/pull/8637) by [ddtmachado](https://github.com/ddtmachado))
|
||||
- **[middleware]** Correct documentation in middleware overview ([#8636](https://github.com/traefik/traefik/pull/8636) by [Alestrix](https://github.com/Alestrix))
|
||||
|
||||
## [v2.5.5](https://github.com/traefik/traefik/tree/v2.5.5) (2021-12-09)
|
||||
[All Commits](https://github.com/traefik/traefik/compare/v2.5.4...v2.5.5)
|
||||
|
||||
**Bug fixes:**
|
||||
- **[acme]** Update go-acme/lego to v4.5.3 ([#8607](https://github.com/traefik/traefik/pull/8607) by [lippertmarkus](https://github.com/lippertmarkus))
|
||||
- **[k8s/crd,k8s]** fix: propagate source criterion config to RateLimit middleware in Kubernetes CRD ([#8591](https://github.com/traefik/traefik/pull/8591) by [rbailly-talend](https://github.com/rbailly-talend))
|
||||
- **[plugins]** plugins: start the go routine before calling Provide ([#8620](https://github.com/traefik/traefik/pull/8620) by [ldez](https://github.com/ldez))
|
||||
- **[plugins]** Update yaegi to v0.11.1 ([#8600](https://github.com/traefik/traefik/pull/8600) by [tomMoulard](https://github.com/tomMoulard))
|
||||
- **[plugins]** Update yaegi v0.11.0 ([#8564](https://github.com/traefik/traefik/pull/8564) by [ldez](https://github.com/ldez))
|
||||
- **[udp]** fix: increase UDP read buffer length to max datagram size ([#8560](https://github.com/traefik/traefik/pull/8560) by [kevinpollet](https://github.com/kevinpollet))
|
||||
|
||||
**Documentation:**
|
||||
- **[consul]** docs: removing typo in consul-catalog provider doc ([#8603](https://github.com/traefik/traefik/pull/8603) by [tomMoulard](https://github.com/tomMoulard))
|
||||
- **[metrics]** docs: remove misleading metrics overview configuration ([#8579](https://github.com/traefik/traefik/pull/8579) by [gsilvapt](https://github.com/gsilvapt))
|
||||
- **[middleware]** docs: align docker configuration example notes in basicauth HTTP middleware ([#8615](https://github.com/traefik/traefik/pull/8615) by [tomMoulard](https://github.com/tomMoulard))
|
||||
- **[service]** docs: health check use readiness probe in k8s ([#8575](https://github.com/traefik/traefik/pull/8575) by [Vampouille](https://github.com/Vampouille))
|
||||
- **[tls]** docs: uniformize client TLS config documentation ([#8602](https://github.com/traefik/traefik/pull/8602) by [kevinpollet](https://github.com/kevinpollet))
|
||||
- Update CODE_OF_CONDUCT.md ([#8619](https://github.com/traefik/traefik/pull/8619) by [tfny](https://github.com/tfny))
|
||||
- fixed minor spelling error in Regexp Syntax section ([#8565](https://github.com/traefik/traefik/pull/8565) by [kerrsmith](https://github.com/kerrsmith))
|
||||
|
||||
## [v2.5.4](https://github.com/traefik/traefik/tree/v2.5.4) (2021-11-08)
|
||||
[All Commits](https://github.com/traefik/traefik/compare/v2.5.3...v2.5.4)
|
||||
|
||||
**Bug fixes:**
|
||||
- **[acme]** Update go-acme/lego to v4.5.0 ([#8481](https://github.com/traefik/traefik/pull/8481) by [ldez](https://github.com/ldez))
|
||||
- **[k8s/crd,k8s]** fix: add missing RequireAnyClientCert value to TLSOption CRD ([#8464](https://github.com/traefik/traefik/pull/8464) by [kevinpollet](https://github.com/kevinpollet))
|
||||
- **[k8s/crd,k8s]** fix: normalize middleware names in ingress route config ([#8484](https://github.com/traefik/traefik/pull/8484) by [aaronraff](https://github.com/aaronraff))
|
||||
- **[middleware,provider,tls]** fix: do not require a TLS client cert when InsecureSkipVerify is false ([#8525](https://github.com/traefik/traefik/pull/8525) by [kevinpollet](https://github.com/kevinpollet))
|
||||
- **[middleware,tls]** fix: use host's root CA set if ClientTLS ca is not defined ([#8545](https://github.com/traefik/traefik/pull/8545) by [kevinpollet](https://github.com/kevinpollet))
|
||||
- **[middleware]** fix: forward request Host to errors middleware service ([#8460](https://github.com/traefik/traefik/pull/8460) by [kevinpollet](https://github.com/kevinpollet))
|
||||
- **[middleware]** fix: use EscapedPath as header value when RawPath is empty ([#8251](https://github.com/traefik/traefik/pull/8251) by [dtomcej](https://github.com/dtomcej))
|
||||
- **[tcp,udp]** fix: TCP/UDP wrr when all servers have a weight set to 0 ([#8553](https://github.com/traefik/traefik/pull/8553) by [tomMoulard](https://github.com/tomMoulard))
|
||||
- **[webui]** fix: bug parsing weighted service provider name ([#8522](https://github.com/traefik/traefik/pull/8522) by [cocoanton](https://github.com/cocoanton))
|
||||
|
||||
**Documentation:**
|
||||
- **[acme]** docs: remove quotes in certificatesresolvers CLI examples ([#8544](https://github.com/traefik/traefik/pull/8544) by [rdxmb](https://github.com/rdxmb))
|
||||
- **[k8s/ingress,k8s]** docs: clarify usage for cross provider references in Kubernetes ingress annotations ([#8536](https://github.com/traefik/traefik/pull/8536) by [rtribotte](https://github.com/rtribotte))
|
||||
- **[k8s/ingress]** docs: networking.k8s.io/v1beta1 to networking.k8s.io/v1 ([#8523](https://github.com/traefik/traefik/pull/8523) by [pmareke](https://github.com/pmareke))
|
||||
- **[k8s]** docs: replace links to French translation of k8s docs with English ones ([#8457](https://github.com/traefik/traefik/pull/8457) by [FoseFx](https://github.com/FoseFx))
|
||||
- **[k8s]** docs: remove non-working kind config in IngressRouteTCP/UDP examples ([#8538](https://github.com/traefik/traefik/pull/8538) by [kevinpollet](https://github.com/kevinpollet))
|
||||
- **[kv]** docs: fix typo in KV providers documentation ([#8477](https://github.com/traefik/traefik/pull/8477) by [rondoe](https://github.com/rondoe))
|
||||
- **[metrics]** docs: fix typo in addRoutersLabels option title ([#8561](https://github.com/traefik/traefik/pull/8561) by [kevinpollet](https://github.com/kevinpollet))
|
||||
- **[middleware]** fix: sourceCriterion documentation for InFlightReq and RateLimit middlewares ([#8524](https://github.com/traefik/traefik/pull/8524) by [pmareke](https://github.com/pmareke))
|
||||
- **[middleware]** Mention escaping escape characters in YAML for regex usage ([#8496](https://github.com/traefik/traefik/pull/8496) by [JackMorganNZ](https://github.com/JackMorganNZ))
|
||||
- **[rules]** docs: add named groups details to Regexp Syntax section ([#8559](https://github.com/traefik/traefik/pull/8559) by [kerrsmith](https://github.com/kerrsmith))
|
||||
- **[tracing]** docs: reword tracing config descriptions to be consistent ([#8473](https://github.com/traefik/traefik/pull/8473) by [kevinpollet](https://github.com/kevinpollet))
|
||||
- docs: remove link to microbadger.com ([#8555](https://github.com/traefik/traefik/pull/8555) by [CrispyBaguette](https://github.com/CrispyBaguette))
|
||||
- docs: remove http scheme urls in documentation ([#8507](https://github.com/traefik/traefik/pull/8507) by [tomMoulard](https://github.com/tomMoulard))
|
||||
- docs: update traefik image version ([#8533](https://github.com/traefik/traefik/pull/8533) by [tomMoulard](https://github.com/tomMoulard))
|
||||
|
||||
## [v2.5.3](https://github.com/traefik/traefik/tree/v2.5.3) (2021-09-20)
|
||||
[All Commits](https://github.com/traefik/traefik/compare/v2.5.2...v2.5.3)
|
||||
|
||||
**Bug fixes:**
|
||||
- **[consulcatalog]** Fix certChan defaulting on consul catalog provider ([#8439](https://github.com/traefik/traefik/pull/8439) by [tomMoulard](https://github.com/tomMoulard))
|
||||
- **[k8s/crd,k8s]** Fix peerCertURI config for k8s crd provider ([#8454](https://github.com/traefik/traefik/pull/8454) by [kevinpollet](https://github.com/kevinpollet))
|
||||
- **[k8s/crd,k8s]** Ensure disableHTTP2 works with k8s crd ([#8448](https://github.com/traefik/traefik/pull/8448) by [ssboisen](https://github.com/ssboisen))
|
||||
- **[k8s/crd,k8s]** Fix ServersTransport reference from IngressRoute service definition ([#8431](https://github.com/traefik/traefik/pull/8431) by [rtribotte](https://github.com/rtribotte))
|
||||
- **[k8s/crd,k8s]** Add cross namespace verification in Kubernetes CRD ([#8422](https://github.com/traefik/traefik/pull/8422) by [tomMoulard](https://github.com/tomMoulard))
|
||||
- **[metrics]** Fix Prometheus router's metrics ([#8425](https://github.com/traefik/traefik/pull/8425) by [tomMoulard](https://github.com/tomMoulard))
|
||||
- **[plugins]** Update yaegi to v0.10.0 ([#8452](https://github.com/traefik/traefik/pull/8452) by [ldez](https://github.com/ldez))
|
||||
|
||||
**Documentation:**
|
||||
- **[middleware,file]** Fix TCP middleware whitelist example ([#8421](https://github.com/traefik/traefik/pull/8421) by [tribal2](https://github.com/tribal2))
|
||||
- **[middleware]** Add default proxy headers list ([#8418](https://github.com/traefik/traefik/pull/8418) by [aaronraff](https://github.com/aaronraff))
|
||||
- Add Tom Moulard in maintainers team ([#8442](https://github.com/traefik/traefik/pull/8442) by [jbdoumenjou](https://github.com/jbdoumenjou))
|
||||
- Fix golang doc URLs ([#8434](https://github.com/traefik/traefik/pull/8434) by [jbdoumenjou](https://github.com/jbdoumenjou))
|
||||
|
||||
## [v2.5.2](https://github.com/traefik/traefik/tree/v2.5.2) (2021-09-02)
|
||||
[All Commits](https://github.com/traefik/traefik/compare/v2.5.1...v2.5.2)
|
||||
|
||||
**Bug fixes:**
|
||||
- **[http3]** Upgrade github.com/lucas-clemente/quic-go to v0.23.0 ([#8413](https://github.com/traefik/traefik/pull/8413) by [sylr](https://github.com/sylr))
|
||||
- **[middleware]** Fix empty body error for mirroring middleware ([#8381](https://github.com/traefik/traefik/pull/8381) by [antgubarev](https://github.com/antgubarev))
|
||||
- **[tracing]** Bump go.elastic.co/apm version to v1.13.1 ([#8399](https://github.com/traefik/traefik/pull/8399) by [rtribotte](https://github.com/rtribotte))
|
||||
- Update x/sys to support go 1.17 ([#8368](https://github.com/traefik/traefik/pull/8368) by [roopakv](https://github.com/roopakv))
|
||||
- Bump Alpine docker image version from 3.11 to 3.14 for official Traefik images
|
||||
|
||||
**Documentation:**
|
||||
- **[k8s/ingress,k8s]** Adds pathType for v1 ingresses examples ([#8392](https://github.com/traefik/traefik/pull/8392) by [rtribotte](https://github.com/rtribotte))
|
||||
- Fix http scheme urls in documentation ([#8395](https://github.com/traefik/traefik/pull/8395) by [rtribotte](https://github.com/rtribotte))
|
||||
|
||||
## [v2.5.1](https://github.com/traefik/traefik/tree/v2.5.1) (2021-08-20)
|
||||
[All Commits](https://github.com/traefik/traefik/compare/v2.5.0...v2.5.1)
|
||||
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
## Our Pledge
|
||||
|
||||
In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience,nationality, personal appearance, race, religion, or sexual identity and orientation.
|
||||
In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation.
|
||||
|
||||
## Our Standards
|
||||
|
||||
@@ -30,15 +30,19 @@ Project maintainers have the right and responsibility to remove, edit, or reject
|
||||
|
||||
## Scope
|
||||
|
||||
This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community.
|
||||
This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or our community.
|
||||
|
||||
Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event.
|
||||
Representation of a project may be further defined and clarified by project maintainers.
|
||||
|
||||
## Enforcement
|
||||
|
||||
Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at contact@traefik.io
|
||||
|
||||
All complaints will be reviewed and investigated and will result in a response that is deemed necessary and appropriate to the circumstances.
|
||||
|
||||
The project team is obligated to maintain confidentiality with regard to the reporter of an incident.
|
||||
|
||||
Further details of specific enforcement policies may be posted separately.
|
||||
|
||||
Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership.
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
The MIT License (MIT)
|
||||
|
||||
Copyright (c) 2016-2020 Containous SAS; 2020-2021 Traefik Labs
|
||||
Copyright (c) 2016-2020 Containous SAS; 2020-2022 Traefik Labs
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
|
||||
36
Makefile
36
Makefile
@@ -15,7 +15,7 @@ TRAEFIK_DEV_IMAGE := traefik-dev$(if $(GIT_BRANCH),:$(subst /,-,$(GIT_BRANCH)))
|
||||
REPONAME := $(shell echo $(REPO) | tr '[:upper:]' '[:lower:]')
|
||||
TRAEFIK_IMAGE := $(if $(REPONAME),$(REPONAME),"traefik/traefik")
|
||||
|
||||
INTEGRATION_OPTS := $(if $(MAKE_DOCKER_HOST),-e "DOCKER_HOST=$(MAKE_DOCKER_HOST)", -e "TEST_CONTAINER=1" -v "/var/run/docker.sock:/var/run/docker.sock")
|
||||
INTEGRATION_OPTS := $(if $(MAKE_DOCKER_HOST),-e "DOCKER_HOST=$(MAKE_DOCKER_HOST)",-v "/var/run/docker.sock:/var/run/docker.sock")
|
||||
DOCKER_BUILD_ARGS := $(if $(DOCKER_VERSION), "--build-arg=DOCKER_VERSION=$(DOCKER_VERSION)",)
|
||||
|
||||
TRAEFIK_ENVS := \
|
||||
@@ -32,7 +32,8 @@ TRAEFIK_ENVS := \
|
||||
TRAEFIK_MOUNT := -v "$(CURDIR)/$(BIND_DIR):/go/src/github.com/traefik/traefik/$(BIND_DIR)"
|
||||
DOCKER_RUN_OPTS := $(TRAEFIK_ENVS) $(TRAEFIK_MOUNT) "$(TRAEFIK_DEV_IMAGE)"
|
||||
DOCKER_NON_INTERACTIVE ?= false
|
||||
DOCKER_RUN_TRAEFIK := docker run --add-host=host.docker.internal:127.0.0.1 $(INTEGRATION_OPTS) $(if $(DOCKER_NON_INTERACTIVE), , -it) $(DOCKER_RUN_OPTS)
|
||||
DOCKER_RUN_TRAEFIK := docker run $(INTEGRATION_OPTS) $(if $(DOCKER_NON_INTERACTIVE), , -it) $(DOCKER_RUN_OPTS)
|
||||
DOCKER_RUN_TRAEFIK_TEST := docker run --add-host=host.docker.internal:127.0.0.1 --rm --name=traefik --network traefik-test-network -v $(PWD):$(PWD) -w $(PWD) $(INTEGRATION_OPTS) $(if $(DOCKER_NON_INTERACTIVE), , -it) $(DOCKER_RUN_OPTS)
|
||||
DOCKER_RUN_TRAEFIK_NOTTY := docker run $(INTEGRATION_OPTS) $(if $(DOCKER_NON_INTERACTIVE), , -i) $(DOCKER_RUN_OPTS)
|
||||
|
||||
PRE_TARGET ?= build-dev-image
|
||||
@@ -81,30 +82,27 @@ crossbinary-default-parallel:
|
||||
$(MAKE) build-dev-image crossbinary-default
|
||||
|
||||
## Run the unit and integration tests
|
||||
test: build-dev-image
|
||||
$(DOCKER_RUN_TRAEFIK) ./script/make.sh generate test-unit binary test-integration
|
||||
test: $(PRE_TARGET)
|
||||
-docker network create traefik-test-network --driver bridge --subnet 172.31.42.0/24
|
||||
trap 'docker network rm traefik-test-network' EXIT; \
|
||||
$(if $(PRE_TARGET),$(DOCKER_RUN_TRAEFIK_TEST),) ./script/make.sh generate test-unit binary test-integration
|
||||
|
||||
## Run the unit tests
|
||||
test-unit: $(PRE_TARGET)
|
||||
$(if $(PRE_TARGET),$(DOCKER_RUN_TRAEFIK)) ./script/make.sh generate test-unit
|
||||
-docker network create traefik-test-network --driver bridge --subnet 172.31.42.0/24
|
||||
trap 'docker network rm traefik-test-network' EXIT; \
|
||||
$(if $(PRE_TARGET),$(DOCKER_RUN_TRAEFIK_TEST)) ./script/make.sh generate test-unit
|
||||
|
||||
## Run the integration tests
|
||||
test-integration: $(PRE_TARGET)
|
||||
-docker network create traefik-test-network --driver bridge --subnet 172.31.42.0/24
|
||||
trap 'docker network rm traefik-test-network' EXIT; \
|
||||
$(if $(PRE_TARGET),$(DOCKER_RUN_TRAEFIK_TEST),) ./script/make.sh generate binary test-integration
|
||||
|
||||
## Pull all images for integration tests
|
||||
pull-images:
|
||||
grep --no-filename -E '^\s+image:' ./integration/resources/compose/*.yml | awk '{print $$2}' | sort | uniq | xargs -P 6 -n 1 docker pull
|
||||
|
||||
## Run the integration tests
|
||||
test-integration: $(PRE_TARGET) binary
|
||||
$(if $(PRE_TARGET),$(DOCKER_RUN_TRAEFIK),TEST_CONTAINER=1) ./script/make.sh test-integration
|
||||
TEST_HOST=1 ./script/make.sh test-integration
|
||||
|
||||
## Run the container integration tests
|
||||
test-integration-container: $(PRE_TARGET) binary
|
||||
$(if $(PRE_TARGET),$(DOCKER_RUN_TRAEFIK),TEST_CONTAINER=1) ./script/make.sh test-integration
|
||||
|
||||
## Run the host integration tests
|
||||
test-integration-host: $(PRE_TARGET) binary
|
||||
TEST_HOST=1 ./script/make.sh test-integration
|
||||
|
||||
## Validate code and docs
|
||||
validate-files: $(PRE_TARGET)
|
||||
$(if $(PRE_TARGET),$(DOCKER_RUN_TRAEFIK)) ./script/make.sh generate validate-lint validate-misspell
|
||||
@@ -140,7 +138,7 @@ docs-serve:
|
||||
docs-pull-images:
|
||||
make -C ./docs docs-pull-images
|
||||
|
||||
## Generate CRD clientset
|
||||
## Generate CRD clientset and CRD manifests
|
||||
generate-crd:
|
||||
@$(CURDIR)/script/code-gen.sh
|
||||
|
||||
|
||||
@@ -63,7 +63,7 @@ _(But if you'd rather configure some of your routes manually, Traefik supports t
|
||||
- Keeps access logs (JSON, CLF)
|
||||
- Fast
|
||||
- Exposes a Rest API
|
||||
- Packaged as a single binary file (made with :heart: with go) and available as a [tiny](https://microbadger.com/images/traefik) [official](https://hub.docker.com/r/_/traefik/) docker image
|
||||
- Packaged as a single binary file (made with :heart: with go) and available as an [official](https://hub.docker.com/r/_/traefik/) docker image
|
||||
|
||||
|
||||
## Supported Backends
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# Security Policy
|
||||
|
||||
We strongly advise you to register your Traefik instances to [Pilot](http://pilot.traefik.io) to be notified of security advisories that apply to your Traefik version.
|
||||
We strongly advise you to register your Traefik instances to [Pilot](https://pilot.traefik.io) to be notified of security advisories that apply to your Traefik version.
|
||||
You can also join our security mailing list to be aware of the latest announcements from our security team.
|
||||
You can subscribe sending a mail to security+subscribe@traefik.io or on [the online viewer](https://groups.google.com/a/traefik.io/forum/#!forum/security).
|
||||
|
||||
|
||||
@@ -19,13 +19,13 @@ RUN mkdir -p /usr/local/bin \
|
||||
&& chmod +x /usr/local/bin/go-bindata
|
||||
|
||||
# Download golangci-lint binary to bin folder in $GOPATH
|
||||
RUN curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | bash -s -- -b $GOPATH/bin v1.41.1
|
||||
RUN curl -sfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | bash -s -- -b $GOPATH/bin v1.43.0
|
||||
|
||||
# Download misspell binary to bin folder in $GOPATH
|
||||
RUN curl -sfL https://raw.githubusercontent.com/client9/misspell/master/install-misspell.sh | bash -s -- -b $GOPATH/bin v0.3.4
|
||||
|
||||
# Download goreleaser binary to bin folder in $GOPATH
|
||||
RUN curl -sfL https://install.goreleaser.com/github.com/goreleaser/goreleaser.sh | sh
|
||||
RUN curl -sfL https://gist.githubusercontent.com/traefiker/6d7ac019c11d011e4f131bb2cca8900e/raw/goreleaser.sh | sh
|
||||
|
||||
WORKDIR /go/src/github.com/traefik/traefik
|
||||
|
||||
|
||||
@@ -258,7 +258,7 @@ type fileWriter struct {
|
||||
}
|
||||
|
||||
func (f fileWriter) Write(files map[string]*File) error {
|
||||
err := os.MkdirAll(f.baseDir, 0755)
|
||||
err := os.MkdirAll(f.baseDir, 0o755)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
@@ -4,8 +4,8 @@ import (
|
||||
"fmt"
|
||||
"go/build"
|
||||
"go/types"
|
||||
"io/ioutil"
|
||||
"log"
|
||||
"os"
|
||||
"path"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
@@ -83,7 +83,7 @@ func run(dest string) error {
|
||||
return err
|
||||
}
|
||||
|
||||
return ioutil.WriteFile(filepath.Join(dest, "marshaler.go"), []byte(fmt.Sprintf(marsh, destPkg)), 0666)
|
||||
return os.WriteFile(filepath.Join(dest, "marshaler.go"), []byte(fmt.Sprintf(marsh, destPkg)), 0o666)
|
||||
}
|
||||
|
||||
func cleanType(typ types.Type, base string) string {
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
|
||||
FROM alpine:3.13 as alpine
|
||||
FROM alpine:3.14 as alpine
|
||||
|
||||
RUN apk --no-cache --no-progress add \
|
||||
libcurl \
|
||||
|
||||
@@ -29,7 +29,7 @@ docker run --rm -v /home/user/go/github/traefik/traefik:/mkdocs -p 8000:8000 tr
|
||||
|
||||
!!! tip "Default URL"
|
||||
|
||||
Your local documentation server will run by default on [http://127.0.0.1:8000](http://127.0.0.1:8000).
|
||||
Your local documentation server will run by default on <http://127.0.0.1:8000>.
|
||||
|
||||
If you only want to build the documentation without serving it locally, you can use the following command:
|
||||
|
||||
|
||||
@@ -19,6 +19,7 @@
|
||||
* Romain Tribotté [@rtribotte](https://github.com/rtribotte)
|
||||
* Kevin Pollet [@kevinpollet](https://github.com/kevinpollet)
|
||||
* Harold Ozouf [@jspdown](https://github.com/jspdown)
|
||||
* Tom Moulard [@tommoulard](https://github.com/tommoulard)
|
||||
|
||||
## Maintainer's Guidelines
|
||||
|
||||
|
||||
@@ -125,7 +125,7 @@ http:
|
||||
the principle of the above example above (a catchall router) still stands,
|
||||
but the `unavailable` service should be adapted to fit such a need.
|
||||
|
||||
## Why Is My TLS Certificate Not Reloaded When Its Contents Change ?
|
||||
## Why Is My TLS Certificate Not Reloaded When Its Contents Change?
|
||||
|
||||
With the file provider,
|
||||
a configuration update is only triggered when one of the [watched](../providers/file.md#provider-configuration) configuration files is modified.
|
||||
@@ -137,3 +137,18 @@ a configuration update is _not_ triggered.
|
||||
To take into account the new certificate contents, the update of the dynamic configuration must be forced.
|
||||
One way to achieve that, is to trigger a file notification,
|
||||
for example, by using the `touch` command on the configuration file.
|
||||
|
||||
## What Are the Forwarded Headers When Proxying HTTP Requests?
|
||||
|
||||
By default, the following headers are automatically added when proxying requests:
|
||||
|
||||
| Property | HTTP Header |
|
||||
|---------------------------|----------------------------|
|
||||
| Client's IP | X-Forwarded-For, X-Real-Ip |
|
||||
| Host | X-Forwarded-Host |
|
||||
| Port | X-Forwarded-Port |
|
||||
| Protocol | X-Forwarded-Proto |
|
||||
| Proxy Server's Hostname | X-Forwarded-Server |
|
||||
|
||||
For more details,
|
||||
please check out the [forwarded header](../routing/entrypoints.md#forwarded-headers) documentation.
|
||||
|
||||
@@ -24,7 +24,7 @@ For more details, go to the [Docker provider documentation](../providers/docker.
|
||||
!!! tip
|
||||
|
||||
* Prefer a fixed version than the latest that could be an unexpected version.
|
||||
ex: `traefik:v2.1.4`
|
||||
ex: `traefik:v2.5`
|
||||
* Docker images are based from the [Alpine Linux Official image](https://hub.docker.com/_/alpine).
|
||||
* Any orchestrator using docker images can fetch the official Traefik docker image.
|
||||
|
||||
@@ -101,13 +101,13 @@ helm install traefik traefik/traefik
|
||||
|
||||
This HelmChart does not expose the Traefik dashboard by default, for security concerns.
|
||||
Thus, there are multiple ways to expose the dashboard.
|
||||
For instance, the dashboard access could be achieved through a port-forward :
|
||||
For instance, the dashboard access could be achieved through a port-forward:
|
||||
|
||||
```shell
|
||||
kubectl port-forward $(kubectl get pods --selector "app.kubernetes.io/name=traefik" --output=name) 9000:9000
|
||||
```
|
||||
|
||||
Accessible with the url: http://127.0.0.1:9000/dashboard/
|
||||
It can then be reached at: `http://127.0.0.1:9000/dashboard/`
|
||||
|
||||
Another way would be to apply your own configuration, for instance,
|
||||
by defining and applying an IngressRoute CRD (`kubectl apply -f dashboard.yaml`):
|
||||
|
||||
@@ -36,7 +36,7 @@ Start your `reverse-proxy` with the following command:
|
||||
docker-compose up -d reverse-proxy
|
||||
```
|
||||
|
||||
You can open a browser and go to [http://localhost:8080/api/rawdata](http://localhost:8080/api/rawdata) to see Traefik's API rawdata (we'll go back there once we have launched a service in step 2).
|
||||
You can open a browser and go to `http://localhost:8080/api/rawdata` to see Traefik's API rawdata (we'll go back there once we have launched a service in step 2).
|
||||
|
||||
## Traefik Detects New Services and Creates the Route for You
|
||||
|
||||
@@ -61,7 +61,7 @@ Start the `whoami` service with the following command:
|
||||
docker-compose up -d whoami
|
||||
```
|
||||
|
||||
Go back to your browser ([http://localhost:8080/api/rawdata](http://localhost:8080/api/rawdata)) and see that Traefik has automatically detected the new container and updated its own configuration.
|
||||
Go back to your browser (`http://localhost:8080/api/rawdata`) and see that Traefik has automatically detected the new container and updated its own configuration.
|
||||
|
||||
When Traefik detects new services, it creates the corresponding routes so you can call them ... _let's see!_ (Here, we're using curl)
|
||||
|
||||
@@ -85,7 +85,7 @@ Run more instances of your `whoami` service with the following command:
|
||||
docker-compose up -d --scale whoami=2
|
||||
```
|
||||
|
||||
Go back to your browser ([http://localhost:8080/api/rawdata](http://localhost:8080/api/rawdata)) and see that Traefik has automatically detected the new instance of the container.
|
||||
Go back to your browser (`http://localhost:8080/api/rawdata`) and see that Traefik has automatically detected the new instance of the container.
|
||||
|
||||
Finally, see that Traefik load-balances between the two instances of your service by running the following command twice:
|
||||
|
||||
|
||||
@@ -284,6 +284,7 @@ For complete details, refer to your provider's _Additional configuration_ link.
|
||||
|-------------------------------------------------------------|----------------|---------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------|
|
||||
| [ACME DNS](https://github.com/joohoi/acme-dns) | `acme-dns` | `ACME_DNS_API_BASE`, `ACME_DNS_STORAGE_PATH` | [Additional configuration](https://go-acme.github.io/lego/dns/acme-dns) |
|
||||
| [Alibaba Cloud](https://www.alibabacloud.com) | `alidns` | `ALICLOUD_ACCESS_KEY`, `ALICLOUD_SECRET_KEY`, `ALICLOUD_REGION_ID` | [Additional configuration](https://go-acme.github.io/lego/dns/alidns) |
|
||||
| [all-inkl](https://all-inkl.com) | `allinkl` | `ALL_INKL_LOGIN`, `ALL_INKL_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/allinkl) |
|
||||
| [ArvanCloud](https://www.arvancloud.com/en) | `arvancloud` | `ARVANCLOUD_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/arvancloud) |
|
||||
| [Auroradns](https://www.pcextreme.com/dns-health-checks) | `auroradns` | `AURORA_USER_ID`, `AURORA_KEY`, `AURORA_ENDPOINT` | [Additional configuration](https://go-acme.github.io/lego/dns/auroradns) |
|
||||
| [Autodns](https://www.internetx.com/domains/autodns/) | `autodns` | `AUTODNS_API_USER`, `AUTODNS_API_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/autodns) |
|
||||
@@ -292,15 +293,15 @@ For complete details, refer to your provider's _Additional configuration_ link.
|
||||
| [Blue Cat](https://www.bluecatnetworks.com/) | `bluecat` | `BLUECAT_SERVER_URL`, `BLUECAT_USER_NAME`, `BLUECAT_PASSWORD`, `BLUECAT_CONFIG_NAME`, `BLUECAT_DNS_VIEW` | [Additional configuration](https://go-acme.github.io/lego/dns/bluecat) |
|
||||
| [Checkdomain](https://www.checkdomain.de/) | `checkdomain` | `CHECKDOMAIN_TOKEN`, | [Additional configuration](https://go-acme.github.io/lego/dns/checkdomain/) |
|
||||
| [CloudDNS](https://vshosting.eu/) | `clouddns` | `CLOUDDNS_CLIENT_ID`, `CLOUDDNS_EMAIL`, `CLOUDDNS_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/clouddns) |
|
||||
| [ClouDNS](https://www.cloudns.net/) | `cloudns` | `CLOUDNS_AUTH_ID`, `CLOUDNS_AUTH_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/cloudns) |
|
||||
| [Cloudflare](https://www.cloudflare.com) | `cloudflare` | `CF_API_EMAIL`, `CF_API_KEY` [^5] or `CF_DNS_API_TOKEN`, `[CF_ZONE_API_TOKEN]` | [Additional configuration](https://go-acme.github.io/lego/dns/cloudflare) |
|
||||
| [ClouDNS](https://www.cloudns.net/) | `cloudns` | `CLOUDNS_AUTH_ID`, `CLOUDNS_AUTH_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/cloudns) |
|
||||
| [CloudXNS](https://www.cloudxns.net) | `cloudxns` | `CLOUDXNS_API_KEY`, `CLOUDXNS_SECRET_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/cloudxns) |
|
||||
| [ConoHa](https://www.conoha.jp) | `conoha` | `CONOHA_TENANT_ID`, `CONOHA_API_USERNAME`, `CONOHA_API_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/conoha) |
|
||||
| [Constellix](https://constellix.com) | `constellix` | `CONSTELLIX_API_KEY`, `CONSTELLIX_SECRET_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/constellix) |
|
||||
| [deSEC](https://desec.io) | `desec` | `DESEC_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/desec) |
|
||||
| [DigitalOcean](https://www.digitalocean.com) | `digitalocean` | `DO_AUTH_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/digitalocean) |
|
||||
| [DNSimple](https://dnsimple.com) | `dnsimple` | `DNSIMPLE_OAUTH_TOKEN`, `DNSIMPLE_BASE_URL` | [Additional configuration](https://go-acme.github.io/lego/dns/dnsimple) |
|
||||
| [DNS Made Easy](https://dnsmadeeasy.com) | `dnsmadeeasy` | `DNSMADEEASY_API_KEY`, `DNSMADEEASY_API_SECRET`, `DNSMADEEASY_SANDBOX` | [Additional configuration](https://go-acme.github.io/lego/dns/dnsmadeeasy) |
|
||||
| [DNSimple](https://dnsimple.com) | `dnsimple` | `DNSIMPLE_OAUTH_TOKEN`, `DNSIMPLE_BASE_URL` | [Additional configuration](https://go-acme.github.io/lego/dns/dnsimple) |
|
||||
| [DNSPod](https://www.dnspod.com/) | `dnspod` | `DNSPOD_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/dnspod) |
|
||||
| [Domain Offensive (do.de)](https://www.do.de/) | `dode` | `DODE_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/dode) |
|
||||
| [Domeneshop](https://domene.shop) | `domeneshop` | `DOMENESHOP_API_TOKEN`, `DOMENESHOP_API_SECRET` | [Additional configuration](https://go-acme.github.io/lego/dns/domeneshop) |
|
||||
@@ -310,21 +311,25 @@ For complete details, refer to your provider's _Additional configuration_ link.
|
||||
| [Dynu](https://www.dynu.com) | `dynu` | `DYNU_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/dynu) |
|
||||
| [EasyDNS](https://easydns.com/) | `easydns` | `EASYDNS_TOKEN`, `EASYDNS_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/easydns) |
|
||||
| [EdgeDNS](https://www.akamai.com/) | `edgedns` | `AKAMAI_CLIENT_TOKEN`, `AKAMAI_CLIENT_SECRET`, `AKAMAI_ACCESS_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/edgedns) |
|
||||
| External Program | `exec` | `EXEC_PATH` | [Additional configuration](https://go-acme.github.io/lego/dns/exec) |
|
||||
| [Epik](https://www.epik.com) | `epik` | `EPIK_SIGNATURE` | [Additional configuration](https://go-acme.github.io/lego/dns/epik) |
|
||||
| [Exoscale](https://www.exoscale.com) | `exoscale` | `EXOSCALE_API_KEY`, `EXOSCALE_API_SECRET`, `EXOSCALE_ENDPOINT` | [Additional configuration](https://go-acme.github.io/lego/dns/exoscale) |
|
||||
| [Fast DNS](https://www.akamai.com/) | `fastdns` | `AKAMAI_CLIENT_TOKEN`, `AKAMAI_CLIENT_SECRET`, `AKAMAI_ACCESS_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/edgedns) |
|
||||
| [Freemyip.com](https://freemyip.com) | `freemyip` | `FREEMYIP_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/freemyip) |
|
||||
| [G-Core Lab](https://gcorelabs.com/dns/) | `gcore` | `GCORE_PERMANENT_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/gcore) |
|
||||
| [Gandi v5](https://doc.livedns.gandi.net) | `gandiv5` | `GANDIV5_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/gandiv5) |
|
||||
| [Gandi](https://www.gandi.net) | `gandi` | `GANDI_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/gandi) |
|
||||
| [Gandi v5](http://doc.livedns.gandi.net) | `gandiv5` | `GANDIV5_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/gandiv5) |
|
||||
| [Glesys](https://glesys.com/) | `glesys` | `GLESYS_API_USER`, `GLESYS_API_KEY`, `GLESYS_DOMAIN` | [Additional configuration](https://go-acme.github.io/lego/dns/glesys) |
|
||||
| [GoDaddy](https://godaddy.com/) | `godaddy` | `GODADDY_API_KEY`, `GODADDY_API_SECRET` | [Additional configuration](https://go-acme.github.io/lego/dns/godaddy) |
|
||||
| [Google Cloud DNS](https://cloud.google.com/dns/docs/) | `gcloud` | `GCE_PROJECT`, Application Default Credentials [^2] [^3], [`GCE_SERVICE_ACCOUNT_FILE`] | [Additional configuration](https://go-acme.github.io/lego/dns/gcloud) |
|
||||
| [Hetzner](https://hetzner.com) | `hetzner` | `HETZNER_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/hetzner) |
|
||||
| [hosting.de](https://www.hosting.de) | `hostingde` | `HOSTINGDE_API_KEY`, `HOSTINGDE_ZONE_NAME` | [Additional configuration](https://go-acme.github.io/lego/dns/hostingde) |
|
||||
| HTTP request | `httpreq` | `HTTPREQ_ENDPOINT`, `HTTPREQ_MODE`, `HTTPREQ_USERNAME`, `HTTPREQ_PASSWORD` [^1] | [Additional configuration](https://go-acme.github.io/lego/dns/httpreq) |
|
||||
| [Hosttech](https://www.hosttech.eu) | `hosttech` | `HOSTTECH_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/hosttech) |
|
||||
| [HyperOne](https://www.hyperone.com) | `hyperone` | `HYPERONE_PASSPORT_LOCATION`, `HYPERONE_LOCATION_ID` | [Additional configuration](https://go-acme.github.io/lego/dns/hyperone) |
|
||||
| [IBM Cloud (SoftLayer)](https://www.ibm.com/cloud/) | `ibmcloud` | `SOFTLAYER_USERNAME`, `SOFTLAYER_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/ibmcloud) |
|
||||
| [IIJ](https://www.iij.ad.jp/) | `iij` | `IIJ_API_ACCESS_KEY`, `IIJ_API_SECRET_KEY`, `IIJ_DO_SERVICE_CODE` | [Additional configuration](https://go-acme.github.io/lego/dns/iij) |
|
||||
| [Infoblox](https://www.infoblox.com/) | `infoblox` | `INFOBLOX_USER`, `INFOBLOX_PASSWORD`, `INFOBLOX_HOST` | [Additional configuration](https://go-acme.github.io/lego/dns/infoblox) |
|
||||
| [Infomaniak](https://www.infomaniak.com) | `infomaniak` | `INFOMANIAK_ACCESS_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/infomaniak) |
|
||||
| [Internet.bs](https://internetbs.net) | `internetbs` | `INTERNET_BS_API_KEY`, `INTERNET_BS_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/internetbs) |
|
||||
| [INWX](https://www.inwx.de/en) | `inwx` | `INWX_USERNAME`, `INWX_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/inwx) |
|
||||
| [ionos](https://ionos.com/) | `ionos` | `IONOS_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/ionos) |
|
||||
| [Joker.com](https://joker.com) | `joker` | `JOKER_API_MODE` with `JOKER_API_KEY` or `JOKER_USERNAME`, `JOKER_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/joker) |
|
||||
@@ -333,28 +338,28 @@ For complete details, refer to your provider's _Additional configuration_ link.
|
||||
| [Liquid Web](https://www.liquidweb.com/) | `liquidweb` | `LIQUID_WEB_PASSWORD`, `LIQUID_WEB_USERNAME`, `LIQUID_WEB_ZONE` | [Additional configuration](https://go-acme.github.io/lego/dns/liquidweb) |
|
||||
| [Loopia](https://loopia.com/) | `loopia` | `LOOPIA_API_PASSWORD`, `LOOPIA_API_USER` | [Additional configuration](https://go-acme.github.io/lego/dns/loopia) |
|
||||
| [LuaDNS](https://luadns.com) | `luadns` | `LUADNS_API_USERNAME`, `LUADNS_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/luadns) |
|
||||
| manual | `manual` | none, but you need to run Traefik interactively [^4], turn on debug log to see instructions and press <kbd>Enter</kbd>. | |
|
||||
| [MyDNS.jp](https://www.mydns.jp/) | `mydnsjp` | `MYDNSJP_MASTER_ID`, `MYDNSJP_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/mydnsjp) |
|
||||
| [Mythic Beasts](https://www.mythic-beasts.com) | `mythicbeasts` | `MYTHICBEASTS_USER_NAME`, `MYTHICBEASTS_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/mythicbeasts) |
|
||||
| [Namecheap](https://www.namecheap.com) | `namecheap` | `NAMECHEAP_API_USER`, `NAMECHEAP_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/namecheap) |
|
||||
| [name.com](https://www.name.com/) | `namedotcom` | `NAMECOM_USERNAME`, `NAMECOM_API_TOKEN`, `NAMECOM_SERVER` | [Additional configuration](https://go-acme.github.io/lego/dns/namedotcom) |
|
||||
| [Namecheap](https://www.namecheap.com) | `namecheap` | `NAMECHEAP_API_USER`, `NAMECHEAP_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/namecheap) |
|
||||
| [Namesilo](https://www.namesilo.com/) | `namesilo` | `NAMESILO_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/namesilo) |
|
||||
| [Netcup](https://www.netcup.eu/) | `netcup` | `NETCUP_CUSTOMER_NUMBER`, `NETCUP_API_KEY`, `NETCUP_API_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/netcup) |
|
||||
| [Netlify](https://www.netlify.com) | `netlify` | `NETLIFY_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/netlify) |
|
||||
| [Nicmanager](https://www.nicmanager.com) | `nicmanager` | `NICMANAGER_API_EMAIL`, `NICMANAGER_API_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/nicmanager) |
|
||||
| [NIFCloud](https://cloud.nifty.com/service/dns.htm) | `nifcloud` | `NIFCLOUD_ACCESS_KEY_ID`, `NIFCLOUD_SECRET_ACCESS_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/nifcloud) |
|
||||
| [Njalla](https://njal.la) | `njalla` | `NJALLA_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/njalla) |
|
||||
| [NS1](https://ns1.com/) | `ns1` | `NS1_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/ns1) |
|
||||
| [Open Telekom Cloud](https://cloud.telekom.de) | `otc` | `OTC_DOMAIN_NAME`, `OTC_USER_NAME`, `OTC_PASSWORD`, `OTC_PROJECT_NAME`, `OTC_IDENTITY_ENDPOINT` | [Additional configuration](https://go-acme.github.io/lego/dns/otc) |
|
||||
| [OVH](https://www.ovh.com) | `ovh` | `OVH_ENDPOINT`, `OVH_APPLICATION_KEY`, `OVH_APPLICATION_SECRET`, `OVH_CONSUMER_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/ovh) |
|
||||
| [Openstack Designate](https://docs.openstack.org/designate) | `designate` | `OS_AUTH_URL`, `OS_USERNAME`, `OS_PASSWORD`, `OS_TENANT_NAME`, `OS_REGION_NAME` | [Additional configuration](https://go-acme.github.io/lego/dns/designate) |
|
||||
| [Oracle Cloud](https://cloud.oracle.com/home) | `oraclecloud` | `OCI_COMPARTMENT_OCID`, `OCI_PRIVKEY_FILE`, `OCI_PRIVKEY_PASS`, `OCI_PUBKEY_FINGERPRINT`, `OCI_REGION`, `OCI_TENANCY_OCID`, `OCI_USER_OCID` | [Additional configuration](https://go-acme.github.io/lego/dns/oraclecloud) |
|
||||
| [OVH](https://www.ovh.com) | `ovh` | `OVH_ENDPOINT`, `OVH_APPLICATION_KEY`, `OVH_APPLICATION_SECRET`, `OVH_CONSUMER_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/ovh) |
|
||||
| [Porkbun](https://porkbun.com/) | `porkbun` | `PORKBUN_SECRET_API_KEY`, `PORKBUN_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/porkbun) |
|
||||
| [PowerDNS](https://www.powerdns.com) | `pdns` | `PDNS_API_KEY`, `PDNS_API_URL` | [Additional configuration](https://go-acme.github.io/lego/dns/pdns) |
|
||||
| [Rackspace](https://www.rackspace.com/cloud/dns) | `rackspace` | `RACKSPACE_USER`, `RACKSPACE_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/rackspace) |
|
||||
| [reg.ru](https://www.reg.ru) | `regru` | `REGRU_USERNAME`, `REGRU_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/regru) |
|
||||
| [RFC2136](https://tools.ietf.org/html/rfc2136) | `rfc2136` | `RFC2136_TSIG_KEY`, `RFC2136_TSIG_SECRET`, `RFC2136_TSIG_ALGORITHM`, `RFC2136_NAMESERVER` | [Additional configuration](https://go-acme.github.io/lego/dns/rfc2136) |
|
||||
| [Route 53](https://aws.amazon.com/route53/) | `route53` | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `[AWS_REGION]`, `[AWS_HOSTED_ZONE_ID]` or a configured user/instance IAM profile. | [Additional configuration](https://go-acme.github.io/lego/dns/route53) |
|
||||
| [RimuHosting](https://rimuhosting.com) | `rimuhosting` | `RIMUHOSTING_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/rimuhosting) |
|
||||
| [Route 53](https://aws.amazon.com/route53/) | `route53` | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `[AWS_REGION]`, `[AWS_HOSTED_ZONE_ID]` or a configured user/instance IAM profile. | [Additional configuration](https://go-acme.github.io/lego/dns/route53) |
|
||||
| [Sakura Cloud](https://cloud.sakura.ad.jp/) | `sakuracloud` | `SAKURACLOUD_ACCESS_TOKEN`, `SAKURACLOUD_ACCESS_TOKEN_SECRET` | [Additional configuration](https://go-acme.github.io/lego/dns/sakuracloud) |
|
||||
| [Scaleway](https://www.scaleway.com) | `scaleway` | `SCALEWAY_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/scaleway) |
|
||||
| [Selectel](https://selectel.ru/en/) | `selectel` | `SELECTEL_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/selectel) |
|
||||
@@ -362,7 +367,9 @@ For complete details, refer to your provider's _Additional configuration_ link.
|
||||
| [Simply.com](https://www.simply.com/en/domains/) | `simply` | `SIMPLY_ACCOUNT_NAME`, `SIMPLY_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/simply) |
|
||||
| [Sonic](https://www.sonic.com/) | `sonic` | `SONIC_USER_ID`, `SONIC_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/sonic) |
|
||||
| [Stackpath](https://www.stackpath.com/) | `stackpath` | `STACKPATH_CLIENT_ID`, `STACKPATH_CLIENT_SECRET`, `STACKPATH_STACK_ID` | [Additional configuration](https://go-acme.github.io/lego/dns/stackpath) |
|
||||
| [Tencent Cloud DNS](https://cloud.tencent.com/product/cns) | `tencentcloud` | `TENCENTCLOUD_SECRET_ID`, `TENCENTCLOUD_SECRET_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/tencentcloud) |
|
||||
| [TransIP](https://www.transip.nl/) | `transip` | `TRANSIP_ACCOUNT_NAME`, `TRANSIP_PRIVATE_KEY_PATH` | [Additional configuration](https://go-acme.github.io/lego/dns/transip) |
|
||||
| [UKFast SafeDNS](https://www.ukfast.co.uk/dns-hosting.html) | `safedns` | `SAFEDNS_AUTH_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/safedns) |
|
||||
| [VegaDNS](https://github.com/shupp/VegaDNS-API) | `vegadns` | `SECRET_VEGADNS_KEY`, `SECRET_VEGADNS_SECRET`, `VEGADNS_URL` | [Additional configuration](https://go-acme.github.io/lego/dns/vegadns) |
|
||||
| [Versio](https://www.versio.nl/domeinnamen) | `versio` | `VERSIO_USERNAME`, `VERSIO_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/versio) |
|
||||
| [VinylDNS](https://www.vinyldns.io) | `vinyldns` | `VINYLDNS_ACCESS_KEY`, `VINYLDNS_SECRET_KEY`, `VINYLDNS_HOST` | [Additional configuration](https://go-acme.github.io/lego/dns/vinyldns) |
|
||||
@@ -372,6 +379,9 @@ For complete details, refer to your provider's _Additional configuration_ link.
|
||||
| [Yandex](https://yandex.com) | `yandex` | `YANDEX_PDD_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/yandex) |
|
||||
| [Zone.ee](https://www.zone.ee) | `zoneee` | `ZONEEE_API_USER`, `ZONEEE_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/zoneee) |
|
||||
| [Zonomi](https://zonomi.com) | `zonomi` | `ZONOMI_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/zonomi) |
|
||||
| External Program | `exec` | `EXEC_PATH` | [Additional configuration](https://go-acme.github.io/lego/dns/exec) |
|
||||
| HTTP request | `httpreq` | `HTTPREQ_ENDPOINT`, `HTTPREQ_MODE`, `HTTPREQ_USERNAME`, `HTTPREQ_PASSWORD` [^1] | [Additional configuration](https://go-acme.github.io/lego/dns/httpreq) |
|
||||
| manual | `manual` | none, but you need to run Traefik interactively [^4], turn on debug log to see instructions and press <kbd>Enter</kbd>. | |
|
||||
|
||||
[^1]: more information about the HTTP message format can be found [here](https://go-acme.github.io/lego/dns/httpreq/)
|
||||
[^2]: [providing_credentials_to_your_application](https://cloud.google.com/docs/authentication/production)
|
||||
@@ -552,7 +562,7 @@ certificatesResolvers:
|
||||
|
||||
```bash tab="CLI"
|
||||
# ...
|
||||
--certificatesresolvers.myresolver.acme.preferredChain="ISRG Root X1"
|
||||
--certificatesresolvers.myresolver.acme.preferredChain=ISRG Root X1
|
||||
# ...
|
||||
```
|
||||
|
||||
@@ -580,7 +590,7 @@ certificatesResolvers:
|
||||
|
||||
```bash tab="CLI"
|
||||
# ...
|
||||
--certificatesresolvers.myresolver.acme.keyType="RSA4096"
|
||||
--certificatesresolvers.myresolver.acme.keyType=RSA4096
|
||||
# ...
|
||||
```
|
||||
|
||||
|
||||
@@ -91,9 +91,11 @@ The `users` option is an array of authorized users. Each user must be declared u
|
||||
```yaml tab="Docker"
|
||||
# Declaring the user list
|
||||
#
|
||||
# Note: all dollar signs in the hash need to be doubled for escaping.
|
||||
# Note: when used in docker-compose.yml all dollar signs in the hash need to be doubled for escaping.
|
||||
# To create a user:password pair, the following command can be used:
|
||||
# echo $(htpasswd -nb user password) | sed -e s/\\$/\\$\\$/g
|
||||
#
|
||||
# Also note that dollar signs should NOT be doubled when they not evaluated (e.g. Ansible docker_container module).
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
|
||||
```
|
||||
|
||||
@@ -8,6 +8,7 @@ It Has Never Been Easier to Say That Something Went Wrong
|
||||
The ErrorPage middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes.
|
||||
|
||||
!!! important
|
||||
|
||||
The error page itself is _not_ hosted by Traefik.
|
||||
|
||||
## Configuration Examples
|
||||
@@ -112,6 +113,11 @@ The service that will serve the new requested error page.
|
||||
|
||||
In Kubernetes, you need to reference a Kubernetes Service instead of a Traefik service.
|
||||
|
||||
!!! info "Host Header"
|
||||
|
||||
By default, the client `Host` header value is forwarded to the configured error [service](#service).
|
||||
To forward the `Host` value corresponding to the configured error service URL, the [passHostHeader](../../../routing/services/#pass-host-header) option must be set to `false`.
|
||||
|
||||
### `query`
|
||||
|
||||
The URL for the error page (hosted by `service`). You can use the `{status}` variable in the `query` option in order to insert the status code in the URL.
|
||||
|
||||
@@ -284,6 +284,12 @@ http:
|
||||
authResponseHeadersRegex = "^X-"
|
||||
```
|
||||
|
||||
!!! tip
|
||||
|
||||
Regular expressions and replacements can be tested using online tools such as [Go Playground](https://play.golang.org/p/mWU9p-wk2ru) or the [Regex101](https://regex101.com/r/58sIgx/2).
|
||||
|
||||
When defining a regular expression within YAML, any escaped character needs to be escaped twice: `example\.com` needs to be written as `example\\.com`.
|
||||
|
||||
### `authRequestHeaders`
|
||||
|
||||
The `authRequestHeaders` option is the list of the headers to copy from the request to the authentication server.
|
||||
@@ -343,11 +349,16 @@ http:
|
||||
|
||||
### `tls`
|
||||
|
||||
The `tls` option is the TLS configuration from Traefik to the authentication server.
|
||||
_Optional_
|
||||
|
||||
#### `tls.ca`
|
||||
Defines the TLS configuration used for the secure connection to the authentication server.
|
||||
|
||||
Certificate Authority used for the secured connection to the authentication server.
|
||||
#### `ca`
|
||||
|
||||
_Optional_
|
||||
|
||||
`ca` is the path to the certificate authority used for the secured connection to the authentication server,
|
||||
it defaults to the system bundle.
|
||||
|
||||
```yaml tab="Docker"
|
||||
labels:
|
||||
@@ -410,13 +421,15 @@ http:
|
||||
ca = "path/to/local.crt"
|
||||
```
|
||||
|
||||
#### `tls.caOptional`
|
||||
#### `caOptional`
|
||||
|
||||
The value of `tls.caOptional` defines which policy should be used for the secure connection with TLS Client Authentication to the authentication server.
|
||||
_Optional_
|
||||
|
||||
The value of `caOptional` defines which policy should be used for the secure connection with TLS Client Authentication to the authentication server.
|
||||
|
||||
!!! warning ""
|
||||
|
||||
If `tls.ca` is undefined, this option will be ignored, and no client certificate will be requested during the handshake. Any provided certificate will thus never be verified.
|
||||
If `ca` is undefined, this option will be ignored, and no client certificate will be requested during the handshake. Any provided certificate will thus never be verified.
|
||||
|
||||
When this option is set to `true`, a client certificate is requested during the handshake but is not required. If a certificate is sent, it is required to be valid.
|
||||
|
||||
@@ -472,9 +485,12 @@ http:
|
||||
caOptional = true
|
||||
```
|
||||
|
||||
#### `tls.cert`
|
||||
#### `cert`
|
||||
|
||||
The public certificate used for the secure connection to the authentication server.
|
||||
_Optional_
|
||||
|
||||
`cert` is the path to the public certificate used for the secure connection to the authentication server.
|
||||
When using this option, setting the `key` option is required.
|
||||
|
||||
```yaml tab="Docker"
|
||||
labels:
|
||||
@@ -547,9 +563,12 @@ http:
|
||||
|
||||
For security reasons, the field does not exist for Kubernetes IngressRoute, and one should use the `secret` field instead.
|
||||
|
||||
#### `tls.key`
|
||||
#### `key`
|
||||
|
||||
The private certificate used for the secure connection to the authentication server.
|
||||
_Optional_
|
||||
|
||||
`key` is the path to the private key used for the secure connection to the authentication server.
|
||||
When using this option, setting the `cert` option is required.
|
||||
|
||||
```yaml tab="Docker"
|
||||
labels:
|
||||
@@ -622,7 +641,9 @@ http:
|
||||
|
||||
For security reasons, the field does not exist for Kubernetes IngressRoute, and one should use the `secret` field instead.
|
||||
|
||||
#### `tls.insecureSkipVerify`
|
||||
#### `insecureSkipVerify`
|
||||
|
||||
_Optional, Default=false_
|
||||
|
||||
If `insecureSkipVerify` is `true`, the TLS connection to the authentication server accepts any certificate presented by the server regardless of the hostnames it covers.
|
||||
|
||||
|
||||
@@ -7,6 +7,8 @@ Managing Request/Response headers
|
||||
|
||||
The Headers middleware manages the headers of requests and responses.
|
||||
|
||||
A set of forwarded headers are automatically added by default. See the [FAQ](../../getting-started/faq.md#what-are-the-forwarded-headers-when-proxying-http-requests) for more information.
|
||||
|
||||
## Configuration Examples
|
||||
|
||||
### Adding Headers to the Request and the Response
|
||||
@@ -331,7 +333,9 @@ It allows all origins that contain any match of a regular expression in the `acc
|
||||
|
||||
!!! tip
|
||||
|
||||
Regular expressions can be tested using online tools such as [Go Playground](https://play.golang.org/p/mWU9p-wk2ru) or the [Regex101](https://regex101.com/r/58sIgx/2).
|
||||
Regular expressions and replacements can be tested using online tools such as [Go Playground](https://play.golang.org/p/mWU9p-wk2ru) or the [Regex101](https://regex101.com/r/58sIgx/2).
|
||||
|
||||
When defining a regular expression within YAML, any escaped character needs to be escaped twice: `example\.com` needs to be written as `example\\.com`.
|
||||
|
||||
### `accessControlExposeHeaders`
|
||||
|
||||
|
||||
@@ -115,7 +115,7 @@ http:
|
||||
### `sourceCriterion`
|
||||
|
||||
The `sourceCriterion` option defines what criterion is used to group requests as originating from a common source.
|
||||
The precedence order is `ipStrategy`, then `requestHeaderName`, then `requestHost`.
|
||||
If several strategies are defined at the same time, an error will be raised.
|
||||
If none are set, the default is to use the `requestHost`.
|
||||
|
||||
#### `sourceCriterion.ipStrategy`
|
||||
|
||||
@@ -84,7 +84,7 @@ labels:
|
||||
# As TOML Configuration File
|
||||
[http.routers]
|
||||
[http.routers.router1]
|
||||
service = "myService"
|
||||
service = "service1"
|
||||
middlewares = ["foo-add-prefix"]
|
||||
rule = "Host(`example.com`)"
|
||||
|
||||
@@ -105,7 +105,7 @@ labels:
|
||||
http:
|
||||
routers:
|
||||
router1:
|
||||
service: myService
|
||||
service: service1
|
||||
middlewares:
|
||||
- "foo-add-prefix"
|
||||
rule: "Host(`example.com`)"
|
||||
|
||||
@@ -23,7 +23,7 @@ labels:
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: addprefix
|
||||
name: test-passtlsclientcert
|
||||
spec:
|
||||
passTLSClientCert:
|
||||
pem: true
|
||||
|
||||
@@ -250,7 +250,7 @@ http:
|
||||
### `sourceCriterion`
|
||||
|
||||
The `sourceCriterion` option defines what criterion is used to group requests as originating from a common source.
|
||||
The precedence order is `ipStrategy`, then `requestHeaderName`, then `requestHost`.
|
||||
If several strategies are defined at the same time, an error will be raised.
|
||||
If none are set, the default is to use the request's remote address field (as an `ipStrategy`).
|
||||
|
||||
#### `sourceCriterion.ipStrategy`
|
||||
|
||||
@@ -73,10 +73,6 @@ http:
|
||||
|
||||
## Configuration Options
|
||||
|
||||
!!! tip
|
||||
|
||||
Regular expressions and replacements can be tested using online tools such as [Go Playground](https://play.golang.org/p/mWU9p-wk2ru) or the [Regex101](https://regex101.com/r/58sIgx/2).
|
||||
|
||||
### `permanent`
|
||||
|
||||
Set the `permanent` option to `true` to apply a permanent redirection.
|
||||
@@ -85,6 +81,12 @@ Set the `permanent` option to `true` to apply a permanent redirection.
|
||||
|
||||
The `regex` option is the regular expression to match and capture elements from the request URL.
|
||||
|
||||
!!! tip
|
||||
|
||||
Regular expressions and replacements can be tested using online tools such as [Go Playground](https://play.golang.org/p/mWU9p-wk2ru) or the [Regex101](https://regex101.com/r/58sIgx/2).
|
||||
|
||||
When defining a regular expression within YAML, any escaped character needs to be escaped twice: `example\.com` needs to be written as `example\\.com`.
|
||||
|
||||
### `replacement`
|
||||
|
||||
The `replacement` option defines how to modify the URL to have the new target URL.
|
||||
|
||||
@@ -79,7 +79,9 @@ The ReplacePathRegex middleware will:
|
||||
|
||||
!!! tip
|
||||
|
||||
Regular expressions and replacements can be tested using online tools such as [Go Playground](https://play.golang.org/p/mWU9p-wk2ru) or [Regex101](https://regex101.com/r/58sIgx/2).
|
||||
Regular expressions and replacements can be tested using online tools such as [Go Playground](https://play.golang.org/p/mWU9p-wk2ru) or the [Regex101](https://regex101.com/r/58sIgx/2).
|
||||
|
||||
When defining a regular expression within YAML, any escaped character needs to be escaped twice: `example\.com` needs to be written as `example\\.com`.
|
||||
|
||||
### `regex`
|
||||
|
||||
|
||||
@@ -67,11 +67,13 @@ The StripPrefixRegex middleware strips the matching path prefix and stores it in
|
||||
|
||||
The `regex` option is the regular expression to match the path prefix from the request URL.
|
||||
|
||||
!!! tip
|
||||
|
||||
Regular expressions can be tested using online tools such as [Go Playground](https://play.golang.org/p/mWU9p-wk2ru) or the [Regex101](https://regex101.com/r/58sIgx/2).
|
||||
|
||||
For instance, `/products` also matches `/products/shoes` and `/products/shirts`.
|
||||
|
||||
If your backend is serving assets (e.g., images or JavaScript files), it can use the `X-Forwarded-Prefix` header to properly construct relative URLs.
|
||||
Using the previous example, the backend should return `/products/shoes/image.png` (and not `/images.png`, which Traefik would likely not be able to associate with the same backend).
|
||||
|
||||
!!! tip
|
||||
|
||||
Regular expressions and replacements can be tested using online tools such as [Go Playground](https://play.golang.org/p/mWU9p-wk2ru) or the [Regex101](https://regex101.com/r/58sIgx/2).
|
||||
|
||||
When defining a regular expression within YAML, any escaped character needs to be escaped twice: `example\.com` needs to be written as `example\\.com`.
|
||||
|
||||
@@ -51,7 +51,7 @@ labels:
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
# Accepts request from defined IP
|
||||
http:
|
||||
tcp:
|
||||
middlewares:
|
||||
test-ipwhitelist:
|
||||
ipWhiteList:
|
||||
|
||||
@@ -179,7 +179,7 @@ To enable HTTPS, it is not sufficient anymore to only rely on a TLS section in t
|
||||
|
||||
#### Expose an Ingress on 80 and 443
|
||||
|
||||
Define the default TLS configuration on the HTTPS entry point.
|
||||
Define the default TLS configuration on the HTTPS entry point.
|
||||
|
||||
```yaml tab="Ingress"
|
||||
kind: Ingress
|
||||
@@ -335,7 +335,7 @@ The file parser has been changed, since v2.3 the unknown options/fields in a dyn
|
||||
### IngressClass
|
||||
|
||||
In `v2.3`, the support of `IngressClass`, which is available since Kubernetes version `1.18`, has been introduced.
|
||||
In order to be able to use this new resource the [Kubernetes RBAC](../reference/dynamic-configuration/kubernetes-crd.md#rbac) must be updated.
|
||||
In order to be able to use this new resource the [Kubernetes RBAC](../reference/dynamic-configuration/kubernetes-crd.md#rbac) must be updated.
|
||||
|
||||
## v2.3 to v2.4
|
||||
|
||||
@@ -350,7 +350,7 @@ It is therefore necessary to update [RBAC](../reference/dynamic-configuration/ku
|
||||
|
||||
In `v2.4.8`, we introduced a new check on domain names used in HTTP router rule `Host` and `HostRegexp` expressions,
|
||||
and in TCP router rule `HostSNI` expression.
|
||||
This check ensures that provided domain names don't contain non-ASCII characters.
|
||||
This check ensures that provided domain names don't contain non-ASCII characters.
|
||||
If not, an error is raised, and the associated router will be shown as invalid in the dashboard.
|
||||
|
||||
This new behavior is intended to show what was failing silently previously and to help troubleshooting configuration issues.
|
||||
@@ -380,8 +380,8 @@ To allow it, the `allowExternalNameServices` option should be set to `true`.
|
||||
|
||||
### Kubernetes CRD
|
||||
|
||||
In `v2.5`, the [Traefik CRDs](../reference/dynamic-configuration/kubernetes-crd.md#definitions) have been updated to support the new API version `apiextensions.k8s.io/v1`.
|
||||
As required by `apiextensions.k8s.io/v1`, we have included the OpenAPI validation schema.
|
||||
In `v2.5`, the [Traefik CRDs](../reference/dynamic-configuration/kubernetes-crd.md#definitions) have been updated to support the new API version `apiextensions.k8s.io/v1`.
|
||||
As required by `apiextensions.k8s.io/v1`, we have included the OpenAPI validation schema.
|
||||
|
||||
After deploying the new [Traefik CRDs](../reference/dynamic-configuration/kubernetes-crd.md#definitions), the resources will be validated only on creation or update.
|
||||
|
||||
@@ -415,3 +415,11 @@ For more advanced use cases, you can use either the [RedirectScheme middleware](
|
||||
Following up on the deprecation started [previously](#x509-commonname-deprecation),
|
||||
as the `x509ignoreCN=0` value for the `GODEBUG` is [deprecated in Go 1.17](https://tip.golang.org/doc/go1.17#crypto/x509),
|
||||
the legacy behavior related to the CommonName field can not be enabled at all anymore.
|
||||
|
||||
## v2.5.3 to v2.5.4
|
||||
|
||||
### Errors middleware
|
||||
|
||||
In `v2.5.4`, when the errors service is configured with the [`PassHostHeader`](../routing/services/index.md#pass-host-header) option to `true` (default),
|
||||
the forwarded Host header value is now set to the client request Host value and not `0.0.0.0`.
|
||||
Check out the [Errors middleware](../middlewares/http/errorpages.md#service) documentation for more details.
|
||||
|
||||
@@ -247,7 +247,7 @@ version: "3.7"
|
||||
|
||||
services:
|
||||
traefik:
|
||||
image: traefik:v2.2
|
||||
image: traefik:v2.5
|
||||
environment:
|
||||
- TZ=US/Alaska
|
||||
command:
|
||||
|
||||
@@ -59,7 +59,7 @@ metrics:
|
||||
```bash tab="CLI"
|
||||
--metrics.datadog.addEntryPointsLabels=true
|
||||
```
|
||||
#### `AddRoutersLabels`
|
||||
#### `addRoutersLabels`
|
||||
|
||||
_Optional, Default=false_
|
||||
|
||||
|
||||
@@ -170,7 +170,7 @@ metrics:
|
||||
--metrics.influxdb.addEntryPointsLabels=true
|
||||
```
|
||||
|
||||
#### `AddRoutersLabels`
|
||||
#### `addRoutersLabels`
|
||||
|
||||
_Optional, Default=false_
|
||||
|
||||
|
||||
@@ -7,22 +7,6 @@ Traefik supports 4 metrics backends:
|
||||
- [Prometheus](./prometheus.md)
|
||||
- [StatsD](./statsd.md)
|
||||
|
||||
## Configuration
|
||||
|
||||
To enable metrics:
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
metrics: {}
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
[metrics]
|
||||
```
|
||||
|
||||
```bash tab="CLI"
|
||||
--metrics=true
|
||||
```
|
||||
|
||||
## Server Metrics
|
||||
|
||||
| Metric | DataDog | InfluxDB | Prometheus | StatsD |
|
||||
@@ -39,7 +23,7 @@ The total count of configuration reloads.
|
||||
config.reload.total
|
||||
```
|
||||
|
||||
```influxdb tab="InfluDB"
|
||||
```influxdb tab="InfluxDB"
|
||||
traefik.config.reload.total
|
||||
```
|
||||
|
||||
@@ -59,7 +43,7 @@ The total count of configuration reload failures.
|
||||
config.reload.total (with tag "failure" to true)
|
||||
```
|
||||
|
||||
```influxdb tab="InfluDB"
|
||||
```influxdb tab="InfluxDB"
|
||||
traefik.config.reload.total.failure
|
||||
```
|
||||
|
||||
@@ -79,7 +63,7 @@ The timestamp of the last configuration reload success.
|
||||
config.reload.lastSuccessTimestamp
|
||||
```
|
||||
|
||||
```influxdb tab="InfluDB"
|
||||
```influxdb tab="InfluxDB"
|
||||
traefik.config.reload.lastSuccessTimestamp
|
||||
```
|
||||
|
||||
@@ -99,7 +83,7 @@ The timestamp of the last configuration reload failure.
|
||||
config.reload.lastFailureTimestamp
|
||||
```
|
||||
|
||||
```influxdb tab="InfluDB"
|
||||
```influxdb tab="InfluxDB"
|
||||
traefik.config.reload.lastFailureTimestamp
|
||||
```
|
||||
|
||||
@@ -130,7 +114,7 @@ Available labels: `code`, `method`, `protocol`, `entrypoint`.
|
||||
entrypoint.request.total
|
||||
```
|
||||
|
||||
```influxdb tab="InfluDB"
|
||||
```influxdb tab="InfluxDB"
|
||||
traefik.entrypoint.requests.total
|
||||
```
|
||||
|
||||
@@ -161,7 +145,7 @@ Available labels: `code`, `method`, `protocol`, `entrypoint`.
|
||||
entrypoint.request.duration
|
||||
```
|
||||
|
||||
```influxdb tab="InfluDB"
|
||||
```influxdb tab="InfluxDB"
|
||||
traefik.entrypoint.request.duration
|
||||
```
|
||||
|
||||
@@ -183,7 +167,7 @@ Available labels: `method`, `protocol`, `entrypoint`.
|
||||
entrypoint.connections.open
|
||||
```
|
||||
|
||||
```influxdb tab="InfluDB"
|
||||
```influxdb tab="InfluxDB"
|
||||
traefik.entrypoint.connections.open
|
||||
```
|
||||
|
||||
@@ -216,7 +200,7 @@ Available labels: `code`, `method`, `protocol`, `service`.
|
||||
service.request.total
|
||||
```
|
||||
|
||||
```influxdb tab="InfluDB"
|
||||
```influxdb tab="InfluxDB"
|
||||
traefik.service.requests.total
|
||||
```
|
||||
|
||||
@@ -247,7 +231,7 @@ Available labels: `code`, `method`, `protocol`, `service`.
|
||||
service.request.duration
|
||||
```
|
||||
|
||||
```influxdb tab="InfluDB"
|
||||
```influxdb tab="InfluxDB"
|
||||
traefik.service.request.duration
|
||||
```
|
||||
|
||||
@@ -269,7 +253,7 @@ Available labels: `method`, `protocol`, `service`.
|
||||
service.connections.open
|
||||
```
|
||||
|
||||
```influxdb tab="InfluDB"
|
||||
```influxdb tab="InfluxDB"
|
||||
traefik.service.connections.open
|
||||
```
|
||||
|
||||
@@ -291,7 +275,7 @@ Available labels: `service`.
|
||||
service.retries.total
|
||||
```
|
||||
|
||||
```influxdb tab="InfluDB"
|
||||
```influxdb tab="InfluxDB"
|
||||
traefik.service.retries.total
|
||||
```
|
||||
|
||||
@@ -313,7 +297,7 @@ Available labels: `service`, `url`.
|
||||
service.server.up
|
||||
```
|
||||
|
||||
```influxdb tab="InfluDB"
|
||||
```influxdb tab="InfluxDB"
|
||||
traefik.service.server.up
|
||||
```
|
||||
|
||||
|
||||
@@ -64,7 +64,7 @@ metrics:
|
||||
--metrics.prometheus.addEntryPointsLabels=true
|
||||
```
|
||||
|
||||
#### `AddRoutersLabels`
|
||||
#### `addRoutersLabels`
|
||||
|
||||
_Optional, Default=false_
|
||||
|
||||
|
||||
@@ -60,7 +60,7 @@ metrics:
|
||||
--metrics.statsd.addEntryPointsLabels=true
|
||||
```
|
||||
|
||||
#### `AddRoutersLabels`
|
||||
#### `addRoutersLabels`
|
||||
|
||||
_Optional, Default=false_
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# Datadog
|
||||
|
||||
To enable the Datadog:
|
||||
To enable the Datadog tracer:
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
tracing:
|
||||
@@ -20,7 +20,7 @@ tracing:
|
||||
|
||||
_Required, Default="127.0.0.1:8126"_
|
||||
|
||||
Local Agent Host Port instructs reporter to send spans to datadog-tracing-agent at this address.
|
||||
Local Agent Host Port instructs the reporter to send spans to the Datadog Agent at this address (host:port).
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
tracing:
|
||||
@@ -42,7 +42,7 @@ tracing:
|
||||
|
||||
_Optional, Default=false_
|
||||
|
||||
Enable Datadog debug.
|
||||
Enables Datadog debug.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
tracing:
|
||||
@@ -64,7 +64,7 @@ tracing:
|
||||
|
||||
_Optional, Default=empty_
|
||||
|
||||
Apply shared tag in a form of Key:Value to all the traces.
|
||||
Applies a shared key:value tag on all spans.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
tracing:
|
||||
@@ -86,7 +86,8 @@ tracing:
|
||||
|
||||
_Optional, Default=false_
|
||||
|
||||
Enable priority sampling. When using distributed tracing,
|
||||
Enables priority sampling.
|
||||
When using distributed tracing,
|
||||
this option must be enabled in order to get all the parts of a distributed trace sampled.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# Elastic
|
||||
|
||||
To enable the Elastic:
|
||||
To enable the Elastic tracer:
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
tracing:
|
||||
@@ -20,7 +20,7 @@ tracing:
|
||||
|
||||
_Optional, Default="http://localhost:8200"_
|
||||
|
||||
APM ServerURL is the URL of the Elastic APM server.
|
||||
URL of the Elastic APM server.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
tracing:
|
||||
@@ -42,7 +42,7 @@ tracing:
|
||||
|
||||
_Optional, Default=""_
|
||||
|
||||
APM Secret Token is the token used to connect to Elastic APM Server.
|
||||
Token used to connect to Elastic APM Server.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
tracing:
|
||||
@@ -64,7 +64,7 @@ tracing:
|
||||
|
||||
_Optional, Default=""_
|
||||
|
||||
APM Service Environment is the name of the environment Traefik is deployed in, e.g. `production` or `staging`.
|
||||
Environment's name where Traefik is deployed in, e.g. `production` or `staging`.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
tracing:
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# Haystack
|
||||
|
||||
To enable the Haystack:
|
||||
To enable the Haystack tracer:
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
tracing:
|
||||
@@ -18,9 +18,9 @@ tracing:
|
||||
|
||||
#### `localAgentHost`
|
||||
|
||||
_Require, Default="127.0.0.1"_
|
||||
_Required, Default="127.0.0.1"_
|
||||
|
||||
Local Agent Host instructs reporter to send spans to haystack-agent at this address.
|
||||
Local Agent Host instructs reporter to send spans to the Haystack Agent at this address.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
tracing:
|
||||
@@ -40,9 +40,9 @@ tracing:
|
||||
|
||||
#### `localAgentPort`
|
||||
|
||||
_Require, Default=35000_
|
||||
_Required, Default=35000_
|
||||
|
||||
Local Agent port instructs reporter to send spans to the haystack-agent at this port.
|
||||
Local Agent Port instructs reporter to send spans to the Haystack Agent at this port.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
tracing:
|
||||
@@ -64,7 +64,7 @@ tracing:
|
||||
|
||||
_Optional, Default=empty_
|
||||
|
||||
Apply shared tag in a form of Key:Value to all the traces.
|
||||
Applies shared key:value tag on all spans.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
tracing:
|
||||
@@ -86,7 +86,7 @@ tracing:
|
||||
|
||||
_Optional, Default=empty_
|
||||
|
||||
Specifies the header name that will be used to store the trace ID.
|
||||
Sets the header name used to store the trace ID.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
tracing:
|
||||
@@ -108,7 +108,7 @@ tracing:
|
||||
|
||||
_Optional, Default=empty_
|
||||
|
||||
Specifies the header name that will be used to store the parent ID.
|
||||
Sets the header name used to store the parent ID.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
tracing:
|
||||
@@ -130,7 +130,7 @@ tracing:
|
||||
|
||||
_Optional, Default=empty_
|
||||
|
||||
Specifies the header name that will be used to store the span ID.
|
||||
Sets the header name used to store the span ID.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
tracing:
|
||||
@@ -152,7 +152,7 @@ tracing:
|
||||
|
||||
_Optional, Default=empty_
|
||||
|
||||
Specifies the header name prefix that will be used to store baggage items in a map.
|
||||
Sets the header name prefix used to store baggage items in a map.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
tracing:
|
||||
@@ -166,7 +166,6 @@ tracing:
|
||||
baggagePrefixHeaderName = "sample"
|
||||
```
|
||||
|
||||
|
||||
```bash tab="CLI"
|
||||
--tracing.haystack.baggagePrefixHeaderName=sample
|
||||
```
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# Instana
|
||||
|
||||
To enable the Instana:
|
||||
To enable the Instana tracer:
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
tracing:
|
||||
@@ -18,9 +18,9 @@ tracing:
|
||||
|
||||
#### `localAgentHost`
|
||||
|
||||
_Require, Default="127.0.0.1"_
|
||||
_Required, Default="127.0.0.1"_
|
||||
|
||||
Local Agent Host instructs reporter to send spans to instana-agent at this address.
|
||||
Local Agent Host instructs reporter to send spans to the Instana Agent at this address.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
tracing:
|
||||
@@ -40,9 +40,9 @@ tracing:
|
||||
|
||||
#### `localAgentPort`
|
||||
|
||||
_Require, Default=42699_
|
||||
_Required, Default=42699_
|
||||
|
||||
Local Agent port instructs reporter to send spans to the instana-agent at this port.
|
||||
Local Agent port instructs reporter to send spans to the Instana Agent listening on this port.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
tracing:
|
||||
@@ -62,11 +62,11 @@ tracing:
|
||||
|
||||
#### `logLevel`
|
||||
|
||||
_Require, Default="info"_
|
||||
_Required, Default="info"_
|
||||
|
||||
Set Instana tracer log level.
|
||||
Sets Instana tracer log level.
|
||||
|
||||
Valid values for logLevel field are:
|
||||
Valid values are:
|
||||
|
||||
- `error`
|
||||
- `warn`
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# Jaeger
|
||||
|
||||
To enable the Jaeger:
|
||||
To enable the Jaeger tracer:
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
tracing:
|
||||
@@ -18,7 +18,7 @@ tracing:
|
||||
|
||||
!!! warning
|
||||
Traefik is able to send data over the compact thrift protocol to the [Jaeger agent](https://www.jaegertracing.io/docs/deployment/#agent)
|
||||
or a [Jaeger collector](https://www.jaegertracing.io/docs/deployment/#collectors).
|
||||
or a [Jaeger collector](https://www.jaegertracing.io/docs/deployment/#collector).
|
||||
|
||||
!!! info
|
||||
All Jaeger configuration can be overridden by [environment variables](https://github.com/jaegertracing/jaeger-client-go#environment-variables)
|
||||
@@ -27,7 +27,7 @@ tracing:
|
||||
|
||||
_Required, Default="http://localhost:5778/sampling"_
|
||||
|
||||
Sampling Server URL is the address of jaeger-agent's HTTP sampling server.
|
||||
Address of the Jaeger Agent HTTP sampling server.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
tracing:
|
||||
@@ -49,7 +49,13 @@ tracing:
|
||||
|
||||
_Required, Default="const"_
|
||||
|
||||
Sampling Type specifies the type of the sampler: `const`, `probabilistic`, `rateLimiting`.
|
||||
Type of the sampler.
|
||||
|
||||
Valid values are:
|
||||
|
||||
- `const`
|
||||
- `probabilistic`
|
||||
- `rateLimiting`
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
tracing:
|
||||
@@ -71,9 +77,9 @@ tracing:
|
||||
|
||||
_Required, Default=1.0_
|
||||
|
||||
Sampling Param is a value passed to the sampler.
|
||||
Value passed to the sampler.
|
||||
|
||||
Valid values for Param field are:
|
||||
Valid values are:
|
||||
|
||||
- for `const` sampler, 0 or 1 for always false/true respectively
|
||||
- for `probabilistic` sampler, a probability between 0 and 1
|
||||
@@ -99,7 +105,7 @@ tracing:
|
||||
|
||||
_Required, Default="127.0.0.1:6831"_
|
||||
|
||||
Local Agent Host Port instructs reporter to send spans to jaeger-agent at this address.
|
||||
Local Agent Host Port instructs the reporter to send spans to the Jaeger Agent at this address (host:port).
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
tracing:
|
||||
@@ -121,7 +127,7 @@ tracing:
|
||||
|
||||
_Optional, Default=false_
|
||||
|
||||
Generate 128-bit trace IDs, compatible with OpenCensus.
|
||||
Generates 128 bits trace IDs, compatible with OpenCensus.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
tracing:
|
||||
@@ -143,8 +149,9 @@ tracing:
|
||||
|
||||
_Required, Default="jaeger"_
|
||||
|
||||
Set the propagation header type.
|
||||
This can be either:
|
||||
Sets the propagation header type.
|
||||
|
||||
Valid values are:
|
||||
|
||||
- `jaeger`, jaeger's default trace header.
|
||||
- `b3`, compatible with OpenZipkin
|
||||
@@ -169,7 +176,7 @@ tracing:
|
||||
|
||||
_Required, Default="uber-trace-id"_
|
||||
|
||||
Trace Context Header Name is the http header name used to propagate tracing context.
|
||||
HTTP header name used to propagate tracing context.
|
||||
This must be in lower-case to avoid mismatches when decoding incoming headers.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
@@ -192,7 +199,7 @@ tracing:
|
||||
|
||||
_Optional, Default=true_
|
||||
|
||||
Disable the UDP connection helper that periodically re-resolves the agent's hostname and reconnects if there was a change.
|
||||
Disables the UDP connection helper that periodically re-resolves the agent's hostname and reconnects if there was a change.
|
||||
Enabling the re-resolving of UDP address make the client more robust in Kubernetes deployments.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
@@ -216,7 +223,7 @@ tracing:
|
||||
|
||||
_Optional, Default=""_
|
||||
|
||||
Collector Endpoint instructs reporter to send spans to jaeger-collector at this URL.
|
||||
Collector Endpoint instructs the reporter to send spans to the Jaeger Collector at this URL.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
tracing:
|
||||
@@ -239,7 +246,7 @@ tracing:
|
||||
|
||||
_Optional, Default=""_
|
||||
|
||||
User instructs reporter to include a user for basic http authentication when sending spans to jaeger-collector.
|
||||
User instructs the reporter to include a user for basic HTTP authentication when sending spans to the Jaeger Collector.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
tracing:
|
||||
@@ -262,7 +269,7 @@ tracing:
|
||||
|
||||
_Optional, Default=""_
|
||||
|
||||
Password instructs reporter to include a password for basic http authentication when sending spans to jaeger-collector.
|
||||
Password instructs the reporter to include a password for basic HTTP authentication when sending spans to the Jaeger Collector.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
tracing:
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# Zipkin
|
||||
|
||||
To enable the Zipkin:
|
||||
To enable the Zipkin tracer:
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
tracing:
|
||||
@@ -20,7 +20,7 @@ tracing:
|
||||
|
||||
_Required, Default="http://localhost:9411/api/v2/spans"_
|
||||
|
||||
Zipkin HTTP endpoint used to send data.
|
||||
HTTP endpoint used to send data.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
tracing:
|
||||
@@ -42,7 +42,7 @@ tracing:
|
||||
|
||||
_Optional, Default=false_
|
||||
|
||||
Use Zipkin SameSpan RPC style traces.
|
||||
Uses SameSpan RPC style traces.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
tracing:
|
||||
@@ -64,7 +64,7 @@ tracing:
|
||||
|
||||
_Optional, Default=true_
|
||||
|
||||
Use Zipkin 128 bit trace IDs.
|
||||
Uses 128 bits trace IDs.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
tracing:
|
||||
@@ -86,7 +86,7 @@ tracing:
|
||||
|
||||
_Required, Default=1.0_
|
||||
|
||||
The rate between 0.0 and 1.0 of requests to trace.
|
||||
The proportion of requests to trace, specified between 0.0 and 1.0.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
tracing:
|
||||
|
||||
@@ -147,9 +147,16 @@ All the following endpoints must be accessed with a `GET` HTTP request.
|
||||
| `/api/tcp/routers/{name}` | Returns the information of the TCP router specified by `name`. |
|
||||
| `/api/tcp/services` | Lists all the TCP services information. |
|
||||
| `/api/tcp/services/{name}` | Returns the information of the TCP service specified by `name`. |
|
||||
| `/api/tcp/middlewares` | Lists all the TCP middlewares information. |
|
||||
| `/api/tcp/middlewares/{name}` | Returns the information of the TCP middleware specified by `name`. |
|
||||
| `/api/udp/routers` | Lists all the UDP routers information. |
|
||||
| `/api/udp/routers/{name}` | Returns the information of the UDP router specified by `name`. |
|
||||
| `/api/udp/services` | Lists all the UDP services information. |
|
||||
| `/api/udp/services/{name}` | Returns the information of the UDP service specified by `name`. |
|
||||
| `/api/entrypoints` | Lists all the entry points information. |
|
||||
| `/api/entrypoints/{name}` | Returns the information of the entry point specified by `name`. |
|
||||
| `/api/overview` | Returns statistic information about http and tcp as well as enabled features and providers. |
|
||||
| `/api/rawdata` | Returns information about dynamic configurations, errors, status and dependency relations. |
|
||||
| `/api/version` | Returns information about Traefik version. |
|
||||
| `/debug/vars` | See the [expvar](https://golang.org/pkg/expvar/) Go documentation. |
|
||||
| `/debug/pprof/` | See the [pprof Index](https://golang.org/pkg/net/http/pprof/#Index) Go documentation. |
|
||||
|
||||
@@ -362,13 +362,14 @@ providers:
|
||||
|
||||
_Optional_
|
||||
|
||||
Defines TLS options for Consul server endpoint.
|
||||
Defines the TLS configuration used for the secure connection to Consul Catalog.
|
||||
|
||||
##### `ca`
|
||||
|
||||
_Optional_
|
||||
|
||||
`ca` is the path to the CA certificate used for Consul communication, defaults to the system bundle if not specified.
|
||||
`ca` is the path to the certificate authority used for the secure connection to Consul Catalog,
|
||||
it defaults to the system bundle.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
providers:
|
||||
@@ -391,11 +392,11 @@ providers:
|
||||
|
||||
_Optional_
|
||||
|
||||
The value of `tls.caOptional` defines which policy should be used for the secure connection with TLS Client Authentication to Consul.
|
||||
The value of `caOptional` defines which policy should be used for the secure connection with TLS Client Authentication to Consul Catalog.
|
||||
|
||||
!!! warning ""
|
||||
|
||||
If `tls.ca` is undefined, this option will be ignored, and no client certificate will be requested during the handshake. Any provided certificate will thus never be verified.
|
||||
If `ca` is undefined, this option will be ignored, and no client certificate will be requested during the handshake. Any provided certificate will thus never be verified.
|
||||
|
||||
When this option is set to `true`, a client certificate is requested during the handshake but is not required. If a certificate is sent, it is required to be valid.
|
||||
|
||||
@@ -422,8 +423,7 @@ providers:
|
||||
|
||||
_Optional_
|
||||
|
||||
`cert` is the path to the public certificate to use for Consul communication.
|
||||
|
||||
`cert` is the path to the public certificate used for the secure connection to Consul Catalog.
|
||||
When using this option, setting the `key` option is required.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
@@ -450,8 +450,7 @@ providers:
|
||||
|
||||
_Optional_
|
||||
|
||||
`key` is the path to the private key for Consul communication.
|
||||
|
||||
`key` is the path to the private key used for the secure connection to Consul Catalog.
|
||||
When using this option, setting the `cert` option is required.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
@@ -476,7 +475,7 @@ providers:
|
||||
|
||||
##### `insecureSkipVerify`
|
||||
|
||||
_Optional_
|
||||
_Optional, Default=false_
|
||||
|
||||
If `insecureSkipVerify` is `true`, the TLS connection to Consul accepts any certificate presented by the server regardless of the hostnames it covers.
|
||||
|
||||
@@ -531,8 +530,8 @@ _Optional, Default=```Host(`{{ normalize .Name }}`)```_
|
||||
The default host rule for all services.
|
||||
|
||||
For a given service, if no routing rule was defined by a tag, it is defined by this `defaultRule` instead.
|
||||
The `defaultRule` must be set to a valid [Go template](https://golang.org/pkg/text/template/),
|
||||
and can include [sprig template functions](http://masterminds.github.io/sprig/).
|
||||
The `defaultRule` must be set to a valid [Go template](https://pkg.go.dev/text/template/),
|
||||
and can include [sprig template functions](https://masterminds.github.io/sprig/).
|
||||
The service name can be accessed with the `Name` identifier,
|
||||
and the template has access to all the labels (i.e. tags beginning with the `prefix`) defined on this service.
|
||||
|
||||
|
||||
@@ -64,7 +64,7 @@ Defines a username to connect to Consul with.
|
||||
providers:
|
||||
consul:
|
||||
# ...
|
||||
usename: "foo"
|
||||
username: "foo"
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
@@ -104,9 +104,14 @@ providers:
|
||||
|
||||
_Optional_
|
||||
|
||||
#### `tls.ca`
|
||||
Defines the TLS configuration used for the secure connection to Consul.
|
||||
|
||||
Certificate Authority used for the secure connection to Consul.
|
||||
#### `ca`
|
||||
|
||||
_Optional_
|
||||
|
||||
`ca` is the path to the certificate authority used for the secure connection to Consul,
|
||||
it defaults to the system bundle.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
providers:
|
||||
@@ -124,13 +129,15 @@ providers:
|
||||
--providers.consul.tls.ca=path/to/ca.crt
|
||||
```
|
||||
|
||||
#### `tls.caOptional`
|
||||
#### `caOptional`
|
||||
|
||||
The value of `tls.caOptional` defines which policy should be used for the secure connection with TLS Client Authentication to Consul.
|
||||
_Optional_
|
||||
|
||||
The value of `caOptional` defines which policy should be used for the secure connection with TLS Client Authentication to Consul.
|
||||
|
||||
!!! warning ""
|
||||
|
||||
If `tls.ca` is undefined, this option will be ignored, and no client certificate will be requested during the handshake. Any provided certificate will thus never be verified.
|
||||
If `ca` is undefined, this option will be ignored, and no client certificate will be requested during the handshake. Any provided certificate will thus never be verified.
|
||||
|
||||
When this option is set to `true`, a client certificate is requested during the handshake but is not required. If a certificate is sent, it is required to be valid.
|
||||
|
||||
@@ -152,9 +159,12 @@ providers:
|
||||
--providers.consul.tls.caOptional=true
|
||||
```
|
||||
|
||||
#### `tls.cert`
|
||||
#### `cert`
|
||||
|
||||
Public certificate used for the secure connection to Consul.
|
||||
_Optional_
|
||||
|
||||
`cert` is the path to the public certificate used for the secure connection to Consul.
|
||||
When using this option, setting the `key` option is required.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
providers:
|
||||
@@ -175,9 +185,12 @@ providers:
|
||||
--providers.consul.tls.key=path/to/foo.key
|
||||
```
|
||||
|
||||
#### `tls.key`
|
||||
#### `key`
|
||||
|
||||
Private certificate used for the secure connection to Consul.
|
||||
_Optional_
|
||||
|
||||
`key` is the path to the private key used for the secure connection to Consul.
|
||||
When using this option, setting the `cert` option is required.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
providers:
|
||||
@@ -198,7 +211,9 @@ providers:
|
||||
--providers.consul.tls.key=path/to/foo.key
|
||||
```
|
||||
|
||||
#### `tls.insecureSkipVerify`
|
||||
#### `insecureSkipVerify`
|
||||
|
||||
_Optional, Default=false_
|
||||
|
||||
If `insecureSkipVerify` is `true`, the TLS connection to Consul accepts any certificate presented by the server regardless of the hostnames it covers.
|
||||
|
||||
|
||||
@@ -427,8 +427,8 @@ _Optional, Default=```Host(`{{ normalize .Name }}`)```_
|
||||
|
||||
The `defaultRule` option defines what routing rule to apply to a container if no rule is defined by a label.
|
||||
|
||||
It must be a valid [Go template](https://golang.org/pkg/text/template/), and can use
|
||||
[sprig template functions](http://masterminds.github.io/sprig/).
|
||||
It must be a valid [Go template](https://pkg.go.dev/text/template/), and can use
|
||||
[sprig template functions](https://masterminds.github.io/sprig/).
|
||||
The container service name can be accessed with the `Name` identifier,
|
||||
and the template has access to all the labels defined on this container.
|
||||
|
||||
@@ -613,9 +613,14 @@ providers:
|
||||
|
||||
_Optional_
|
||||
|
||||
#### `tls.ca`
|
||||
Defines the TLS configuration used for the secure connection to Docker.
|
||||
|
||||
Certificate Authority used for the secure connection to Docker.
|
||||
#### `ca`
|
||||
|
||||
_Optional_
|
||||
|
||||
`ca` is the path to the certificate authority used for the secure connection to Docker,
|
||||
it defaults to the system bundle.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
providers:
|
||||
@@ -633,13 +638,15 @@ providers:
|
||||
--providers.docker.tls.ca=path/to/ca.crt
|
||||
```
|
||||
|
||||
#### `tls.caOptional`
|
||||
#### `caOptional`
|
||||
|
||||
The value of `tls.caOptional` defines which policy should be used for the secure connection with TLS Client Authentication to Docker.
|
||||
_Optional_
|
||||
|
||||
The value of `caOptional` defines which policy should be used for the secure connection with TLS Client Authentication to Docker.
|
||||
|
||||
!!! warning ""
|
||||
|
||||
If `tls.ca` is undefined, this option will be ignored, and no client certificate will be requested during the handshake. Any provided certificate will thus never be verified.
|
||||
If `ca` is undefined, this option will be ignored, and no client certificate will be requested during the handshake. Any provided certificate will thus never be verified.
|
||||
|
||||
When this option is set to `true`, a client certificate is requested during the handshake but is not required. If a certificate is sent, it is required to be valid.
|
||||
|
||||
@@ -661,9 +668,10 @@ providers:
|
||||
--providers.docker.tls.caOptional=true
|
||||
```
|
||||
|
||||
#### `tls.cert`
|
||||
#### `cert`
|
||||
|
||||
Public certificate used for the secure connection to Docker.
|
||||
`cert` is the path to the public certificate used for the secure connection to Docker.
|
||||
When using this option, setting the `key` option is required.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
providers:
|
||||
@@ -684,9 +692,12 @@ providers:
|
||||
--providers.docker.tls.key=path/to/foo.key
|
||||
```
|
||||
|
||||
#### `tls.key`
|
||||
#### `key`
|
||||
|
||||
Private certificate used for the secure connection to Docker.
|
||||
_Optional_
|
||||
|
||||
`key` is the path to the private key used for the secure connection Docker.
|
||||
When using this option, setting the `cert` option is required.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
providers:
|
||||
@@ -707,7 +718,9 @@ providers:
|
||||
--providers.docker.tls.key=path/to/foo.key
|
||||
```
|
||||
|
||||
#### `tls.insecureSkipVerify`
|
||||
#### `insecureSkipVerify`
|
||||
|
||||
_Optional, Default=false_
|
||||
|
||||
If `insecureSkipVerify` is `true`, the TLS connection to Docker accepts any certificate presented by the server regardless of the hostnames it covers.
|
||||
|
||||
|
||||
@@ -138,8 +138,8 @@ _Optional, Default=```Host(`{{ normalize .Name }}`)```_
|
||||
|
||||
The `defaultRule` option defines what routing rule to apply to a container if no rule is defined by a label.
|
||||
|
||||
It must be a valid [Go template](https://golang.org/pkg/text/template/), and can use
|
||||
[sprig template functions](http://masterminds.github.io/sprig/).
|
||||
It must be a valid [Go template](https://pkg.go.dev/text/template/), and can use
|
||||
[sprig template functions](https://masterminds.github.io/sprig/).
|
||||
The container service name can be accessed with the `Name` identifier,
|
||||
and the template has access to all the labels defined on this container.
|
||||
|
||||
|
||||
@@ -64,7 +64,7 @@ Defines a username with which to connect to etcd.
|
||||
providers:
|
||||
etcd:
|
||||
# ...
|
||||
usename: "foo"
|
||||
username: "foo"
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
@@ -104,9 +104,14 @@ providers:
|
||||
|
||||
_Optional_
|
||||
|
||||
#### `tls.ca`
|
||||
Defines the TLS configuration used for the secure connection to etcd.
|
||||
|
||||
Certificate Authority used for the secure connection to etcd.
|
||||
#### `ca`
|
||||
|
||||
_Optional_
|
||||
|
||||
`ca` is the path to the certificate authority used for the secure connection to etcd,
|
||||
it defaults to the system bundle.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
providers:
|
||||
@@ -124,13 +129,15 @@ providers:
|
||||
--providers.etcd.tls.ca=path/to/ca.crt
|
||||
```
|
||||
|
||||
#### `tls.caOptional`
|
||||
#### `caOptional`
|
||||
|
||||
The value of `tls.caOptional` defines which policy should be used for the secure connection with TLS Client Authentication to etcd.
|
||||
_Optional_
|
||||
|
||||
The value of `caOptional` defines which policy should be used for the secure connection with TLS Client Authentication to etcd.
|
||||
|
||||
!!! warning ""
|
||||
|
||||
If `tls.ca` is undefined, this option will be ignored, and no client certificate will be requested during the handshake. Any provided certificate will thus never be verified.
|
||||
If `ca` is undefined, this option will be ignored, and no client certificate will be requested during the handshake. Any provided certificate will thus never be verified.
|
||||
|
||||
When this option is set to `true`, a client certificate is requested during the handshake but is not required. If a certificate is sent, it is required to be valid.
|
||||
|
||||
@@ -152,9 +159,12 @@ providers:
|
||||
--providers.etcd.tls.caOptional=true
|
||||
```
|
||||
|
||||
#### `tls.cert`
|
||||
#### `cert`
|
||||
|
||||
Public certificate used for the secure connection to etcd.
|
||||
_Optional_
|
||||
|
||||
`cert` is the path to the public certificate used for the secure connection to etcd.
|
||||
When using this option, setting the `key` option is required.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
providers:
|
||||
@@ -175,9 +185,12 @@ providers:
|
||||
--providers.etcd.tls.key=path/to/foo.key
|
||||
```
|
||||
|
||||
#### `tls.key`
|
||||
#### `key`
|
||||
|
||||
Private certificate used for the secure connection to etcd.
|
||||
_Optional_
|
||||
|
||||
`key` is the path to the private key used for the secure connection to etcd.
|
||||
When using this option, setting the `cert` option is required.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
providers:
|
||||
@@ -198,7 +211,9 @@ providers:
|
||||
--providers.etcd.tls.key=path/to/foo.key
|
||||
```
|
||||
|
||||
#### `tls.insecureSkipVerify`
|
||||
#### `insecureSkipVerify`
|
||||
|
||||
_Optional, Default=false_
|
||||
|
||||
If `insecureSkipVerify` is `true`, the TLS connection to etcd accepts any certificate presented by the server regardless of the hostnames it covers.
|
||||
|
||||
|
||||
@@ -198,8 +198,8 @@ providers:
|
||||
Templating does not work in the Traefik main static configuration file.
|
||||
|
||||
Traefik supports using Go templating to automatically generate repetitive sections of configuration files.
|
||||
These sections must be a valid [Go template](https://golang.org/pkg/text/template/), and can use
|
||||
[sprig template functions](http://masterminds.github.io/sprig/).
|
||||
These sections must be a valid [Go template](https://pkg.go.dev/text/template/), and can use
|
||||
[sprig template functions](https://masterminds.github.io/sprig/).
|
||||
|
||||
To illustrate, it is possible to easily define multiple routers, services, and TLS certificates as described in the following examples:
|
||||
|
||||
|
||||
@@ -17,8 +17,7 @@ Defines the HTTP(S) endpoint to poll.
|
||||
```yaml tab="File (YAML)"
|
||||
providers:
|
||||
http:
|
||||
endpoint:
|
||||
- "http://127.0.0.1:9000/api"
|
||||
endpoint: "http://127.0.0.1:9000/api"
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
@@ -55,7 +54,7 @@ providers:
|
||||
|
||||
_Optional, Default="5s"_
|
||||
|
||||
Defines the polling timeout when connecting to the configured endpoint.
|
||||
Defines the polling timeout when connecting to the endpoint.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
providers:
|
||||
@@ -76,9 +75,14 @@ providers:
|
||||
|
||||
_Optional_
|
||||
|
||||
#### `tls.ca`
|
||||
Defines the TLS configuration used for the secure connection to the endpoint.
|
||||
|
||||
Certificate Authority used for the secure connection to the configured endpoint.
|
||||
#### `ca`
|
||||
|
||||
_Optional_
|
||||
|
||||
`ca` is the path to the certificate authority used for the secure connection to the endpoint,
|
||||
it defaults to the system bundle.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
providers:
|
||||
@@ -96,13 +100,15 @@ providers:
|
||||
--providers.http.tls.ca=path/to/ca.crt
|
||||
```
|
||||
|
||||
#### `tls.caOptional`
|
||||
#### `caOptional`
|
||||
|
||||
The value of `tls.caOptional` defines which policy should be used for the secure connection with TLS Client Authentication to the configured endpoint.
|
||||
_Optional_
|
||||
|
||||
The value of `caOptional` defines which policy should be used for the secure connection with TLS Client Authentication to the endpoint.
|
||||
|
||||
!!! warning ""
|
||||
|
||||
If `tls.ca` is undefined, this option will be ignored, and no client certificate will be requested during the handshake. Any provided certificate will thus never be verified.
|
||||
If `ca` is undefined, this option will be ignored, and no client certificate will be requested during the handshake. Any provided certificate will thus never be verified.
|
||||
|
||||
When this option is set to `true`, a client certificate is requested during the handshake but is not required. If a certificate is sent, it is required to be valid.
|
||||
|
||||
@@ -124,9 +130,12 @@ providers:
|
||||
--providers.http.tls.caOptional=true
|
||||
```
|
||||
|
||||
#### `tls.cert`
|
||||
#### `cert`
|
||||
|
||||
Public certificate used for the secure connection to the configured endpoint.
|
||||
_Optional_
|
||||
|
||||
`cert` is the path to the public certificate used for the secure connection to the endpoint.
|
||||
When using this option, setting the `key` option is required.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
providers:
|
||||
@@ -147,9 +156,12 @@ providers:
|
||||
--providers.http.tls.key=path/to/foo.key
|
||||
```
|
||||
|
||||
#### `tls.key`
|
||||
#### `key`
|
||||
|
||||
Private certificate used for the secure connection to the configured endpoint.
|
||||
_Optional_
|
||||
|
||||
`key` is the path to the private key used for the secure connection to the endpoint.
|
||||
When using this option, setting the `cert` option is required.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
providers:
|
||||
@@ -170,7 +182,9 @@ providers:
|
||||
--providers.http.tls.key=path/to/foo.key
|
||||
```
|
||||
|
||||
#### `tls.insecureSkipVerify`
|
||||
#### `insecureSkipVerify`
|
||||
|
||||
_Optional, Default=false_
|
||||
|
||||
If `insecureSkipVerify` is `true`, the TLS connection to the endpoint accepts any certificate presented by the server regardless of the hostnames it covers.
|
||||
|
||||
|
||||
@@ -62,7 +62,7 @@ Previous versions of Traefik used a [KV store](https://doc.traefik.io/traefik/v1
|
||||
|
||||
If you need Let's Encrypt with HA in a Kubernetes environment, we recommend using [Traefik Enterprise](https://traefik.io/traefik-enterprise/), which includes distributed Let's Encrypt as a supported feature.
|
||||
|
||||
If you want to keep using Traefik Proxy, high availability for Let's Encrypt can be achieved by using a Certificate Controller such as [Cert-Manager](https://docs.cert-manager.io/en/latest/index.html).
|
||||
If you want to keep using Traefik Proxy, high availability for Let's Encrypt can be achieved by using a Certificate Controller such as [Cert-Manager](https://cert-manager.io/docs/).
|
||||
When using Cert-Manager to manage certificates, it creates secrets in your namespaces that can be referenced as TLS secrets in your [ingress objects](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls).
|
||||
When using the Traefik Kubernetes CRD Provider, unfortunately Cert-Manager cannot yet interface directly with the CRDs.
|
||||
A workaround is to enable the [Kubernetes Ingress provider](./kubernetes-ingress.md) to allow Cert-Manager to create ingress objects to complete the challenges.
|
||||
@@ -195,13 +195,13 @@ See [label-selectors](https://kubernetes.io/docs/concepts/overview/working-with-
|
||||
```yaml tab="File (YAML)"
|
||||
providers:
|
||||
kubernetesCRD:
|
||||
labelselector: "app=traefik"
|
||||
labelSelector: "app=traefik"
|
||||
# ...
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
[providers.kubernetesCRD]
|
||||
labelselector = "app=traefik"
|
||||
labelSelector = "app=traefik"
|
||||
# ...
|
||||
```
|
||||
|
||||
|
||||
@@ -36,10 +36,10 @@ and derives the corresponding dynamic configuration from it,
|
||||
which in turn creates the resulting routers, services, handlers, etc.
|
||||
|
||||
```yaml tab="Ingress"
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
apiVersion: networking.k8s.io/v1beta1
|
||||
metadata:
|
||||
name: "foo"
|
||||
name: foo
|
||||
namespace: production
|
||||
|
||||
spec:
|
||||
@@ -48,20 +48,26 @@ spec:
|
||||
http:
|
||||
paths:
|
||||
- path: /bar
|
||||
pathType: Exact
|
||||
backend:
|
||||
serviceName: service1
|
||||
servicePort: 80
|
||||
service:
|
||||
name: service1
|
||||
port:
|
||||
number: 80
|
||||
- path: /foo
|
||||
pathType: Exact
|
||||
backend:
|
||||
serviceName: service1
|
||||
servicePort: 80
|
||||
service:
|
||||
name: service1
|
||||
port:
|
||||
number: 80
|
||||
```
|
||||
|
||||
```yaml tab="Ingress Kubernetes v1.19+"
|
||||
```yaml tab="Ingress v1beta1 (deprecated)"
|
||||
apiVersion: networking.k8s.io/v1beta1
|
||||
kind: Ingress
|
||||
apiVersion: networking.k8s.io/v1
|
||||
metadata:
|
||||
name: "foo"
|
||||
name: foo
|
||||
namespace: production
|
||||
|
||||
spec:
|
||||
@@ -71,16 +77,12 @@ spec:
|
||||
paths:
|
||||
- path: /bar
|
||||
backend:
|
||||
service:
|
||||
name: service1
|
||||
port:
|
||||
number: 80
|
||||
serviceName: service1
|
||||
servicePort: 80
|
||||
- path: /foo
|
||||
backend:
|
||||
service:
|
||||
name: service1
|
||||
port:
|
||||
number: 80
|
||||
serviceName: service1
|
||||
servicePort: 80
|
||||
```
|
||||
|
||||
## LetsEncrypt Support with the Ingress Provider
|
||||
@@ -102,7 +104,7 @@ If you need Let's Encrypt with high availability in a Kubernetes environment,
|
||||
we recommend using [Traefik Enterprise](https://traefik.io/traefik-enterprise/) which includes distributed Let's Encrypt as a supported feature.
|
||||
|
||||
If you want to keep using Traefik Proxy,
|
||||
LetsEncrypt HA can be achieved by using a Certificate Controller such as [Cert-Manager](https://docs.cert-manager.io/en/latest/index.html).
|
||||
LetsEncrypt HA can be achieved by using a Certificate Controller such as [Cert-Manager](https://cert-manager.io/docs/).
|
||||
When using Cert-Manager to manage certificates,
|
||||
it creates secrets in your namespaces that can be referenced as TLS secrets in your [ingress objects](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls).
|
||||
|
||||
@@ -227,7 +229,7 @@ See [label-selectors](https://kubernetes.io/docs/concepts/overview/working-with-
|
||||
```yaml tab="File (YAML)"
|
||||
providers:
|
||||
kubernetesIngress:
|
||||
labelselector: "app=traefik"
|
||||
labelSelector: "app=traefik"
|
||||
# ...
|
||||
```
|
||||
|
||||
@@ -270,19 +272,19 @@ Otherwise, Ingresses missing the annotation, having an empty value, or the value
|
||||
```
|
||||
|
||||
```yaml tab="Ingress"
|
||||
apiVersion: "networking.k8s.io/v1beta1"
|
||||
kind: "Ingress"
|
||||
apiVersion: networking.k8s.io/v1beta1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: "example-ingress"
|
||||
name: example-ingress
|
||||
spec:
|
||||
ingressClassName: "traefik-lb"
|
||||
ingressClassName: traefik-lb
|
||||
rules:
|
||||
- host: "*.example.com"
|
||||
http:
|
||||
paths:
|
||||
- path: "/example"
|
||||
- path: /example
|
||||
backend:
|
||||
serviceName: "example-service"
|
||||
serviceName: example-service
|
||||
servicePort: 80
|
||||
```
|
||||
|
||||
@@ -301,20 +303,21 @@ Otherwise, Ingresses missing the annotation, having an empty value, or the value
|
||||
```
|
||||
|
||||
```yaml tab="Ingress"
|
||||
apiVersion: "networking.k8s.io/v1"
|
||||
kind: "Ingress"
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: "example-ingress"
|
||||
name: example-ingress
|
||||
spec:
|
||||
ingressClassName: "traefik-lb"
|
||||
ingressClassName: traefik-lb
|
||||
rules:
|
||||
- host: "*.example.com"
|
||||
http:
|
||||
paths:
|
||||
- path: "/example"
|
||||
- path: /example
|
||||
pathType: Exact
|
||||
backend:
|
||||
service:
|
||||
name: "example-service"
|
||||
name: example-service
|
||||
port:
|
||||
number: 80
|
||||
```
|
||||
|
||||
@@ -113,8 +113,8 @@ The default host rule for all services.
|
||||
|
||||
For a given application, if no routing rule was defined by a label, it is defined by this `defaultRule` instead.
|
||||
|
||||
It must be a valid [Go template](https://golang.org/pkg/text/template/),
|
||||
and can include [sprig template functions](http://masterminds.github.io/sprig/).
|
||||
It must be a valid [Go template](https://pkg.go.dev/text/template/),
|
||||
and can include [sprig template functions](https://masterminds.github.io/sprig/).
|
||||
|
||||
The app ID can be accessed with the `Name` identifier,
|
||||
and the template has access to all the labels defined on this Marathon application.
|
||||
@@ -404,9 +404,12 @@ providers:
|
||||
|
||||
_Optional_
|
||||
|
||||
#### `tls.ca`
|
||||
Defines the TLS configuration used for the secure connection to Marathon.
|
||||
|
||||
Certificate Authority used for the secure connection to Marathon.
|
||||
#### `ca`
|
||||
|
||||
`ca` is the path to the certificate authority used for the secure connection to Marathon,
|
||||
it defaults to the system bundle.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
providers:
|
||||
@@ -424,13 +427,15 @@ providers:
|
||||
--providers.marathon.tls.ca=path/to/ca.crt
|
||||
```
|
||||
|
||||
#### `tls.caOptional`
|
||||
#### `caOptional`
|
||||
|
||||
The value of `tls.caOptional` defines which policy should be used for the secure connection with TLS Client Authentication to Marathon.
|
||||
_Optional_
|
||||
|
||||
The value of `caOptional` defines which policy should be used for the secure connection with TLS Client Authentication to Marathon.
|
||||
|
||||
!!! warning ""
|
||||
|
||||
If `tls.ca` is undefined, this option will be ignored, and no client certificate will be requested during the handshake. Any provided certificate will thus never be verified.
|
||||
If `ca` is undefined, this option will be ignored, and no client certificate will be requested during the handshake. Any provided certificate will thus never be verified.
|
||||
|
||||
When this option is set to `true`, a client certificate is requested during the handshake but is not required. If a certificate is sent, it is required to be valid.
|
||||
|
||||
@@ -452,9 +457,12 @@ providers:
|
||||
--providers.marathon.tls.caOptional=true
|
||||
```
|
||||
|
||||
#### `tls.cert`
|
||||
#### `cert`
|
||||
|
||||
Public certificate used for the secure connection to Marathon.
|
||||
_Optional_
|
||||
|
||||
`cert` is the path to the public certificate used for the secure connection to Marathon.
|
||||
When using this option, setting the `key` option is required.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
providers:
|
||||
@@ -475,9 +483,12 @@ providers:
|
||||
--providers.marathon.tls.key=path/to/foo.key
|
||||
```
|
||||
|
||||
#### `tls.key`
|
||||
#### `key`
|
||||
|
||||
Private certificate used for the secure connection to Marathon.
|
||||
_Optional_
|
||||
|
||||
`key` is the path to the private key used for the secure connection to Marathon.
|
||||
When using this option, setting the `cert` option is required.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
providers:
|
||||
@@ -498,7 +509,9 @@ providers:
|
||||
--providers.marathon.tls.key=path/to/foo.key
|
||||
```
|
||||
|
||||
#### `tls.insecureSkipVerify`
|
||||
#### `insecureSkipVerify`
|
||||
|
||||
_Optional, Default=false_
|
||||
|
||||
If `insecureSkipVerify` is `true`, the TLS connection to Marathon accepts any certificate presented by the server regardless of the hostnames it covers.
|
||||
|
||||
@@ -531,18 +544,18 @@ see [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration).
|
||||
```yaml tab="File (YAML)"
|
||||
providers:
|
||||
marathon:
|
||||
responseHeaderTimeout: "10s"
|
||||
tlsHandshakeTimeout: "10s"
|
||||
# ...
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
[providers.marathon]
|
||||
responseHeaderTimeout = "10s"
|
||||
tlsHandshakeTimeout = "10s"
|
||||
# ...
|
||||
```
|
||||
|
||||
```bash tab="CLI"
|
||||
--providers.marathon.responseHeaderTimeout=10s
|
||||
--providers.marathon.tlsHandshakeTimeout=10s
|
||||
# ...
|
||||
```
|
||||
|
||||
|
||||
@@ -95,8 +95,8 @@ The default host rule for all services.
|
||||
|
||||
The `defaultRule` option defines what routing rule to apply to a container if no rule is defined by a label.
|
||||
|
||||
It must be a valid [Go template](https://golang.org/pkg/text/template/), and can use
|
||||
[sprig template functions](http://masterminds.github.io/sprig/).
|
||||
It must be a valid [Go template](https://pkg.go.dev/text/template/), and can use
|
||||
[sprig template functions](https://masterminds.github.io/sprig/).
|
||||
The service name can be accessed with the `Name` identifier,
|
||||
and the template has access to all the labels defined on this container.
|
||||
|
||||
|
||||
@@ -64,7 +64,7 @@ Defines a username to connect with Redis.
|
||||
providers:
|
||||
redis:
|
||||
# ...
|
||||
usename: "foo"
|
||||
username: "foo"
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
@@ -104,9 +104,14 @@ providers:
|
||||
|
||||
_Optional_
|
||||
|
||||
#### `tls.ca`
|
||||
Defines the TLS configuration used for the secure connection to Redis.
|
||||
|
||||
Certificate Authority used for the secure connection to Redis.
|
||||
#### `ca`
|
||||
|
||||
_Optional_
|
||||
|
||||
`ca` is the path to the certificate authority used for the secure connection to Redis,
|
||||
it defaults to the system bundle.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
providers:
|
||||
@@ -124,13 +129,15 @@ providers:
|
||||
--providers.redis.tls.ca=path/to/ca.crt
|
||||
```
|
||||
|
||||
#### `tls.caOptional`
|
||||
#### `caOptional`
|
||||
|
||||
The value of `tls.caOptional` defines which policy should be used for the secure connection with TLS Client Authentication to Redis.
|
||||
_Optional_
|
||||
|
||||
The value of `caOptional` defines which policy should be used for the secure connection with TLS Client Authentication to Redis.
|
||||
|
||||
!!! warning ""
|
||||
|
||||
If `tls.ca` is undefined, this option will be ignored, and no client certificate will be requested during the handshake. Any provided certificate will thus never be verified.
|
||||
If `ca` is undefined, this option will be ignored, and no client certificate will be requested during the handshake. Any provided certificate will thus never be verified.
|
||||
|
||||
When this option is set to `true`, a client certificate is requested during the handshake but is not required. If a certificate is sent, it is required to be valid.
|
||||
|
||||
@@ -152,9 +159,12 @@ providers:
|
||||
--providers.redis.tls.caOptional=true
|
||||
```
|
||||
|
||||
#### `tls.cert`
|
||||
#### `cert`
|
||||
|
||||
Public certificate used for the secure connection to Redis.
|
||||
_Optional_
|
||||
|
||||
`cert` is the path to the public certificate used for the secure connection to Redis.
|
||||
When using this option, setting the `key` option is required.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
providers:
|
||||
@@ -175,9 +185,12 @@ providers:
|
||||
--providers.redis.tls.key=path/to/foo.key
|
||||
```
|
||||
|
||||
#### `tls.key`
|
||||
#### `key`
|
||||
|
||||
Private certificate used for the secure connection to Redis.
|
||||
_Optional_
|
||||
|
||||
`key` is the path to the private key used for the secure connection to Redis.
|
||||
When using this option, setting the `cert` option is required.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
providers:
|
||||
@@ -198,7 +211,9 @@ providers:
|
||||
--providers.redis.tls.key=path/to/foo.key
|
||||
```
|
||||
|
||||
#### `tls.insecureSkipVerify`
|
||||
#### `insecureSkipVerify`
|
||||
|
||||
_Optional, Default=false_
|
||||
|
||||
If `insecureSkipVerify` is `true`, the TLS connection to Redis accepts any certificate presented by the server regardless of the hostnames it covers.
|
||||
|
||||
|
||||
@@ -64,7 +64,7 @@ Defines a username to connect with ZooKeeper.
|
||||
providers:
|
||||
zooKeeper:
|
||||
# ...
|
||||
usename: "foo"
|
||||
username: "foo"
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
@@ -104,9 +104,14 @@ providers:
|
||||
|
||||
_Optional_
|
||||
|
||||
#### `tls.ca`
|
||||
Defines the TLS configuration used for the secure connection to ZooKeeper.
|
||||
|
||||
Certificate Authority used for the secure connection to ZooKeeper.
|
||||
#### `ca`
|
||||
|
||||
_Optional_
|
||||
|
||||
`ca` is the path to the certificate authority used for the secure connection to ZooKeeper,
|
||||
it defaults to the system bundle.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
providers:
|
||||
@@ -124,13 +129,15 @@ providers:
|
||||
--providers.zookeeper.tls.ca=path/to/ca.crt
|
||||
```
|
||||
|
||||
#### `tls.caOptional`
|
||||
#### `caOptional`
|
||||
|
||||
The value of `tls.caOptional` defines which policy should be used for the secure connection with TLS Client Authentication to Zookeeper.
|
||||
_Optional_
|
||||
|
||||
The value of `caOptional` defines which policy should be used for the secure connection with TLS Client Authentication to Zookeeper.
|
||||
|
||||
!!! warning ""
|
||||
|
||||
If `tls.ca` is undefined, this option will be ignored, and no client certificate will be requested during the handshake. Any provided certificate will thus never be verified.
|
||||
If `ca` is undefined, this option will be ignored, and no client certificate will be requested during the handshake. Any provided certificate will thus never be verified.
|
||||
|
||||
When this option is set to `true`, a client certificate is requested during the handshake but is not required. If a certificate is sent, it is required to be valid.
|
||||
|
||||
@@ -152,9 +159,12 @@ providers:
|
||||
--providers.zookeeper.tls.caOptional=true
|
||||
```
|
||||
|
||||
#### `tls.cert`
|
||||
#### `cert`
|
||||
|
||||
Public certificate used for the secure connection to ZooKeeper.
|
||||
_Optional_
|
||||
|
||||
`cert` is the path to the public certificate used for the secure connection to ZooKeeper.
|
||||
When using this option, setting the `key` option is required.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
providers:
|
||||
@@ -175,9 +185,12 @@ providers:
|
||||
--providers.zookeeper.tls.key=path/to/foo.key
|
||||
```
|
||||
|
||||
#### `tls.key`
|
||||
#### `key`
|
||||
|
||||
Private certificate used for the secure connection to ZooKeeper.
|
||||
_Optional_
|
||||
|
||||
`key` is the path to the private key used for the secure connection to ZooKeeper.
|
||||
When using this option, setting the `cert` option is required.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
providers:
|
||||
@@ -198,7 +211,9 @@ providers:
|
||||
--providers.zookeeper.tls.key=path/to/foo.key
|
||||
```
|
||||
|
||||
#### `tls.insecureSkipVerify`
|
||||
#### `insecureSkipVerify`
|
||||
|
||||
_Optional, Default=false_
|
||||
|
||||
If `insecureSkipVerify` is `true`, the TLS connection to Zookeeper accepts any certificate presented by the server regardless of the hostnames it covers.
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
metadata:
|
||||
name: traefik-ingress-controller
|
||||
|
||||
@@ -48,8 +48,8 @@ rules:
|
||||
- watch
|
||||
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
metadata:
|
||||
name: traefik-ingress-controller
|
||||
|
||||
|
||||
@@ -38,8 +38,8 @@ rules:
|
||||
- update
|
||||
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
metadata:
|
||||
name: gateway-controller
|
||||
|
||||
|
||||
@@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.4.1
|
||||
controller-gen.kubebuilder.io/version: v0.6.2
|
||||
creationTimestamp: null
|
||||
name: ingressroutes.traefik.containo.us
|
||||
spec:
|
||||
|
||||
@@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.4.1
|
||||
controller-gen.kubebuilder.io/version: v0.6.2
|
||||
creationTimestamp: null
|
||||
name: ingressroutetcps.traefik.containo.us
|
||||
spec:
|
||||
|
||||
@@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.4.1
|
||||
controller-gen.kubebuilder.io/version: v0.6.2
|
||||
creationTimestamp: null
|
||||
name: ingressrouteudps.traefik.containo.us
|
||||
spec:
|
||||
|
||||
@@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.4.1
|
||||
controller-gen.kubebuilder.io/version: v0.6.2
|
||||
creationTimestamp: null
|
||||
name: middlewares.traefik.containo.us
|
||||
spec:
|
||||
@@ -398,7 +398,7 @@ spec:
|
||||
info configuration.
|
||||
properties:
|
||||
issuer:
|
||||
description: TLSCLientCertificateDNInfo holds the client TLS
|
||||
description: TLSClientCertificateDNInfo holds the client TLS
|
||||
certificate distinguished name info configuration. cf https://tools.ietf.org/html/rfc3739
|
||||
properties:
|
||||
commonName:
|
||||
@@ -425,7 +425,7 @@ spec:
|
||||
serialNumber:
|
||||
type: boolean
|
||||
subject:
|
||||
description: TLSCLientCertificateDNInfo holds the client TLS
|
||||
description: TLSClientCertificateDNInfo holds the client TLS
|
||||
certificate distinguished name info configuration. cf https://tools.ietf.org/html/rfc3739
|
||||
properties:
|
||||
commonName:
|
||||
|
||||
@@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.4.1
|
||||
controller-gen.kubebuilder.io/version: v0.6.2
|
||||
creationTimestamp: null
|
||||
name: middlewaretcps.traefik.containo.us
|
||||
spec:
|
||||
|
||||
@@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.4.1
|
||||
controller-gen.kubebuilder.io/version: v0.6.2
|
||||
creationTimestamp: null
|
||||
name: serverstransports.traefik.containo.us
|
||||
spec:
|
||||
|
||||
@@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.4.1
|
||||
controller-gen.kubebuilder.io/version: v0.6.2
|
||||
creationTimestamp: null
|
||||
name: tlsoptions.traefik.containo.us
|
||||
spec:
|
||||
@@ -54,6 +54,7 @@ spec:
|
||||
enum:
|
||||
- NoClientCert
|
||||
- RequestClientCert
|
||||
- RequireAnyClientCert
|
||||
- VerifyClientCertIfGiven
|
||||
- RequireAndVerifyClientCert
|
||||
type: string
|
||||
|
||||
@@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.4.1
|
||||
controller-gen.kubebuilder.io/version: v0.6.2
|
||||
creationTimestamp: null
|
||||
name: tlsstores.traefik.containo.us
|
||||
spec:
|
||||
|
||||
@@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.4.1
|
||||
controller-gen.kubebuilder.io/version: v0.6.2
|
||||
creationTimestamp: null
|
||||
name: traefikservices.traefik.containo.us
|
||||
spec:
|
||||
|
||||
@@ -859,76 +859,76 @@ OpenTracing configuration. (Default: ```false```)
|
||||
Settings for Datadog. (Default: ```false```)
|
||||
|
||||
`--tracing.datadog.bagageprefixheadername`:
|
||||
Specifies the header name prefix that will be used to store baggage items in a map.
|
||||
Sets the header name prefix used to store baggage items in a map.
|
||||
|
||||
`--tracing.datadog.debug`:
|
||||
Enable Datadog debug. (Default: ```false```)
|
||||
Enables Datadog debug. (Default: ```false```)
|
||||
|
||||
`--tracing.datadog.globaltag`:
|
||||
Key:Value tag to be set on all the spans.
|
||||
Sets a key:value tag on all spans.
|
||||
|
||||
`--tracing.datadog.localagenthostport`:
|
||||
Set datadog-agent's host:port that the reporter will used. (Default: ```localhost:8126```)
|
||||
Sets the Datadog Agent host:port. (Default: ```localhost:8126```)
|
||||
|
||||
`--tracing.datadog.parentidheadername`:
|
||||
Specifies the header name that will be used to store the parent ID.
|
||||
Sets the header name used to store the parent ID.
|
||||
|
||||
`--tracing.datadog.prioritysampling`:
|
||||
Enable priority sampling. When using distributed tracing, this option must be enabled in order to get all the parts of a distributed trace sampled. (Default: ```false```)
|
||||
Enables priority sampling. When using distributed tracing, this option must be enabled in order to get all the parts of a distributed trace sampled. (Default: ```false```)
|
||||
|
||||
`--tracing.datadog.samplingpriorityheadername`:
|
||||
Specifies the header name that will be used to store the sampling priority.
|
||||
Sets the header name used to store the sampling priority.
|
||||
|
||||
`--tracing.datadog.traceidheadername`:
|
||||
Specifies the header name that will be used to store the trace ID.
|
||||
Sets the header name used to store the trace ID.
|
||||
|
||||
`--tracing.elastic`:
|
||||
Settings for Elastic. (Default: ```false```)
|
||||
|
||||
`--tracing.elastic.secrettoken`:
|
||||
Set the token used to connect to Elastic APM Server.
|
||||
Sets the token used to connect to Elastic APM Server.
|
||||
|
||||
`--tracing.elastic.serverurl`:
|
||||
Set the URL of the Elastic APM server.
|
||||
Sets the URL of the Elastic APM server.
|
||||
|
||||
`--tracing.elastic.serviceenvironment`:
|
||||
Set the name of the environment Traefik is deployed in, e.g. 'production' or 'staging'.
|
||||
Sets the name of the environment Traefik is deployed in, e.g. 'production' or 'staging'.
|
||||
|
||||
`--tracing.haystack`:
|
||||
Settings for Haystack. (Default: ```false```)
|
||||
|
||||
`--tracing.haystack.baggageprefixheadername`:
|
||||
Specifies the header name prefix that will be used to store baggage items in a map.
|
||||
Sets the header name prefix used to store baggage items in a map.
|
||||
|
||||
`--tracing.haystack.globaltag`:
|
||||
Key:Value tag to be set on all the spans.
|
||||
Sets a key:value tag on all spans.
|
||||
|
||||
`--tracing.haystack.localagenthost`:
|
||||
Set haystack-agent's host that the reporter will used. (Default: ```127.0.0.1```)
|
||||
Sets the Haystack Agent host. (Default: ```127.0.0.1```)
|
||||
|
||||
`--tracing.haystack.localagentport`:
|
||||
Set haystack-agent's port that the reporter will used. (Default: ```35000```)
|
||||
Sets the Haystack Agent port. (Default: ```35000```)
|
||||
|
||||
`--tracing.haystack.parentidheadername`:
|
||||
Specifies the header name that will be used to store the parent ID.
|
||||
Sets the header name used to store the parent ID.
|
||||
|
||||
`--tracing.haystack.spanidheadername`:
|
||||
Specifies the header name that will be used to store the span ID.
|
||||
Sets the header name used to store the span ID.
|
||||
|
||||
`--tracing.haystack.traceidheadername`:
|
||||
Specifies the header name that will be used to store the trace ID.
|
||||
Sets the header name used to store the trace ID.
|
||||
|
||||
`--tracing.instana`:
|
||||
Settings for Instana. (Default: ```false```)
|
||||
|
||||
`--tracing.instana.localagenthost`:
|
||||
Set instana-agent's host that the reporter will used.
|
||||
Sets the Instana Agent host.
|
||||
|
||||
`--tracing.instana.localagentport`:
|
||||
Set instana-agent's port that the reporter will used. (Default: ```42699```)
|
||||
Sets the Instana Agent port used. (Default: ```42699```)
|
||||
|
||||
`--tracing.instana.loglevel`:
|
||||
Set instana-agent's log level. ('error','warn','info','debug') (Default: ```info```)
|
||||
Sets the log level for the Instana tracer. ('error','warn','info','debug') (Default: ```info```)
|
||||
|
||||
`--tracing.jaeger`:
|
||||
Settings for Jaeger. (Default: ```false```)
|
||||
@@ -943,28 +943,28 @@ Password for basic http authentication when sending spans to jaeger-collector.
|
||||
User for basic http authentication when sending spans to jaeger-collector.
|
||||
|
||||
`--tracing.jaeger.disableattemptreconnecting`:
|
||||
Disable the periodic re-resolution of the agent's hostname and reconnection if there was a change. (Default: ```true```)
|
||||
Disables the periodic re-resolution of the agent's hostname and reconnection if there was a change. (Default: ```true```)
|
||||
|
||||
`--tracing.jaeger.gen128bit`:
|
||||
Generate 128 bit span IDs. (Default: ```false```)
|
||||
Generates 128 bits span IDs. (Default: ```false```)
|
||||
|
||||
`--tracing.jaeger.localagenthostport`:
|
||||
Set jaeger-agent's host:port that the reporter will used. (Default: ```127.0.0.1:6831```)
|
||||
Sets the Jaeger Agent host:port. (Default: ```127.0.0.1:6831```)
|
||||
|
||||
`--tracing.jaeger.propagation`:
|
||||
Which propagation format to use (jaeger/b3). (Default: ```jaeger```)
|
||||
Sets the propagation format (jaeger/b3). (Default: ```jaeger```)
|
||||
|
||||
`--tracing.jaeger.samplingparam`:
|
||||
Set the sampling parameter. (Default: ```1.000000```)
|
||||
Sets the sampling parameter. (Default: ```1.000000```)
|
||||
|
||||
`--tracing.jaeger.samplingserverurl`:
|
||||
Set the sampling server url. (Default: ```http://localhost:5778/sampling```)
|
||||
Sets the sampling server URL. (Default: ```http://localhost:5778/sampling```)
|
||||
|
||||
`--tracing.jaeger.samplingtype`:
|
||||
Set the sampling type. (Default: ```const```)
|
||||
Sets the sampling type. (Default: ```const```)
|
||||
|
||||
`--tracing.jaeger.tracecontextheadername`:
|
||||
Set the header to use for the trace-id. (Default: ```uber-trace-id```)
|
||||
Sets the header name used to store the trace ID. (Default: ```uber-trace-id```)
|
||||
|
||||
`--tracing.servicename`:
|
||||
Set the name for this service. (Default: ```traefik```)
|
||||
@@ -976,13 +976,13 @@ Set the maximum character limit for Span names (default 0 = no limit). (Default:
|
||||
Settings for Zipkin. (Default: ```false```)
|
||||
|
||||
`--tracing.zipkin.httpendpoint`:
|
||||
HTTP Endpoint to report traces to. (Default: ```http://localhost:9411/api/v2/spans```)
|
||||
Sets the HTTP Endpoint to report traces to. (Default: ```http://localhost:9411/api/v2/spans```)
|
||||
|
||||
`--tracing.zipkin.id128bit`:
|
||||
Use Zipkin 128 bit root span IDs. (Default: ```true```)
|
||||
Uses 128 bits root span IDs. (Default: ```true```)
|
||||
|
||||
`--tracing.zipkin.samespan`:
|
||||
Use Zipkin SameSpan RPC style traces. (Default: ```false```)
|
||||
Uses SameSpan RPC style traces. (Default: ```false```)
|
||||
|
||||
`--tracing.zipkin.samplerate`:
|
||||
The rate between 0.0 and 1.0 of requests to trace. (Default: ```1.000000```)
|
||||
Sets the rate between 0.0 and 1.0 of requests to trace. (Default: ```1.000000```)
|
||||
|
||||
@@ -859,76 +859,76 @@ OpenTracing configuration. (Default: ```false```)
|
||||
Settings for Datadog. (Default: ```false```)
|
||||
|
||||
`TRAEFIK_TRACING_DATADOG_BAGAGEPREFIXHEADERNAME`:
|
||||
Specifies the header name prefix that will be used to store baggage items in a map.
|
||||
Sets the header name prefix used to store baggage items in a map.
|
||||
|
||||
`TRAEFIK_TRACING_DATADOG_DEBUG`:
|
||||
Enable Datadog debug. (Default: ```false```)
|
||||
Enables Datadog debug. (Default: ```false```)
|
||||
|
||||
`TRAEFIK_TRACING_DATADOG_GLOBALTAG`:
|
||||
Key:Value tag to be set on all the spans.
|
||||
Sets a key:value tag on all spans.
|
||||
|
||||
`TRAEFIK_TRACING_DATADOG_LOCALAGENTHOSTPORT`:
|
||||
Set datadog-agent's host:port that the reporter will used. (Default: ```localhost:8126```)
|
||||
Sets the Datadog Agent host:port. (Default: ```localhost:8126```)
|
||||
|
||||
`TRAEFIK_TRACING_DATADOG_PARENTIDHEADERNAME`:
|
||||
Specifies the header name that will be used to store the parent ID.
|
||||
Sets the header name used to store the parent ID.
|
||||
|
||||
`TRAEFIK_TRACING_DATADOG_PRIORITYSAMPLING`:
|
||||
Enable priority sampling. When using distributed tracing, this option must be enabled in order to get all the parts of a distributed trace sampled. (Default: ```false```)
|
||||
Enables priority sampling. When using distributed tracing, this option must be enabled in order to get all the parts of a distributed trace sampled. (Default: ```false```)
|
||||
|
||||
`TRAEFIK_TRACING_DATADOG_SAMPLINGPRIORITYHEADERNAME`:
|
||||
Specifies the header name that will be used to store the sampling priority.
|
||||
Sets the header name used to store the sampling priority.
|
||||
|
||||
`TRAEFIK_TRACING_DATADOG_TRACEIDHEADERNAME`:
|
||||
Specifies the header name that will be used to store the trace ID.
|
||||
Sets the header name used to store the trace ID.
|
||||
|
||||
`TRAEFIK_TRACING_ELASTIC`:
|
||||
Settings for Elastic. (Default: ```false```)
|
||||
|
||||
`TRAEFIK_TRACING_ELASTIC_SECRETTOKEN`:
|
||||
Set the token used to connect to Elastic APM Server.
|
||||
Sets the token used to connect to Elastic APM Server.
|
||||
|
||||
`TRAEFIK_TRACING_ELASTIC_SERVERURL`:
|
||||
Set the URL of the Elastic APM server.
|
||||
Sets the URL of the Elastic APM server.
|
||||
|
||||
`TRAEFIK_TRACING_ELASTIC_SERVICEENVIRONMENT`:
|
||||
Set the name of the environment Traefik is deployed in, e.g. 'production' or 'staging'.
|
||||
Sets the name of the environment Traefik is deployed in, e.g. 'production' or 'staging'.
|
||||
|
||||
`TRAEFIK_TRACING_HAYSTACK`:
|
||||
Settings for Haystack. (Default: ```false```)
|
||||
|
||||
`TRAEFIK_TRACING_HAYSTACK_BAGGAGEPREFIXHEADERNAME`:
|
||||
Specifies the header name prefix that will be used to store baggage items in a map.
|
||||
Sets the header name prefix used to store baggage items in a map.
|
||||
|
||||
`TRAEFIK_TRACING_HAYSTACK_GLOBALTAG`:
|
||||
Key:Value tag to be set on all the spans.
|
||||
Sets a key:value tag on all spans.
|
||||
|
||||
`TRAEFIK_TRACING_HAYSTACK_LOCALAGENTHOST`:
|
||||
Set haystack-agent's host that the reporter will used. (Default: ```127.0.0.1```)
|
||||
Sets the Haystack Agent host. (Default: ```127.0.0.1```)
|
||||
|
||||
`TRAEFIK_TRACING_HAYSTACK_LOCALAGENTPORT`:
|
||||
Set haystack-agent's port that the reporter will used. (Default: ```35000```)
|
||||
Sets the Haystack Agent port. (Default: ```35000```)
|
||||
|
||||
`TRAEFIK_TRACING_HAYSTACK_PARENTIDHEADERNAME`:
|
||||
Specifies the header name that will be used to store the parent ID.
|
||||
Sets the header name used to store the parent ID.
|
||||
|
||||
`TRAEFIK_TRACING_HAYSTACK_SPANIDHEADERNAME`:
|
||||
Specifies the header name that will be used to store the span ID.
|
||||
Sets the header name used to store the span ID.
|
||||
|
||||
`TRAEFIK_TRACING_HAYSTACK_TRACEIDHEADERNAME`:
|
||||
Specifies the header name that will be used to store the trace ID.
|
||||
Sets the header name used to store the trace ID.
|
||||
|
||||
`TRAEFIK_TRACING_INSTANA`:
|
||||
Settings for Instana. (Default: ```false```)
|
||||
|
||||
`TRAEFIK_TRACING_INSTANA_LOCALAGENTHOST`:
|
||||
Set instana-agent's host that the reporter will used.
|
||||
Sets the Instana Agent host.
|
||||
|
||||
`TRAEFIK_TRACING_INSTANA_LOCALAGENTPORT`:
|
||||
Set instana-agent's port that the reporter will used. (Default: ```42699```)
|
||||
Sets the Instana Agent port used. (Default: ```42699```)
|
||||
|
||||
`TRAEFIK_TRACING_INSTANA_LOGLEVEL`:
|
||||
Set instana-agent's log level. ('error','warn','info','debug') (Default: ```info```)
|
||||
Sets the log level for the Instana tracer. ('error','warn','info','debug') (Default: ```info```)
|
||||
|
||||
`TRAEFIK_TRACING_JAEGER`:
|
||||
Settings for Jaeger. (Default: ```false```)
|
||||
@@ -943,28 +943,28 @@ Password for basic http authentication when sending spans to jaeger-collector.
|
||||
User for basic http authentication when sending spans to jaeger-collector.
|
||||
|
||||
`TRAEFIK_TRACING_JAEGER_DISABLEATTEMPTRECONNECTING`:
|
||||
Disable the periodic re-resolution of the agent's hostname and reconnection if there was a change. (Default: ```true```)
|
||||
Disables the periodic re-resolution of the agent's hostname and reconnection if there was a change. (Default: ```true```)
|
||||
|
||||
`TRAEFIK_TRACING_JAEGER_GEN128BIT`:
|
||||
Generate 128 bit span IDs. (Default: ```false```)
|
||||
Generates 128 bits span IDs. (Default: ```false```)
|
||||
|
||||
`TRAEFIK_TRACING_JAEGER_LOCALAGENTHOSTPORT`:
|
||||
Set jaeger-agent's host:port that the reporter will used. (Default: ```127.0.0.1:6831```)
|
||||
Sets the Jaeger Agent host:port. (Default: ```127.0.0.1:6831```)
|
||||
|
||||
`TRAEFIK_TRACING_JAEGER_PROPAGATION`:
|
||||
Which propagation format to use (jaeger/b3). (Default: ```jaeger```)
|
||||
Sets the propagation format (jaeger/b3). (Default: ```jaeger```)
|
||||
|
||||
`TRAEFIK_TRACING_JAEGER_SAMPLINGPARAM`:
|
||||
Set the sampling parameter. (Default: ```1.000000```)
|
||||
Sets the sampling parameter. (Default: ```1.000000```)
|
||||
|
||||
`TRAEFIK_TRACING_JAEGER_SAMPLINGSERVERURL`:
|
||||
Set the sampling server url. (Default: ```http://localhost:5778/sampling```)
|
||||
Sets the sampling server URL. (Default: ```http://localhost:5778/sampling```)
|
||||
|
||||
`TRAEFIK_TRACING_JAEGER_SAMPLINGTYPE`:
|
||||
Set the sampling type. (Default: ```const```)
|
||||
Sets the sampling type. (Default: ```const```)
|
||||
|
||||
`TRAEFIK_TRACING_JAEGER_TRACECONTEXTHEADERNAME`:
|
||||
Set the header to use for the trace-id. (Default: ```uber-trace-id```)
|
||||
Sets the header name used to store the trace ID. (Default: ```uber-trace-id```)
|
||||
|
||||
`TRAEFIK_TRACING_SERVICENAME`:
|
||||
Set the name for this service. (Default: ```traefik```)
|
||||
@@ -976,13 +976,13 @@ Set the maximum character limit for Span names (default 0 = no limit). (Default:
|
||||
Settings for Zipkin. (Default: ```false```)
|
||||
|
||||
`TRAEFIK_TRACING_ZIPKIN_HTTPENDPOINT`:
|
||||
HTTP Endpoint to report traces to. (Default: ```http://localhost:9411/api/v2/spans```)
|
||||
Sets the HTTP Endpoint to report traces to. (Default: ```http://localhost:9411/api/v2/spans```)
|
||||
|
||||
`TRAEFIK_TRACING_ZIPKIN_ID128BIT`:
|
||||
Use Zipkin 128 bit root span IDs. (Default: ```true```)
|
||||
Uses 128 bits root span IDs. (Default: ```true```)
|
||||
|
||||
`TRAEFIK_TRACING_ZIPKIN_SAMESPAN`:
|
||||
Use Zipkin SameSpan RPC style traces. (Default: ```false```)
|
||||
Uses SameSpan RPC style traces. (Default: ```false```)
|
||||
|
||||
`TRAEFIK_TRACING_ZIPKIN_SAMPLERATE`:
|
||||
The rate between 0.0 and 1.0 of requests to trace. (Default: ```1.000000```)
|
||||
Sets the rate between 0.0 and 1.0 of requests to trace. (Default: ```1.000000```)
|
||||
|
||||
@@ -63,7 +63,7 @@ For example, to change the rule, you could add the tag ```traefik.http.routers.m
|
||||
See [tls](../routers/index.md#tls) for more information.
|
||||
|
||||
```yaml
|
||||
traefik.http.routers.myrouter>.tls=true
|
||||
traefik.http.routers.myrouter.tls=true
|
||||
```
|
||||
|
||||
??? info "`traefik.http.routers.<router_name>.tls.certresolver`"
|
||||
@@ -136,7 +136,7 @@ you'd add the tag `traefik.http.services.{name-of-your-choice}.loadbalancer.pass
|
||||
See [serverstransport](../services/index.md#serverstransport) for more information.
|
||||
|
||||
```yaml
|
||||
traefik.http.services.<service_name>.loadbalancer.serverstransport=foobar@file
|
||||
traefik.http.services.myservice.loadbalancer.serverstransport=foobar@file
|
||||
```
|
||||
|
||||
??? info "`traefik.http.services.<service_name>.loadbalancer.passhostheader`"
|
||||
|
||||
@@ -131,7 +131,6 @@ The Kubernetes Ingress Controller, The Custom Resource Way.
|
||||
- tcpep
|
||||
routes:
|
||||
- match: HostSNI(`bar`)
|
||||
kind: Rule
|
||||
services:
|
||||
- name: whoamitcp
|
||||
port: 8080
|
||||
@@ -147,8 +146,7 @@ The Kubernetes Ingress Controller, The Custom Resource Way.
|
||||
entryPoints:
|
||||
- udpep
|
||||
routes:
|
||||
- kind: Rule
|
||||
services:
|
||||
- services:
|
||||
- name: whoamiudp
|
||||
port: 8080
|
||||
```
|
||||
@@ -337,7 +335,7 @@ Register the `IngressRoute` [kind](../../reference/dynamic-configuration/kuberne
|
||||
responseForwarding:
|
||||
flushInterval: 1ms
|
||||
scheme: https
|
||||
serversTransport: transport
|
||||
serversTransport: transport # [10]
|
||||
sticky:
|
||||
cookie:
|
||||
httpOnly: true
|
||||
@@ -346,39 +344,40 @@ Register the `IngressRoute` [kind](../../reference/dynamic-configuration/kuberne
|
||||
sameSite: none
|
||||
strategy: RoundRobin
|
||||
weight: 10
|
||||
tls: # [10]
|
||||
secretName: supersecret # [11]
|
||||
options: # [12]
|
||||
name: opt # [13]
|
||||
namespace: default # [14]
|
||||
certResolver: foo # [15]
|
||||
domains: # [16]
|
||||
- main: example.net # [17]
|
||||
sans: # [18]
|
||||
tls: # [11]
|
||||
secretName: supersecret # [12]
|
||||
options: # [13]
|
||||
name: opt # [14]
|
||||
namespace: default # [15]
|
||||
certResolver: foo # [16]
|
||||
domains: # [17]
|
||||
- main: example.net # [18]
|
||||
sans: # [19]
|
||||
- a.example.net
|
||||
- b.example.net
|
||||
```
|
||||
|
||||
| Ref | Attribute | Purpose |
|
||||
|------|------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|
||||
| [1] | `entryPoints` | List of [entry points](../routers/index.md#entrypoints) names |
|
||||
| [2] | `routes` | List of routes |
|
||||
| [3] | `routes[n].match` | Defines the [rule](../routers/index.md#rule) corresponding to an underlying router. |
|
||||
| [4] | `routes[n].priority` | [Disambiguate](../routers/index.md#priority) rules of the same length, for route matching |
|
||||
| [5] | `routes[n].middlewares` | List of reference to [Middleware](#kind-middleware) |
|
||||
| [6] | `middlewares[n].name` | Defines the [Middleware](#kind-middleware) name |
|
||||
| [7] | `middlewares[n].namespace` | Defines the [Middleware](#kind-middleware) namespace |
|
||||
| [8] | `routes[n].services` | List of any combination of [TraefikService](#kind-traefikservice) and reference to a [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) (See below for `ExternalName Service` setup) |
|
||||
| [9] | `services[n].port` | Defines the port of a [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/). This can be a reference to a named port. |
|
||||
| [10] | `tls` | Defines [TLS](../routers/index.md#tls) certificate configuration |
|
||||
| [11] | `tls.secretName` | Defines the [secret](https://kubernetes.io/docs/concepts/configuration/secret/) name used to store the certificate (in the `IngressRoute` namespace) |
|
||||
| [12] | `tls.options` | Defines the reference to a [TLSOption](#kind-tlsoption) |
|
||||
| [13] | `options.name` | Defines the [TLSOption](#kind-tlsoption) name |
|
||||
| [14] | `options.namespace` | Defines the [TLSOption](#kind-tlsoption) namespace |
|
||||
| [15] | `tls.certResolver` | Defines the reference to a [CertResolver](../routers/index.md#certresolver) |
|
||||
| [16] | `tls.domains` | List of [domains](../routers/index.md#domains) |
|
||||
| [17] | `domains[n].main` | Defines the main domain name |
|
||||
| [18] | `domains[n].sans` | List of SANs (alternative domains) |
|
||||
| Ref | Attribute | Purpose |
|
||||
|------|--------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|
||||
| [1] | `entryPoints` | List of [entry points](../routers/index.md#entrypoints) names |
|
||||
| [2] | `routes` | List of routes |
|
||||
| [3] | `routes[n].match` | Defines the [rule](../routers/index.md#rule) corresponding to an underlying router. |
|
||||
| [4] | `routes[n].priority` | [Disambiguate](../routers/index.md#priority) rules of the same length, for route matching |
|
||||
| [5] | `routes[n].middlewares` | List of reference to [Middleware](#kind-middleware) |
|
||||
| [6] | `middlewares[n].name` | Defines the [Middleware](#kind-middleware) name |
|
||||
| [7] | `middlewares[n].namespace` | Defines the [Middleware](#kind-middleware) namespace |
|
||||
| [8] | `routes[n].services` | List of any combination of [TraefikService](#kind-traefikservice) and reference to a [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) (See below for `ExternalName Service` setup) |
|
||||
| [9] | `services[n].port` | Defines the port of a [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/). This can be a reference to a named port. |
|
||||
| [10] | `services[n].serversTransport` | Defines the reference to a [ServersTransport](#kind-serverstransport). The ServersTransport namespace is assumed to be the [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) namespace (see [ServersTransport reference](#serverstransport-reference)). |
|
||||
| [11] | `tls` | Defines [TLS](../routers/index.md#tls) certificate configuration |
|
||||
| [12] | `tls.secretName` | Defines the [secret](https://kubernetes.io/docs/concepts/configuration/secret/) name used to store the certificate (in the `IngressRoute` namespace) |
|
||||
| [13] | `tls.options` | Defines the reference to a [TLSOption](#kind-tlsoption) |
|
||||
| [14] | `options.name` | Defines the [TLSOption](#kind-tlsoption) name |
|
||||
| [15] | `options.namespace` | Defines the [TLSOption](#kind-tlsoption) namespace |
|
||||
| [16] | `tls.certResolver` | Defines the reference to a [CertResolver](../routers/index.md#certresolver) |
|
||||
| [17] | `tls.domains` | List of [domains](../routers/index.md#domains) |
|
||||
| [18] | `domains[n].main` | Defines the main domain name |
|
||||
| [19] | `domains[n].sans` | List of SANs (alternative domains) |
|
||||
|
||||
??? example "Declaring an IngressRoute"
|
||||
|
||||
@@ -476,7 +475,7 @@ Register the `IngressRoute` [kind](../../reference/dynamic-configuration/kuberne
|
||||
|
||||
!!! important "Using Kubernetes ExternalName Service"
|
||||
|
||||
Traefik backends creation needs a port to be set, however Kubernetes [ExternalName Service](https://kubernetes.io/fr/docs/concepts/services-networking/service/#externalname) could be defined without any port.
|
||||
Traefik backends creation needs a port to be set, however Kubernetes [ExternalName Service](https://kubernetes.io/docs/concepts/services-networking/service/#externalname) could be defined without any port.
|
||||
Accordingly, Traefik supports defining a port in two ways:
|
||||
|
||||
- only on `IngressRoute` service
|
||||
@@ -1199,7 +1198,7 @@ Register the `IngressRouteTCP` [kind](../../reference/dynamic-configuration/kube
|
||||
|
||||
!!! important "Using Kubernetes ExternalName Service"
|
||||
|
||||
Traefik backends creation needs a port to be set, however Kubernetes [ExternalName Service](https://kubernetes.io/fr/docs/concepts/services-networking/service/#externalname) could be defined without any port.
|
||||
Traefik backends creation needs a port to be set, however Kubernetes [ExternalName Service](https://kubernetes.io/docs/concepts/services-networking/service/#externalname) could be defined without any port.
|
||||
Accordingly, Traefik supports defining a port in two ways:
|
||||
|
||||
- only on `IngressRouteTCP` service
|
||||
@@ -1223,7 +1222,6 @@ Register the `IngressRouteTCP` [kind](../../reference/dynamic-configuration/kube
|
||||
|
||||
routes:
|
||||
- match: HostSNI(`*`)
|
||||
kind: Rule
|
||||
services:
|
||||
- name: external-svc
|
||||
port: 80
|
||||
@@ -1253,7 +1251,6 @@ Register the `IngressRouteTCP` [kind](../../reference/dynamic-configuration/kube
|
||||
|
||||
routes:
|
||||
- match: HostSNI(`*`)
|
||||
kind: Rule
|
||||
services:
|
||||
- name: external-svc
|
||||
port: 80
|
||||
@@ -1378,7 +1375,7 @@ Register the `IngressRouteUDP` [kind](../../reference/dynamic-configuration/kube
|
||||
|
||||
!!! important "Using Kubernetes ExternalName Service"
|
||||
|
||||
Traefik backends creation needs a port to be set, however Kubernetes [ExternalName Service](https://kubernetes.io/fr/docs/concepts/services-networking/service/#externalname) could be defined without any port.
|
||||
Traefik backends creation needs a port to be set, however Kubernetes [ExternalName Service](https://kubernetes.io/docs/concepts/services-networking/service/#externalname) could be defined without any port.
|
||||
Accordingly, Traefik supports defining a port in two ways:
|
||||
|
||||
- only on `IngressRouteUDP` service
|
||||
@@ -1687,7 +1684,7 @@ or referencing TLS stores in the [`IngressRoute`](#kind-ingressroute) / [`Ingres
|
||||
|
||||
!!! info "ServersTransport Attributes"
|
||||
|
||||
```yaml tab="TLSStore"
|
||||
```yaml tab="ServersTransport"
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: ServersTransport
|
||||
metadata:
|
||||
@@ -1709,20 +1706,22 @@ or referencing TLS stores in the [`IngressRoute`](#kind-ingressroute) / [`Ingres
|
||||
responseHeaderTimeout: 42s # [8]
|
||||
idleConnTimeout: 42s # [9]
|
||||
peerCertURI: foobar # [10]
|
||||
disableHTTP2: true # [11]
|
||||
```
|
||||
|
||||
| Ref | Attribute | Purpose |
|
||||
|------|-------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------|
|
||||
| [1] | `serverName` | ServerName used to contact the server. |
|
||||
| [2] | `insecureSkipVerify` | Disable SSL certificate verification. |
|
||||
| [3] | `rootCAsSecrets` | Add cert file for self-signed certificate. The secret must contain a certificate under either a tls.ca or a ca.crt key. |
|
||||
| [4] | `certificatesSecrets` | Certificates for mTLS. |
|
||||
| [5] | `maxIdleConnsPerHost` | If non-zero, controls the maximum idle (keep-alive) to keep per-host. If zero, `defaultMaxIdleConnsPerHost` is used. |
|
||||
| [6] | `forwardingTimeouts` | Timeouts for requests forwarded to the backend servers. |
|
||||
| [7] | `dialTimeout` | The amount of time to wait until a connection to a backend server can be established. If zero, no timeout exists. |
|
||||
| [8] | `responseHeaderTimeout` | The amount of time to wait for a server's response headers after fully writing the request (including its body, if any). If zero, no timeout exists. |
|
||||
| [9] | `idleConnTimeout` | The maximum period for which an idle HTTP keep-alive connection will remain open before closing itself. |
|
||||
| [10] | `peerCertURI` | URI used to match with service certificate. |
|
||||
| Ref | Attribute | Purpose |
|
||||
|------|-------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|
||||
| [1] | `serverName` | ServerName used to contact the server. |
|
||||
| [2] | `insecureSkipVerify` | Controls whether the server's certificate chain and host name is verified. |
|
||||
| [3] | `rootCAsSecrets` | Defines the set of root certificate authorities to use when verifying server certificates. The secret must contain a certificate under either a tls.ca or a ca.crt key. |
|
||||
| [4] | `certificatesSecrets` | Certificates to present to the server for mTLS. |
|
||||
| [5] | `maxIdleConnsPerHost` | Controls the maximum idle (keep-alive) connections to keep per-host. If zero, `defaultMaxIdleConnsPerHost` is used. |
|
||||
| [6] | `forwardingTimeouts` | Timeouts for requests forwarded to the servers. |
|
||||
| [7] | `dialTimeout` | The amount of time to wait until a connection to a server can be established. If zero, no timeout exists. |
|
||||
| [8] | `responseHeaderTimeout` | The amount of time to wait for a server's response headers after fully writing the request (including its body, if any). If zero, no timeout exists. |
|
||||
| [9] | `idleConnTimeout` | The maximum amount of time an idle (keep-alive) connection will remain idle before closing itself. If zero, no timeout exists. |
|
||||
| [10] | `peerCertURI` | URI used to match against SAN URIs during the server's certificate verification. |
|
||||
| [11] | `disableHTTP2` | Disables HTTP/2 for connections with servers. |
|
||||
|
||||
!!! info "CA Secret"
|
||||
|
||||
@@ -1761,6 +1760,16 @@ or referencing TLS stores in the [`IngressRoute`](#kind-ingressroute) / [`Ingres
|
||||
serversTransport: mytransport
|
||||
```
|
||||
|
||||
#### ServersTransport reference
|
||||
|
||||
By default, the referenced ServersTransport CRD must be defined in the same [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) namespace.
|
||||
|
||||
To reference a ServersTransport CRD from another namespace,
|
||||
the value must be of form `namespace-name@kubernetescrd`,
|
||||
and the [cross-namespace](../../../providers/kubernetes-crd/#allowcrossnamespace) option must be enabled.
|
||||
|
||||
If the ServersTransport CRD is defined in another provider the cross-provider format `name@provider` should be used.
|
||||
|
||||
## Further
|
||||
|
||||
Also see the [full example](../../user-guides/crd-acme/index.md) with Let's Encrypt.
|
||||
|
||||
@@ -38,8 +38,8 @@ You can find an excerpt of the supported Kubernetes Gateway API resources in the
|
||||
| [GatewayClass](#kind-gatewayclass) | Defines a set of Gateways that share a common configuration and behaviour | [GatewayClass](https://gateway-api.sigs.k8s.io/v1alpha1/api-types/gatewayclass) |
|
||||
| [Gateway](#kind-gateway) | Describes how traffic can be translated to Services within the cluster | [Gateway](https://gateway-api.sigs.k8s.io/v1alpha1/api-types/gateway) |
|
||||
| [HTTPRoute](#kind-httproute) | HTTP rules for mapping requests from a Gateway to Kubernetes Services | [Route](https://gateway-api.sigs.k8s.io/v1alpha1/api-types/httproute) |
|
||||
| [TCPRoute](#kind-tcproute) | Allows mapping TCP requests from a Gateway to Kubernetes Services | [Route](https://gateway-api.sigs.k8s.io/concepts/api-overview/#httptcpfooroute) |
|
||||
| [TLSRoute](#kind-tlsroute) | Allows mapping TLS requests from a Gateway to Kubernetes Services | [Route](https://gateway-api.sigs.k8s.io/concepts/api-overview/#httptcpfooroute) |
|
||||
| [TCPRoute](#kind-tcproute) | Allows mapping TCP requests from a Gateway to Kubernetes Services | [Route](https://gateway-api.sigs.k8s.io/concepts/api-overview/#tcproute-and-udproute)|
|
||||
| [TLSRoute](#kind-tlsroute) | Allows mapping TLS requests from a Gateway to Kubernetes Services | [Route](https://gateway-api.sigs.k8s.io/concepts/api-overview/#tcproute-and-udproute)|
|
||||
|
||||
### Kind: `GatewayClass`
|
||||
|
||||
|
||||
@@ -15,8 +15,8 @@ which in turn will create the resulting routers, services, handlers, etc.
|
||||
|
||||
```yaml tab="RBAC"
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
metadata:
|
||||
name: traefik-ingress-controller
|
||||
rules:
|
||||
@@ -48,8 +48,8 @@ which in turn will create the resulting routers, services, handlers, etc.
|
||||
- update
|
||||
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
metadata:
|
||||
name: traefik-ingress-controller
|
||||
roleRef:
|
||||
@@ -63,8 +63,37 @@ which in turn will create the resulting routers, services, handlers, etc.
|
||||
```
|
||||
|
||||
```yaml tab="Ingress"
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: myingress
|
||||
annotations:
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: web
|
||||
|
||||
spec:
|
||||
rules:
|
||||
- host: example.com
|
||||
http:
|
||||
paths:
|
||||
- path: /bar
|
||||
pathType: Exact
|
||||
backend:
|
||||
service:
|
||||
name: whoami
|
||||
port:
|
||||
number: 80
|
||||
- path: /foo
|
||||
pathType: Exact
|
||||
backend:
|
||||
service:
|
||||
name: whoami
|
||||
port:
|
||||
number: 80
|
||||
```
|
||||
|
||||
```yaml tab="Ingress v1beta1 (deprecated)"
|
||||
apiVersion: networking.k8s.io/v1beta1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: myingress
|
||||
annotations:
|
||||
@@ -84,34 +113,7 @@ which in turn will create the resulting routers, services, handlers, etc.
|
||||
serviceName: whoami
|
||||
servicePort: 80
|
||||
```
|
||||
|
||||
```yaml tab="Ingress Kubernetes v1.19+"
|
||||
kind: Ingress
|
||||
apiVersion: networking.k8s.io/v1
|
||||
metadata:
|
||||
name: myingress
|
||||
annotations:
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: web
|
||||
|
||||
spec:
|
||||
rules:
|
||||
- host: example.com
|
||||
http:
|
||||
paths:
|
||||
- path: /bar
|
||||
backend:
|
||||
service:
|
||||
name: whoami
|
||||
port:
|
||||
number: 80
|
||||
- path: /foo
|
||||
backend:
|
||||
service:
|
||||
name: whoami
|
||||
port:
|
||||
number: 80
|
||||
```
|
||||
|
||||
|
||||
```yaml tab="Traefik"
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
@@ -119,8 +121,8 @@ which in turn will create the resulting routers, services, handlers, etc.
|
||||
name: traefik-ingress-controller
|
||||
|
||||
---
|
||||
kind: Deployment
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: traefik
|
||||
labels:
|
||||
@@ -164,8 +166,8 @@ which in turn will create the resulting routers, services, handlers, etc.
|
||||
```
|
||||
|
||||
```yaml tab="Whoami"
|
||||
kind: Deployment
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: whoami
|
||||
labels:
|
||||
@@ -207,6 +209,11 @@ which in turn will create the resulting routers, services, handlers, etc.
|
||||
|
||||
## Annotations
|
||||
|
||||
!!! warning "Referencing resources in annotations"
|
||||
|
||||
In an annotation, when referencing a resource defined by another provider,
|
||||
the [provider namespace syntax](../../providers/overview.md#provider-namespace) must be used.
|
||||
|
||||
#### On Ingress
|
||||
|
||||
??? info "`traefik.ingress.kubernetes.io/router.entrypoints`"
|
||||
@@ -222,7 +229,7 @@ which in turn will create the resulting routers, services, handlers, etc.
|
||||
See [middlewares](../routers/index.md#middlewares) and [middlewares overview](../../middlewares/overview.md) for more information.
|
||||
|
||||
```yaml
|
||||
traefik.ingress.kubernetes.io/router.middlewares: auth@file,prefix@kubernetescrd,cb@file
|
||||
traefik.ingress.kubernetes.io/router.middlewares: auth@file,default-prefix@kubernetescrd
|
||||
```
|
||||
|
||||
??? info "`traefik.ingress.kubernetes.io/router.priority`"
|
||||
@@ -235,7 +242,7 @@ which in turn will create the resulting routers, services, handlers, etc.
|
||||
|
||||
??? info "`traefik.ingress.kubernetes.io/router.pathmatcher`"
|
||||
|
||||
Overrides the default router rule type used for a path.
|
||||
Overrides the default router rule type used for a path.
|
||||
Only path-related matcher name can be specified: `Path`, `PathPrefix`.
|
||||
|
||||
Default `PathPrefix`
|
||||
@@ -281,7 +288,7 @@ which in turn will create the resulting routers, services, handlers, etc.
|
||||
See [options](../routers/index.md#options) for more information.
|
||||
|
||||
```yaml
|
||||
traefik.ingress.kubernetes.io/router.tls.options: foobar
|
||||
traefik.ingress.kubernetes.io/router.tls.options: foobar@file
|
||||
```
|
||||
|
||||
#### On Service
|
||||
@@ -399,8 +406,8 @@ This way, any Ingress attached to this Entrypoint will have TLS termination by d
|
||||
|
||||
```yaml tab="RBAC"
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
metadata:
|
||||
name: traefik-ingress-controller
|
||||
rules:
|
||||
@@ -432,8 +439,8 @@ This way, any Ingress attached to this Entrypoint will have TLS termination by d
|
||||
- update
|
||||
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
metadata:
|
||||
name: traefik-ingress-controller
|
||||
roleRef:
|
||||
@@ -447,8 +454,37 @@ This way, any Ingress attached to this Entrypoint will have TLS termination by d
|
||||
```
|
||||
|
||||
```yaml tab="Ingress"
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: myingress
|
||||
annotations:
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||
|
||||
spec:
|
||||
rules:
|
||||
- host: example.com
|
||||
http:
|
||||
paths:
|
||||
- path: /bar
|
||||
pathType: Exact
|
||||
backend:
|
||||
service:
|
||||
name: whoami
|
||||
port:
|
||||
number: 80
|
||||
- path: /foo
|
||||
pathType: Exact
|
||||
backend:
|
||||
service:
|
||||
name: whoami
|
||||
port:
|
||||
number: 80
|
||||
```
|
||||
|
||||
```yaml tab="Ingress v1beta1 (deprecated)"
|
||||
apiVersion: networking.k8s.io/v1beta1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: myingress
|
||||
annotations:
|
||||
@@ -468,34 +504,7 @@ This way, any Ingress attached to this Entrypoint will have TLS termination by d
|
||||
serviceName: whoami
|
||||
servicePort: 80
|
||||
```
|
||||
|
||||
```yaml tab="Ingress Kubernetes v1.19+"
|
||||
kind: Ingress
|
||||
apiVersion: networking.k8s.io/v1
|
||||
metadata:
|
||||
name: myingress
|
||||
annotations:
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||
|
||||
spec:
|
||||
rules:
|
||||
- host: example.com
|
||||
http:
|
||||
paths:
|
||||
- path: /bar
|
||||
backend:
|
||||
service:
|
||||
name: whoami
|
||||
port:
|
||||
number: 80
|
||||
- path: /foo
|
||||
backend:
|
||||
service:
|
||||
name: whoami
|
||||
port:
|
||||
number: 80
|
||||
```
|
||||
|
||||
|
||||
```yaml tab="Traefik"
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
@@ -503,8 +512,8 @@ This way, any Ingress attached to this Entrypoint will have TLS termination by d
|
||||
name: traefik-ingress-controller
|
||||
|
||||
---
|
||||
kind: Deployment
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: traefik
|
||||
labels:
|
||||
@@ -549,8 +558,8 @@ This way, any Ingress attached to this Entrypoint will have TLS termination by d
|
||||
```
|
||||
|
||||
```yaml tab="Whoami"
|
||||
kind: Deployment
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: whoami
|
||||
labels:
|
||||
@@ -604,8 +613,8 @@ For more options, please refer to the available [annotations](#on-ingress).
|
||||
|
||||
```yaml tab="RBAC"
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
metadata:
|
||||
name: traefik-ingress-controller
|
||||
rules:
|
||||
@@ -637,8 +646,8 @@ For more options, please refer to the available [annotations](#on-ingress).
|
||||
- update
|
||||
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
metadata:
|
||||
name: traefik-ingress-controller
|
||||
roleRef:
|
||||
@@ -652,8 +661,38 @@ For more options, please refer to the available [annotations](#on-ingress).
|
||||
```
|
||||
|
||||
```yaml tab="Ingress"
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: myingress
|
||||
annotations:
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||
traefik.ingress.kubernetes.io/router.tls: true
|
||||
|
||||
spec:
|
||||
rules:
|
||||
- host: example.com
|
||||
http:
|
||||
paths:
|
||||
- path: /bar
|
||||
pathType: Exact
|
||||
backend:
|
||||
service:
|
||||
name: whoami
|
||||
port:
|
||||
number: 80
|
||||
- path: /foo
|
||||
pathType: Exact
|
||||
backend:
|
||||
service:
|
||||
name: whoami
|
||||
port:
|
||||
number: 80
|
||||
```
|
||||
|
||||
```yaml tab="Ingress v1beta1 (deprecated)"
|
||||
apiVersion: networking.k8s.io/v1beta1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: myingress
|
||||
annotations:
|
||||
@@ -674,35 +713,7 @@ For more options, please refer to the available [annotations](#on-ingress).
|
||||
serviceName: whoami
|
||||
servicePort: 80
|
||||
```
|
||||
|
||||
```yaml tab="Ingress Kubernetes v1.19+"
|
||||
kind: Ingress
|
||||
apiVersion: networking.k8s.io/v1
|
||||
metadata:
|
||||
name: myingress
|
||||
annotations:
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||
traefik.ingress.kubernetes.io/router.tls: true
|
||||
|
||||
spec:
|
||||
rules:
|
||||
- host: example.com
|
||||
http:
|
||||
paths:
|
||||
- path: /bar
|
||||
backend:
|
||||
service:
|
||||
name: whoami
|
||||
port:
|
||||
number: 80
|
||||
- path: /foo
|
||||
backend:
|
||||
service:
|
||||
name: whoami
|
||||
port:
|
||||
number: 80
|
||||
```
|
||||
|
||||
|
||||
```yaml tab="Traefik"
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
@@ -710,8 +721,8 @@ For more options, please refer to the available [annotations](#on-ingress).
|
||||
name: traefik-ingress-controller
|
||||
|
||||
---
|
||||
kind: Deployment
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: traefik
|
||||
labels:
|
||||
@@ -755,8 +766,8 @@ For more options, please refer to the available [annotations](#on-ingress).
|
||||
```
|
||||
|
||||
```yaml tab="Whoami"
|
||||
kind: Deployment
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: whoami
|
||||
labels:
|
||||
@@ -801,8 +812,34 @@ For more options, please refer to the available [annotations](#on-ingress).
|
||||
??? example "Using a secret"
|
||||
|
||||
```yaml tab="Ingress"
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: foo
|
||||
namespace: production
|
||||
|
||||
spec:
|
||||
rules:
|
||||
- host: example.net
|
||||
http:
|
||||
paths:
|
||||
- path: /bar
|
||||
pathType: Exact
|
||||
backend:
|
||||
service:
|
||||
name: service1
|
||||
port:
|
||||
number: 80
|
||||
# Only selects which certificate(s) should be loaded from the secret, in order to terminate TLS.
|
||||
# Doesn't enable TLS for that ingress (hence for the underlying router).
|
||||
# Please see the TLS annotations on ingress made for that purpose.
|
||||
tls:
|
||||
- secretName: supersecret
|
||||
```
|
||||
|
||||
```yaml tab="Ingress v1beta1 (deprecated)"
|
||||
apiVersion: networking.k8s.io/v1beta1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: foo
|
||||
namespace: production
|
||||
@@ -823,31 +860,6 @@ For more options, please refer to the available [annotations](#on-ingress).
|
||||
- secretName: supersecret
|
||||
```
|
||||
|
||||
```yaml tab="Ingress Kubernetes v1.19+"
|
||||
kind: Ingress
|
||||
apiVersion: networking.k8s.io/v1
|
||||
metadata:
|
||||
name: foo
|
||||
namespace: production
|
||||
|
||||
spec:
|
||||
rules:
|
||||
- host: example.net
|
||||
http:
|
||||
paths:
|
||||
- path: /bar
|
||||
backend:
|
||||
service:
|
||||
name: service1
|
||||
port:
|
||||
number: 80
|
||||
# Only selects which certificate(s) should be loaded from the secret, in order to terminate TLS.
|
||||
# Doesn't enable TLS for that ingress (hence for the underlying router).
|
||||
# Please see the TLS annotations on ingress made for that purpose.
|
||||
tls:
|
||||
- secretName: supersecret
|
||||
```
|
||||
|
||||
```yaml tab="Secret"
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
@@ -893,18 +905,6 @@ and will connect via TLS automatically.
|
||||
Ingresses can be created that look like the following:
|
||||
|
||||
```yaml tab="Ingress"
|
||||
apiVersion: networking.k8s.io/v1beta1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: cheese
|
||||
|
||||
spec:
|
||||
defaultBackend:
|
||||
serviceName: stilton
|
||||
serverPort: 80
|
||||
```
|
||||
|
||||
```yaml tab="Ingress Kubernetes v1.19+"
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
@@ -918,6 +918,18 @@ spec:
|
||||
number: 80
|
||||
```
|
||||
|
||||
```yaml tab="Ingress v1beta1 (deprecated)"
|
||||
apiVersion: networking.k8s.io/v1beta1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: cheese
|
||||
|
||||
spec:
|
||||
defaultBackend:
|
||||
serviceName: stilton
|
||||
serverPort: 80
|
||||
```
|
||||
|
||||
This ingress follows the Global Default Backend property of ingresses.
|
||||
This will allow users to create a "default router" that will match all unmatched requests.
|
||||
|
||||
|
||||
@@ -233,11 +233,11 @@ The table below lists all the available matchers:
|
||||
| ```Headers(`key`, `value`)``` | Check if there is a key `key`defined in the headers, with the value `value` |
|
||||
| ```HeadersRegexp(`key`, `regexp`)``` | Check if there is a key `key`defined in the headers, with a value that matches the regular expression `regexp` |
|
||||
| ```Host(`example.com`, ...)``` | Check if the request domain (host header value) targets one of the given `domains`. |
|
||||
| ```HostHeader(`example.com`, ...)``` | Check if the request domain (host header value) targets one of the given `domains`. |
|
||||
| ```HostRegexp(`example.com`, `{subdomain:[a-z]+}.example.com`, ...)``` | Check if the request domain matches the given `regexp`. |
|
||||
| ```HostHeader(`example.com`, ...)``` | Same as `Host`, only exists for historical reasons. |
|
||||
| ```HostRegexp(`example.com`, `{subdomain:[a-z]+}.example.com`, ...)``` | Match the request domain. See "Regexp Syntax" below. |
|
||||
| ```Method(`GET`, ...)``` | Check if the request method is one of the given `methods` (`GET`, `POST`, `PUT`, `DELETE`, `PATCH`, `HEAD`) |
|
||||
| ```Path(`/path`, `/articles/{cat:[a-z]+}/{id:[0-9]+}`, ...)``` | Match exact request path. It accepts a sequence of literal and regular expression paths. |
|
||||
| ```PathPrefix(`/products/`, `/articles/{cat:[a-z]+}/{id:[0-9]+}`)``` | Match request prefix path. It accepts a sequence of literal and regular expression prefix paths. |
|
||||
| ```Path(`/path`, `/articles/{cat:[a-z]+}/{id:[0-9]+}`, ...)``` | Match exact request path. See "Regexp Syntax" below. |
|
||||
| ```PathPrefix(`/products/`, `/articles/{cat:[a-z]+}/{id:[0-9]+}`)``` | Match request prefix path. See "Regexp Syntax" below. |
|
||||
| ```Query(`foo=bar`, `bar=baz`)``` | Match Query String parameters. It accepts a sequence of key=value pairs. |
|
||||
| ```ClientIP(`10.0.0.0/16`, `::1`)``` | Match if the request client IP is one of the given IP/CIDR. It accepts IPv4, IPv6 and CIDR formats. |
|
||||
|
||||
@@ -249,9 +249,11 @@ The table below lists all the available matchers:
|
||||
|
||||
!!! important "Regexp Syntax"
|
||||
|
||||
`HostRegexp` and `Path` accept an expression with zero or more groups enclosed by curly braces.
|
||||
Named groups can be like `{name:pattern}` that matches the given regexp pattern or like `{name}` that matches anything until the next dot.
|
||||
Any pattern supported by [Go's regexp package](https://golang.org/pkg/regexp/) may be used (example: `{subdomain:[a-z]+}.{domain}.com`).
|
||||
`HostRegexp`, `PathPrefix`, and `Path` accept an expression with zero or more groups enclosed by curly braces, which are called named regexps.
|
||||
Named regexps, of the form `{name:regexp}`, are the only expressions considered for regexp matching.
|
||||
The regexp name (`name` in the above example) is an arbitrary value, that exists only for historical reasons.
|
||||
|
||||
Any `regexp` supported by [Go's regexp package](https://golang.org/pkg/regexp/) may be used.
|
||||
|
||||
!!! info "Combining Matchers Using Operators and Parenthesis"
|
||||
|
||||
|
||||
@@ -336,11 +336,11 @@ Below are the available options for the health check mechanism:
|
||||
Traefik keeps monitoring the health of unhealthy servers.
|
||||
If a server has recovered (returning `2xx` -> `3xx` responses again), it will be added back to the load balancer rotation pool.
|
||||
|
||||
!!! warning "Health check in Kubernetes"
|
||||
!!! warning "Health check with Kubernetes"
|
||||
|
||||
The Traefik health check is not available for `kubernetesCRD` and `kubernetesIngress` providers because Kubernetes
|
||||
already has a health check mechanism.
|
||||
Unhealthy pods will be removed by kubernetes. (cf [liveness documentation](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-a-liveness-http-request))
|
||||
Kubernetes has an health check mechanism to remove unhealthy pods from Kubernetes services (cf [readiness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-readiness-probes)).
|
||||
As unhealthy pods have no Kubernetes endpoints, Traefik will not forward traffic to them.
|
||||
Therefore, Traefik health check is not available for `kubernetesCRD` and `kubernetesIngress` providers.
|
||||
|
||||
??? example "Custom Interval & Timeout -- Using the [File Provider](../../providers/file.md)"
|
||||
|
||||
@@ -606,7 +606,7 @@ metadata:
|
||||
|
||||
_Optional_
|
||||
|
||||
`insecureSkipVerify` disables SSL certificate verification.
|
||||
`insecureSkipVerify` controls whether the server's certificate chain and host name is verified.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
## Dynamic configuration
|
||||
@@ -637,8 +637,7 @@ spec:
|
||||
|
||||
_Optional_
|
||||
|
||||
`rootCAs` is the list of certificates (as file paths, or data bytes)
|
||||
that will be set as Root Certificate Authorities when using a self-signed TLS certificate.
|
||||
`rootCAs` defines the set of root certificate authorities (as file paths, or data bytes) to use when verifying server certificates.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
## Dynamic configuration
|
||||
@@ -711,7 +710,7 @@ spec:
|
||||
|
||||
_Optional, Default=false_
|
||||
|
||||
`disableHTTP2` disables HTTP/2 for connections with backend servers.
|
||||
`disableHTTP2` disables HTTP/2 for connections with servers.
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
## Dynamic configuration
|
||||
@@ -742,7 +741,7 @@ spec:
|
||||
|
||||
_Optional, Default=false_
|
||||
|
||||
`peerCertURI` defines the URI used to match against SAN URI during the peer certificate verification.
|
||||
`peerCertURI` defines the URI used to match against SAN URIs during the server's certificate verification.
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
## Dynamic configuration
|
||||
@@ -771,7 +770,7 @@ spec:
|
||||
|
||||
#### `forwardingTimeouts`
|
||||
|
||||
`forwardingTimeouts` is about a number of timeouts relevant to when forwarding requests to the backend servers.
|
||||
`forwardingTimeouts` are the timeouts applied when forwarding requests to the servers.
|
||||
|
||||
##### `forwardingTimeouts.dialTimeout`
|
||||
|
||||
@@ -847,8 +846,7 @@ spec:
|
||||
|
||||
_Optional, Default=90s_
|
||||
|
||||
`idleConnTimeout`, is the maximum amount of time an idle (keep-alive) connection
|
||||
will remain idle before closing itself.
|
||||
`idleConnTimeout` is the maximum amount of time an idle (keep-alive) connection will remain idle before closing itself.
|
||||
Zero means no limit.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
|
||||
@@ -224,8 +224,8 @@ So we modify the "gRPC server example" to use our own self-signed certificate:
|
||||
// ...
|
||||
|
||||
// Read cert and key file
|
||||
backendCert, _ := ioutil.ReadFile("./backend.cert")
|
||||
backendKey, _ := ioutil.ReadFile("./backend.key")
|
||||
backendCert, _ := os.ReadFile("./backend.cert")
|
||||
backendKey, _ := os.ReadFile("./backend.key")
|
||||
|
||||
// Generate Certificate struct
|
||||
cert, err := tls.X509KeyPair(backendCert, backendKey)
|
||||
@@ -253,7 +253,7 @@ Next we will modify gRPC Client to use our Traefik self-signed certificate:
|
||||
// ...
|
||||
|
||||
// Read cert file
|
||||
frontendCert, _ := ioutil.ReadFile("./frontend.cert")
|
||||
frontendCert, _ := os.ReadFile("./frontend.cert")
|
||||
|
||||
// Create CertPool
|
||||
roots := x509.NewCertPool()
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
FROM alpine:3.13
|
||||
FROM alpine:3.14
|
||||
|
||||
ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/root/.local/bin
|
||||
|
||||
|
||||
@@ -27,7 +27,7 @@ theme:
|
||||
prev: 'Previous'
|
||||
next: 'Next'
|
||||
|
||||
copyright: "Copyright © 2016-2020 Containous; 2020-2021 Traefik Labs"
|
||||
copyright: "Copyright © 2016-2020 Containous; 2020-2022 Traefik Labs"
|
||||
|
||||
extra_javascript:
|
||||
- assets/js/hljs/highlight.pack.js # Download from https://highlightjs.org/download/ and enable YAML, TOML and Dockerfile
|
||||
|
||||
@@ -4,3 +4,4 @@ mkdocs-bootswatch==1.0
|
||||
mkdocs-traefiklabs>=100.0.7
|
||||
markdown-include==0.5.1
|
||||
mkdocs-exclude==1.0.2
|
||||
Jinja2==3.0.0
|
||||
|
||||
@@ -22,7 +22,7 @@ find "${PATH_TO_SITE}" -type f -not -path "/app/site/theme/*" \
|
||||
--alt_ignore="/traefikproxy-vertical-logo-color.svg/" \
|
||||
--http_status_ignore="0,500,501,503" \
|
||||
--file_ignore="/404.html/" \
|
||||
--url_ignore="/https://groups.google.com/a/traefik.io/forum/#!forum/security/,/localhost:/,/127.0.0.1:/,/fonts.gstatic.com/,/.minikube/,/github.com\/traefik\/traefik\/*edit*/,/github.com\/traefik\/traefik/,/doc.traefik.io/,/github\.com\/golang\/oauth2\/blob\/36a7019397c4c86cf59eeab3bc0d188bac444277\/.+/,/www.akamai.com/,/pilot.traefik.io\/profile/,/traefik.io/,/doc.traefik.io\/traefik-mesh/,/www.mkdocs.org/,/squidfunk.github.io/,/ietf.org/,/www.namesilo.com/,/www.youtube.com/,/www.linode.com/,/www.alibabacloud.com/" \
|
||||
--url_ignore="/https://groups.google.com/a/traefik.io/forum/#!forum/security/,/localhost:/,/127.0.0.1:/,/fonts.gstatic.com/,/.minikube/,/github.com\/traefik\/traefik\/*edit*/,/github.com\/traefik\/traefik/,/doc.traefik.io/,/github\.com\/golang\/oauth2\/blob\/36a7019397c4c86cf59eeab3bc0d188bac444277\/.+/,/www.akamai.com/,/pilot.traefik.io\/profile/,/traefik.io/,/doc.traefik.io\/traefik-mesh/,/www.mkdocs.org/,/squidfunk.github.io/,/ietf.org/,/www.namesilo.com/,/www.youtube.com/,/www.linode.com/,/www.alibabacloud.com/,/www.cloudxns.net/" \
|
||||
'{}' 1>/dev/null
|
||||
## HTML-proofer options at https://github.com/gjtorikian/html-proofer#configuration
|
||||
|
||||
|
||||
@@ -38,7 +38,7 @@ COPY --from=webui /src/static/ /go/src/github.com/traefik/traefik/static/
|
||||
RUN ./script/make.sh generate binary
|
||||
|
||||
## IMAGE
|
||||
FROM alpine:3.10
|
||||
FROM alpine:3.14
|
||||
|
||||
RUN apk --no-cache --no-progress add bash curl ca-certificates tzdata \
|
||||
&& update-ca-certificates \
|
||||
|
||||
75
go.mod
75
go.mod
@@ -7,73 +7,62 @@ require (
|
||||
github.com/BurntSushi/toml v0.3.1
|
||||
github.com/ExpediaDotCom/haystack-client-go v0.0.0-20190315171017-e7edbdf53a61
|
||||
github.com/Masterminds/sprig/v3 v3.2.2
|
||||
github.com/Microsoft/hcsshim v0.8.7 // indirect
|
||||
github.com/Shopify/sarama v1.23.1 // indirect
|
||||
github.com/abbot/go-http-auth v0.0.0-00010101000000-000000000000
|
||||
github.com/abronan/valkeyrie v0.0.0-20200127174252-ef4277a138cd
|
||||
github.com/aws/aws-sdk-go v1.37.27
|
||||
github.com/cenkalti/backoff/v4 v4.1.0
|
||||
github.com/containerd/containerd v1.3.2 // indirect
|
||||
github.com/abronan/valkeyrie v0.2.0
|
||||
github.com/aws/aws-sdk-go v1.39.0
|
||||
github.com/cenkalti/backoff/v4 v4.1.1
|
||||
github.com/compose-spec/compose-go v1.0.3
|
||||
github.com/containerd/containerd v1.5.8 // indirect
|
||||
github.com/containous/alice v0.0.0-20181107144136-d83ebdd94cbd
|
||||
github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf
|
||||
github.com/davecgh/go-spew v1.1.1
|
||||
github.com/docker/cli v0.0.0-20200221155518-740919cc7fc0
|
||||
github.com/docker/distribution v2.7.1+incompatible // indirect
|
||||
github.com/docker/docker v17.12.0-ce-rc1.0.20200204220554-5f6d6f3f2203+incompatible
|
||||
github.com/docker/docker-credential-helpers v0.6.3 // indirect
|
||||
github.com/docker/cli v20.10.11+incompatible
|
||||
github.com/docker/compose/v2 v2.0.1
|
||||
github.com/docker/docker v20.10.7+incompatible
|
||||
github.com/docker/go-connections v0.4.0
|
||||
github.com/docker/go-metrics v0.0.0-20181218153428-b84716841b82 // indirect
|
||||
github.com/docker/libcompose v0.0.0-20190805081528-eac9fe1b8b03 // indirect
|
||||
github.com/docker/libtrust v0.0.0-20160708172513-aabc10ec26b7 // indirect
|
||||
github.com/donovanhide/eventsource v0.0.0-20170630084216-b8f31a59085e // indirect
|
||||
github.com/eapache/channels v1.1.0
|
||||
github.com/elazarl/go-bindata-assetfs v1.0.0
|
||||
github.com/fatih/structs v1.1.0
|
||||
github.com/gambol99/go-marathon v0.0.0-20180614232016-99a156b96fb2
|
||||
github.com/go-acme/lego/v4 v4.4.0
|
||||
github.com/go-acme/lego/v4 v4.6.0
|
||||
github.com/go-check/check v0.0.0-00010101000000-000000000000
|
||||
github.com/go-kit/kit v0.10.1-0.20200915143503-439c4d2ed3ea
|
||||
github.com/golang/protobuf v1.5.2
|
||||
github.com/google/go-github/v28 v28.1.1
|
||||
github.com/gorilla/mux v1.7.3
|
||||
github.com/gorilla/mux v1.8.0
|
||||
github.com/gorilla/websocket v1.4.2
|
||||
github.com/hashicorp/consul v1.10.0
|
||||
github.com/hashicorp/consul/api v1.9.1
|
||||
github.com/hashicorp/consul v1.10.3
|
||||
github.com/hashicorp/consul/api v1.10.0
|
||||
github.com/hashicorp/go-hclog v0.16.1
|
||||
github.com/hashicorp/go-multierror v1.1.1
|
||||
github.com/hashicorp/go-version v1.2.1
|
||||
github.com/hashicorp/go-version v1.3.0
|
||||
github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d
|
||||
github.com/instana/go-sensor v1.5.1
|
||||
github.com/klauspost/compress v1.13.0
|
||||
github.com/libkermit/compose v0.0.0-20171122111507-c04e39c026ad
|
||||
github.com/libkermit/docker v0.0.0-20171122101128-e6674d32b807
|
||||
github.com/libkermit/docker-check v0.0.0-20171122104347-1113af38e591
|
||||
github.com/lucas-clemente/quic-go v0.22.0
|
||||
github.com/lucas-clemente/quic-go v0.23.0
|
||||
github.com/mailgun/ttlmap v0.0.0-20170619185759-c1c17f74874f
|
||||
github.com/miekg/dns v1.1.43
|
||||
github.com/mitchellh/copystructure v1.0.0
|
||||
github.com/mitchellh/hashstructure v1.0.0
|
||||
github.com/mitchellh/mapstructure v1.4.1
|
||||
github.com/morikuni/aec v0.0.0-20170113033406-39771216ff4c // indirect
|
||||
github.com/opencontainers/go-digest v1.0.0-rc1 // indirect
|
||||
github.com/opencontainers/image-spec v1.0.1 // indirect
|
||||
github.com/opencontainers/runc v1.0.0-rc10 // indirect
|
||||
github.com/opentracing/opentracing-go v1.1.0
|
||||
github.com/mitchellh/mapstructure v1.4.2
|
||||
github.com/opentracing/opentracing-go v1.2.0
|
||||
github.com/openzipkin-contrib/zipkin-go-opentracing v0.4.5
|
||||
github.com/openzipkin/zipkin-go v0.2.2
|
||||
github.com/patrickmn/go-cache v2.1.0+incompatible
|
||||
github.com/philhofer/fwd v1.0.0 // indirect
|
||||
github.com/pires/go-proxyproto v0.5.0
|
||||
github.com/pires/go-proxyproto v0.6.1
|
||||
github.com/pmezard/go-difflib v1.0.0
|
||||
github.com/prometheus/client_golang v1.7.1
|
||||
github.com/prometheus/client_golang v1.11.0
|
||||
github.com/prometheus/client_model v0.2.0
|
||||
github.com/rancher/go-rancher-metadata v0.0.0-20200311180630-7f4c936a06ac
|
||||
github.com/sirupsen/logrus v1.7.0
|
||||
github.com/sirupsen/logrus v1.8.1
|
||||
github.com/stretchr/testify v1.7.0
|
||||
github.com/stvp/go-udp-testing v0.0.0-20191102171040-06b61409b154
|
||||
github.com/tinylib/msgp v1.0.2 // indirect
|
||||
github.com/traefik/paerser v0.1.4
|
||||
github.com/traefik/yaegi v0.9.23
|
||||
github.com/traefik/yaegi v0.11.2
|
||||
github.com/uber/jaeger-client-go v2.29.1+incompatible
|
||||
github.com/uber/jaeger-lib v2.2.0+incompatible
|
||||
github.com/unrolled/render v1.0.2
|
||||
@@ -81,13 +70,14 @@ require (
|
||||
github.com/vdemeester/shakers v0.1.0
|
||||
github.com/vulcand/oxy v1.3.0
|
||||
github.com/vulcand/predicate v1.1.0
|
||||
go.elastic.co/apm v1.11.0
|
||||
go.elastic.co/apm/module/apmot v1.11.0
|
||||
go.elastic.co/apm v1.13.1
|
||||
go.elastic.co/apm/module/apmot v1.13.1
|
||||
golang.org/x/mod v0.4.2
|
||||
golang.org/x/net v0.0.0-20210428140749-89ef3d95e781
|
||||
golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba
|
||||
golang.org/x/tools v0.1.1
|
||||
google.golang.org/grpc v1.27.1
|
||||
golang.org/x/net v0.0.0-20211209124913-491a49abca63
|
||||
golang.org/x/sys v0.0.0-20210817190340-bfb29a6856f2 // indirect
|
||||
golang.org/x/time v0.0.0-20210611083556-38a9dc6acbc6
|
||||
golang.org/x/tools v0.1.2
|
||||
google.golang.org/grpc v1.38.0
|
||||
gopkg.in/DataDog/dd-trace-go.v1 v1.19.0
|
||||
gopkg.in/fsnotify.v1 v1.4.7
|
||||
gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b
|
||||
@@ -95,10 +85,8 @@ require (
|
||||
k8s.io/apiextensions-apiserver v0.20.2
|
||||
k8s.io/apimachinery v0.21.0
|
||||
k8s.io/client-go v0.21.0
|
||||
k8s.io/code-generator v0.21.0
|
||||
k8s.io/utils v0.0.0-20210709001253-0e1f9d693477
|
||||
mvdan.cc/xurls/v2 v2.1.0
|
||||
sigs.k8s.io/controller-tools v0.5.0
|
||||
sigs.k8s.io/gateway-api v0.3.0
|
||||
)
|
||||
|
||||
@@ -106,7 +94,14 @@ require (
|
||||
replace (
|
||||
github.com/abbot/go-http-auth => github.com/containous/go-http-auth v0.4.1-0.20200324110947-a37a7636d23e
|
||||
github.com/go-check/check => github.com/containous/check v0.0.0-20170915194414-ca0bf163426a
|
||||
github.com/gorilla/mux => github.com/containous/mux v0.0.0-20181024131434-c33f32e26898
|
||||
github.com/gorilla/mux => github.com/containous/mux v0.0.0-20220113180107-8ffa4f6d063c
|
||||
github.com/mailgun/minheap => github.com/containous/minheap v0.0.0-20190809180810-6e71eb837595
|
||||
github.com/mailgun/multibuf => github.com/containous/multibuf v0.0.0-20190809014333-8b6c9a7e6bba
|
||||
)
|
||||
|
||||
// https://github.com/docker/compose/blob/e44222664abd07ce1d1fe6796d84d93cbc7468c3/go.mod#L131
|
||||
replace github.com/jaguilar/vt100 => github.com/tonistiigi/vt100 v0.0.0-20190402012908-ad4c4a574305
|
||||
|
||||
// ambiguous import: found package github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/http in multiple modules
|
||||
// tencentcloud uses monorepo with multimodule but the go.mod files are incomplete.
|
||||
exclude github.com/tencentcloud/tencentcloud-sdk-go v3.0.83+incompatible
|
||||
|
||||
@@ -36,12 +36,7 @@ type accessLogValue struct {
|
||||
|
||||
func (s *AccessLogSuite) SetUpSuite(c *check.C) {
|
||||
s.createComposeProject(c, "access_log")
|
||||
s.composeProject.Start(c)
|
||||
|
||||
s.composeProject.Container(c, "server0")
|
||||
s.composeProject.Container(c, "server1")
|
||||
s.composeProject.Container(c, "server2")
|
||||
s.composeProject.Container(c, "server3")
|
||||
s.composeUp(c)
|
||||
}
|
||||
|
||||
func (s *AccessLogSuite) TearDownTest(c *check.C) {
|
||||
@@ -122,7 +117,7 @@ func (s *AccessLogSuite) TestAccessLogAuthFrontend(c *check.C) {
|
||||
code: "200",
|
||||
user: "test",
|
||||
routerName: "rt-authFrontend",
|
||||
serviceURL: "http://172.17.0",
|
||||
serviceURL: "http://172.31.42",
|
||||
},
|
||||
}
|
||||
|
||||
@@ -136,8 +131,6 @@ func (s *AccessLogSuite) TestAccessLogAuthFrontend(c *check.C) {
|
||||
|
||||
checkStatsForLogFile(c)
|
||||
|
||||
s.composeProject.Container(c, "authFrontend")
|
||||
|
||||
waitForTraefik(c, "authFrontend")
|
||||
|
||||
// Verify Traefik started OK
|
||||
@@ -193,7 +186,7 @@ func (s *AccessLogSuite) TestAccessLogDigestAuthMiddleware(c *check.C) {
|
||||
code: "200",
|
||||
user: "test",
|
||||
routerName: "rt-digestAuthMiddleware",
|
||||
serviceURL: "http://172.17.0",
|
||||
serviceURL: "http://172.31.42",
|
||||
},
|
||||
}
|
||||
|
||||
@@ -207,8 +200,6 @@ func (s *AccessLogSuite) TestAccessLogDigestAuthMiddleware(c *check.C) {
|
||||
|
||||
checkStatsForLogFile(c)
|
||||
|
||||
s.composeProject.Container(c, "digestAuthMiddleware")
|
||||
|
||||
waitForTraefik(c, "digestAuthMiddleware")
|
||||
|
||||
// Verify Traefik started OK
|
||||
@@ -322,8 +313,6 @@ func (s *AccessLogSuite) TestAccessLogFrontendRedirect(c *check.C) {
|
||||
|
||||
checkStatsForLogFile(c)
|
||||
|
||||
s.composeProject.Container(c, "frontendRedirect")
|
||||
|
||||
waitForTraefik(c, "frontendRedirect")
|
||||
|
||||
// Verify Traefik started OK
|
||||
@@ -375,8 +364,6 @@ func (s *AccessLogSuite) TestAccessLogRateLimit(c *check.C) {
|
||||
|
||||
checkStatsForLogFile(c)
|
||||
|
||||
s.composeProject.Container(c, "rateLimit")
|
||||
|
||||
waitForTraefik(c, "rateLimit")
|
||||
|
||||
// Verify Traefik started OK
|
||||
@@ -471,8 +458,6 @@ func (s *AccessLogSuite) TestAccessLogFrontendWhitelist(c *check.C) {
|
||||
|
||||
checkStatsForLogFile(c)
|
||||
|
||||
s.composeProject.Container(c, "frontendWhitelist")
|
||||
|
||||
waitForTraefik(c, "frontendWhitelist")
|
||||
|
||||
// Verify Traefik started OK
|
||||
@@ -504,7 +489,7 @@ func (s *AccessLogSuite) TestAccessLogAuthFrontendSuccess(c *check.C) {
|
||||
code: "200",
|
||||
user: "test",
|
||||
routerName: "rt-authFrontend",
|
||||
serviceURL: "http://172.17.0",
|
||||
serviceURL: "http://172.31.42",
|
||||
},
|
||||
}
|
||||
|
||||
@@ -518,8 +503,6 @@ func (s *AccessLogSuite) TestAccessLogAuthFrontendSuccess(c *check.C) {
|
||||
|
||||
checkStatsForLogFile(c)
|
||||
|
||||
s.composeProject.Container(c, "authFrontend")
|
||||
|
||||
waitForTraefik(c, "authFrontend")
|
||||
|
||||
// Verify Traefik started OK
|
||||
@@ -548,7 +531,6 @@ func checkNoOtherTraefikProblems(c *check.C) {
|
||||
c.Assert(err, checker.IsNil)
|
||||
if len(traefikLog) > 0 {
|
||||
fmt.Printf("%s\n", string(traefikLog))
|
||||
c.Assert(traefikLog, checker.HasLen, 0)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -616,7 +598,6 @@ func checkTraefikStarted(c *check.C) []byte {
|
||||
c.Assert(err, checker.IsNil)
|
||||
if len(traefikLog) > 0 {
|
||||
fmt.Printf("%s\n", string(traefikLog))
|
||||
c.Assert(traefikLog, checker.HasLen, 0)
|
||||
}
|
||||
return traefikLog
|
||||
}
|
||||
|
||||
@@ -4,6 +4,7 @@ import (
|
||||
"crypto/tls"
|
||||
"crypto/x509"
|
||||
"fmt"
|
||||
"net"
|
||||
"net/http"
|
||||
"os"
|
||||
"path/filepath"
|
||||
@@ -19,7 +20,7 @@ import (
|
||||
checker "github.com/vdemeester/shakers"
|
||||
)
|
||||
|
||||
// ACME test suites (using libcompose).
|
||||
// ACME test suites.
|
||||
type AcmeSuite struct {
|
||||
BaseSuite
|
||||
pebbleIP string
|
||||
@@ -54,7 +55,8 @@ const (
|
||||
)
|
||||
|
||||
func (s *AcmeSuite) getAcmeURL() string {
|
||||
return fmt.Sprintf("https://%s:14000/dir", s.pebbleIP)
|
||||
return fmt.Sprintf("https://%s/dir",
|
||||
net.JoinHostPort(s.pebbleIP, "14000"))
|
||||
}
|
||||
|
||||
func setupPebbleRootCA() (*http.Transport, error) {
|
||||
@@ -86,11 +88,10 @@ func setupPebbleRootCA() (*http.Transport, error) {
|
||||
|
||||
func (s *AcmeSuite) SetUpSuite(c *check.C) {
|
||||
s.createComposeProject(c, "pebble")
|
||||
s.composeProject.Start(c)
|
||||
s.composeUp(c)
|
||||
|
||||
s.fakeDNSServer = startFakeDNSServer()
|
||||
|
||||
s.pebbleIP = s.composeProject.Container(c, "pebble").NetworkSettings.IPAddress
|
||||
s.fakeDNSServer = startFakeDNSServer(s.getContainerIP(c, "traefik"))
|
||||
s.pebbleIP = s.getComposeServiceIP(c, "pebble")
|
||||
|
||||
pebbleTransport, err := setupPebbleRootCA()
|
||||
if err != nil {
|
||||
@@ -115,15 +116,14 @@ func (s *AcmeSuite) SetUpSuite(c *check.C) {
|
||||
}
|
||||
|
||||
func (s *AcmeSuite) TearDownSuite(c *check.C) {
|
||||
err := s.fakeDNSServer.Shutdown()
|
||||
if err != nil {
|
||||
c.Log(err)
|
||||
if s.fakeDNSServer != nil {
|
||||
err := s.fakeDNSServer.Shutdown()
|
||||
if err != nil {
|
||||
c.Log(err)
|
||||
}
|
||||
}
|
||||
|
||||
// shutdown and delete compose project
|
||||
if s.composeProject != nil {
|
||||
s.composeProject.Stop(c)
|
||||
}
|
||||
s.composeDown(c)
|
||||
}
|
||||
|
||||
func (s *AcmeSuite) TestHTTP01Domains(c *check.C) {
|
||||
|
||||
@@ -2,6 +2,7 @@ package integration
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"net"
|
||||
"net/http"
|
||||
"os"
|
||||
"time"
|
||||
@@ -14,32 +15,31 @@ import (
|
||||
|
||||
type ConsulCatalogSuite struct {
|
||||
BaseSuite
|
||||
consulClient *api.Client
|
||||
consulAgentClient *api.Client
|
||||
consulAddress string
|
||||
consulAgentAddress string
|
||||
consulClient *api.Client
|
||||
consulAgentClient *api.Client
|
||||
consulURL string
|
||||
}
|
||||
|
||||
func (s *ConsulCatalogSuite) SetUpSuite(c *check.C) {
|
||||
s.createComposeProject(c, "consul_catalog")
|
||||
s.composeProject.Start(c)
|
||||
s.consulAddress = "http://" + s.composeProject.Container(c, "consul").NetworkSettings.IPAddress + ":8500"
|
||||
client, err := api.NewClient(&api.Config{
|
||||
Address: s.consulAddress,
|
||||
s.composeUp(c)
|
||||
|
||||
s.consulURL = "http://" + net.JoinHostPort(s.getComposeServiceIP(c, "consul"), "8500")
|
||||
|
||||
var err error
|
||||
s.consulClient, err = api.NewClient(&api.Config{
|
||||
Address: s.consulURL,
|
||||
})
|
||||
c.Check(err, check.IsNil)
|
||||
s.consulClient = client
|
||||
|
||||
// Wait for consul to elect itself leader
|
||||
err = s.waitToElectConsulLeader()
|
||||
c.Assert(err, checker.IsNil)
|
||||
|
||||
s.consulAgentAddress = "http://" + s.composeProject.Container(c, "consul-agent").NetworkSettings.IPAddress + ":8500"
|
||||
clientAgent, err := api.NewClient(&api.Config{
|
||||
Address: s.consulAgentAddress,
|
||||
s.consulAgentClient, err = api.NewClient(&api.Config{
|
||||
Address: "http://" + net.JoinHostPort(s.getComposeServiceIP(c, "consul-agent"), "8500"),
|
||||
})
|
||||
c.Check(err, check.IsNil)
|
||||
s.consulAgentClient = clientAgent
|
||||
}
|
||||
|
||||
func (s *ConsulCatalogSuite) waitToElectConsulLeader() error {
|
||||
@@ -66,13 +66,6 @@ func (s *ConsulCatalogSuite) waitForConnectCA() error {
|
||||
})
|
||||
}
|
||||
|
||||
func (s *ConsulCatalogSuite) TearDownSuite(c *check.C) {
|
||||
// shutdown and delete compose project
|
||||
if s.composeProject != nil {
|
||||
s.composeProject.Stop(c)
|
||||
}
|
||||
}
|
||||
|
||||
func (s *ConsulCatalogSuite) registerService(reg *api.AgentServiceRegistration, onAgent bool) error {
|
||||
client := s.consulClient
|
||||
if onAgent {
|
||||
@@ -96,7 +89,7 @@ func (s *ConsulCatalogSuite) TestWithNotExposedByDefaultAndDefaultsSettings(c *c
|
||||
Name: "whoami",
|
||||
Tags: []string{"traefik.enable=true"},
|
||||
Port: 80,
|
||||
Address: s.composeProject.Container(c, "whoami1").NetworkSettings.IPAddress,
|
||||
Address: s.getComposeServiceIP(c, "whoami1"),
|
||||
}
|
||||
err := s.registerService(reg1, false)
|
||||
c.Assert(err, checker.IsNil)
|
||||
@@ -106,7 +99,7 @@ func (s *ConsulCatalogSuite) TestWithNotExposedByDefaultAndDefaultsSettings(c *c
|
||||
Name: "whoami",
|
||||
Tags: []string{"traefik.enable=true"},
|
||||
Port: 80,
|
||||
Address: s.composeProject.Container(c, "whoami2").NetworkSettings.IPAddress,
|
||||
Address: s.getComposeServiceIP(c, "whoami2"),
|
||||
}
|
||||
err = s.registerService(reg2, false)
|
||||
c.Assert(err, checker.IsNil)
|
||||
@@ -116,7 +109,7 @@ func (s *ConsulCatalogSuite) TestWithNotExposedByDefaultAndDefaultsSettings(c *c
|
||||
Name: "whoami",
|
||||
Tags: []string{"traefik.enable=true"},
|
||||
Port: 80,
|
||||
Address: s.composeProject.Container(c, "whoami3").NetworkSettings.IPAddress,
|
||||
Address: s.getComposeServiceIP(c, "whoami3"),
|
||||
}
|
||||
err = s.registerService(reg3, false)
|
||||
c.Assert(err, checker.IsNil)
|
||||
@@ -124,7 +117,7 @@ func (s *ConsulCatalogSuite) TestWithNotExposedByDefaultAndDefaultsSettings(c *c
|
||||
tempObjects := struct {
|
||||
ConsulAddress string
|
||||
}{
|
||||
ConsulAddress: s.consulAddress,
|
||||
ConsulAddress: s.consulURL,
|
||||
}
|
||||
|
||||
file := s.adaptFile(c, "fixtures/consul_catalog/default_not_exposed.toml", tempObjects)
|
||||
@@ -163,7 +156,7 @@ func (s *ConsulCatalogSuite) TestWithNotExposedByDefaultAndDefaultsSettings(c *c
|
||||
}
|
||||
|
||||
func (s *ConsulCatalogSuite) TestByLabels(c *check.C) {
|
||||
containerIP := s.composeProject.Container(c, "whoami1").NetworkSettings.IPAddress
|
||||
containerIP := s.getComposeServiceIP(c, "whoami1")
|
||||
|
||||
reg := &api.AgentServiceRegistration{
|
||||
ID: "whoami1",
|
||||
@@ -183,7 +176,7 @@ func (s *ConsulCatalogSuite) TestByLabels(c *check.C) {
|
||||
tempObjects := struct {
|
||||
ConsulAddress string
|
||||
}{
|
||||
ConsulAddress: s.consulAddress,
|
||||
ConsulAddress: s.consulURL,
|
||||
}
|
||||
|
||||
file := s.adaptFile(c, "fixtures/consul_catalog/default_not_exposed.toml", tempObjects)
|
||||
@@ -195,7 +188,7 @@ func (s *ConsulCatalogSuite) TestByLabels(c *check.C) {
|
||||
c.Assert(err, checker.IsNil)
|
||||
defer s.killCmd(cmd)
|
||||
|
||||
err = try.GetRequest("http://127.0.0.1:8000/whoami", 2*time.Second, try.StatusCodeIs(http.StatusOK), try.BodyContainsOr("Hostname: whoami1", "Hostname: whoami2", "Hostname: whoami3"))
|
||||
err = try.GetRequest("http://127.0.0.1:8000/whoami", 5*time.Second, try.StatusCodeIs(http.StatusOK), try.BodyContainsOr("Hostname: whoami1", "Hostname: whoami2", "Hostname: whoami3"))
|
||||
c.Assert(err, checker.IsNil)
|
||||
|
||||
err = s.deregisterService("whoami1", false)
|
||||
@@ -207,7 +200,7 @@ func (s *ConsulCatalogSuite) TestSimpleConfiguration(c *check.C) {
|
||||
ConsulAddress string
|
||||
DefaultRule string
|
||||
}{
|
||||
ConsulAddress: s.consulAddress,
|
||||
ConsulAddress: s.consulURL,
|
||||
DefaultRule: "Host(`{{ normalize .Name }}.consul.localhost`)",
|
||||
}
|
||||
|
||||
@@ -219,7 +212,7 @@ func (s *ConsulCatalogSuite) TestSimpleConfiguration(c *check.C) {
|
||||
Name: "whoami",
|
||||
Tags: []string{"traefik.enable=true"},
|
||||
Port: 80,
|
||||
Address: s.composeProject.Container(c, "whoami1").NetworkSettings.IPAddress,
|
||||
Address: s.getComposeServiceIP(c, "whoami1"),
|
||||
}
|
||||
err := s.registerService(reg, false)
|
||||
c.Assert(err, checker.IsNil)
|
||||
@@ -246,7 +239,7 @@ func (s *ConsulCatalogSuite) TestRegisterServiceWithoutIP(c *check.C) {
|
||||
ConsulAddress string
|
||||
DefaultRule string
|
||||
}{
|
||||
ConsulAddress: s.consulAddress,
|
||||
ConsulAddress: s.consulURL,
|
||||
DefaultRule: "Host(`{{ normalize .Name }}.consul.localhost`)",
|
||||
}
|
||||
|
||||
@@ -285,7 +278,7 @@ func (s *ConsulCatalogSuite) TestDefaultConsulService(c *check.C) {
|
||||
DefaultRule string
|
||||
}{
|
||||
|
||||
ConsulAddress: s.consulAddress,
|
||||
ConsulAddress: s.consulURL,
|
||||
DefaultRule: "Host(`{{ normalize .Name }}.consul.localhost`)",
|
||||
}
|
||||
|
||||
@@ -296,7 +289,7 @@ func (s *ConsulCatalogSuite) TestDefaultConsulService(c *check.C) {
|
||||
ID: "whoami1",
|
||||
Name: "whoami",
|
||||
Port: 80,
|
||||
Address: s.composeProject.Container(c, "whoami1").NetworkSettings.IPAddress,
|
||||
Address: s.getComposeServiceIP(c, "whoami1"),
|
||||
}
|
||||
err := s.registerService(reg, false)
|
||||
c.Assert(err, checker.IsNil)
|
||||
@@ -324,7 +317,7 @@ func (s *ConsulCatalogSuite) TestConsulServiceWithTCPLabels(c *check.C) {
|
||||
ConsulAddress string
|
||||
DefaultRule string
|
||||
}{
|
||||
ConsulAddress: s.consulAddress,
|
||||
ConsulAddress: s.consulURL,
|
||||
DefaultRule: "Host(`{{ normalize .Name }}.consul.localhost`)",
|
||||
}
|
||||
|
||||
@@ -341,7 +334,7 @@ func (s *ConsulCatalogSuite) TestConsulServiceWithTCPLabels(c *check.C) {
|
||||
"traefik.tcp.Services.Super.Loadbalancer.server.port=8080",
|
||||
},
|
||||
Port: 8080,
|
||||
Address: s.composeProject.Container(c, "whoamitcp").NetworkSettings.IPAddress,
|
||||
Address: s.getComposeServiceIP(c, "whoamitcp"),
|
||||
}
|
||||
|
||||
err := s.registerService(reg, false)
|
||||
@@ -371,7 +364,7 @@ func (s *ConsulCatalogSuite) TestConsulServiceWithLabels(c *check.C) {
|
||||
ConsulAddress string
|
||||
DefaultRule string
|
||||
}{
|
||||
ConsulAddress: s.consulAddress,
|
||||
ConsulAddress: s.consulURL,
|
||||
DefaultRule: "Host(`{{ normalize .Name }}.consul.localhost`)",
|
||||
}
|
||||
|
||||
@@ -386,7 +379,7 @@ func (s *ConsulCatalogSuite) TestConsulServiceWithLabels(c *check.C) {
|
||||
"traefik.http.Routers.Super.Rule=Host(`my.super.host`)",
|
||||
},
|
||||
Port: 80,
|
||||
Address: s.composeProject.Container(c, "whoami1").NetworkSettings.IPAddress,
|
||||
Address: s.getComposeServiceIP(c, "whoami1"),
|
||||
}
|
||||
|
||||
err := s.registerService(reg1, false)
|
||||
@@ -400,7 +393,7 @@ func (s *ConsulCatalogSuite) TestConsulServiceWithLabels(c *check.C) {
|
||||
"traefik.http.Routers.SuperHost.Rule=Host(`my-super.host`)",
|
||||
},
|
||||
Port: 80,
|
||||
Address: s.composeProject.Container(c, "whoami2").NetworkSettings.IPAddress,
|
||||
Address: s.getComposeServiceIP(c, "whoami2"),
|
||||
}
|
||||
err = s.registerService(reg2, false)
|
||||
c.Assert(err, checker.IsNil)
|
||||
@@ -438,7 +431,7 @@ func (s *ConsulCatalogSuite) TestSameServiceIDOnDifferentConsulAgent(c *check.C)
|
||||
ConsulAddress string
|
||||
DefaultRule string
|
||||
}{
|
||||
ConsulAddress: s.consulAddress,
|
||||
ConsulAddress: s.consulURL,
|
||||
DefaultRule: "Host(`{{ normalize .Name }}.consul.localhost`)",
|
||||
}
|
||||
|
||||
@@ -457,7 +450,7 @@ func (s *ConsulCatalogSuite) TestSameServiceIDOnDifferentConsulAgent(c *check.C)
|
||||
Name: "whoami",
|
||||
Tags: tags,
|
||||
Port: 80,
|
||||
Address: s.composeProject.Container(c, "whoami1").NetworkSettings.IPAddress,
|
||||
Address: s.getComposeServiceIP(c, "whoami1"),
|
||||
}
|
||||
err := s.registerService(reg1, false)
|
||||
c.Assert(err, checker.IsNil)
|
||||
@@ -467,7 +460,7 @@ func (s *ConsulCatalogSuite) TestSameServiceIDOnDifferentConsulAgent(c *check.C)
|
||||
Name: "whoami",
|
||||
Tags: tags,
|
||||
Port: 80,
|
||||
Address: s.composeProject.Container(c, "whoami2").NetworkSettings.IPAddress,
|
||||
Address: s.getComposeServiceIP(c, "whoami2"),
|
||||
}
|
||||
err = s.registerService(reg2, true)
|
||||
c.Assert(err, checker.IsNil)
|
||||
@@ -490,8 +483,7 @@ func (s *ConsulCatalogSuite) TestSameServiceIDOnDifferentConsulAgent(c *check.C)
|
||||
c.Assert(err, checker.IsNil)
|
||||
|
||||
err = try.Request(req, 2*time.Second, try.StatusCodeIs(200),
|
||||
try.BodyContainsOr(s.composeProject.Container(c, "whoami1").NetworkSettings.IPAddress,
|
||||
s.composeProject.Container(c, "whoami2").NetworkSettings.IPAddress))
|
||||
try.BodyContainsOr(s.getComposeServiceIP(c, "whoami1"), s.getComposeServiceIP(c, "whoami2")))
|
||||
c.Assert(err, checker.IsNil)
|
||||
|
||||
err = s.deregisterService("whoami", false)
|
||||
@@ -506,7 +498,7 @@ func (s *ConsulCatalogSuite) TestConsulServiceWithOneMissingLabels(c *check.C) {
|
||||
ConsulAddress string
|
||||
DefaultRule string
|
||||
}{
|
||||
ConsulAddress: s.consulAddress,
|
||||
ConsulAddress: s.consulURL,
|
||||
DefaultRule: "Host(`{{ normalize .Name }}.consul.localhost`)",
|
||||
}
|
||||
|
||||
@@ -521,7 +513,7 @@ func (s *ConsulCatalogSuite) TestConsulServiceWithOneMissingLabels(c *check.C) {
|
||||
"traefik.random.value=my.super.host",
|
||||
},
|
||||
Port: 80,
|
||||
Address: s.composeProject.Container(c, "whoami1").NetworkSettings.IPAddress,
|
||||
Address: s.getComposeServiceIP(c, "whoami1"),
|
||||
}
|
||||
|
||||
err := s.registerService(reg, false)
|
||||
@@ -546,11 +538,12 @@ func (s *ConsulCatalogSuite) TestConsulServiceWithOneMissingLabels(c *check.C) {
|
||||
}
|
||||
|
||||
func (s *ConsulCatalogSuite) TestConsulServiceWithHealthCheck(c *check.C) {
|
||||
whoamiIP := s.getComposeServiceIP(c, "whoami1")
|
||||
tags := []string{
|
||||
"traefik.enable=true",
|
||||
"traefik.http.routers.router1.rule=Path(`/whoami`)",
|
||||
"traefik.http.routers.router1.service=service1",
|
||||
"traefik.http.services.service1.loadBalancer.server.url=http://" + s.composeProject.Container(c, "whoami1").NetworkSettings.IPAddress,
|
||||
"traefik.http.services.service1.loadBalancer.server.url=http://" + whoamiIP,
|
||||
}
|
||||
|
||||
reg1 := &api.AgentServiceRegistration{
|
||||
@@ -558,7 +551,7 @@ func (s *ConsulCatalogSuite) TestConsulServiceWithHealthCheck(c *check.C) {
|
||||
Name: "whoami",
|
||||
Tags: tags,
|
||||
Port: 80,
|
||||
Address: s.composeProject.Container(c, "whoami1").NetworkSettings.IPAddress,
|
||||
Address: whoamiIP,
|
||||
Check: &api.AgentServiceCheck{
|
||||
CheckID: "some-failed-check",
|
||||
TCP: "127.0.0.1:1234",
|
||||
@@ -574,7 +567,7 @@ func (s *ConsulCatalogSuite) TestConsulServiceWithHealthCheck(c *check.C) {
|
||||
tempObjects := struct {
|
||||
ConsulAddress string
|
||||
}{
|
||||
ConsulAddress: s.consulAddress,
|
||||
ConsulAddress: s.consulURL,
|
||||
}
|
||||
|
||||
file := s.adaptFile(c, "fixtures/consul_catalog/simple.toml", tempObjects)
|
||||
@@ -592,17 +585,16 @@ func (s *ConsulCatalogSuite) TestConsulServiceWithHealthCheck(c *check.C) {
|
||||
err = s.deregisterService("whoami1", false)
|
||||
c.Assert(err, checker.IsNil)
|
||||
|
||||
containerIP := s.composeProject.Container(c, "whoami2").NetworkSettings.IPAddress
|
||||
|
||||
whoami2IP := s.getComposeServiceIP(c, "whoami2")
|
||||
reg2 := &api.AgentServiceRegistration{
|
||||
ID: "whoami2",
|
||||
Name: "whoami",
|
||||
Tags: tags,
|
||||
Port: 80,
|
||||
Address: containerIP,
|
||||
Address: whoami2IP,
|
||||
Check: &api.AgentServiceCheck{
|
||||
CheckID: "some-ok-check",
|
||||
TCP: containerIP + ":80",
|
||||
TCP: whoami2IP + ":80",
|
||||
Name: "some-ok-check",
|
||||
Interval: "1s",
|
||||
Timeout: "1s",
|
||||
@@ -629,7 +621,7 @@ func (s *ConsulCatalogSuite) TestConsulConnect(c *check.C) {
|
||||
err := s.waitForConnectCA()
|
||||
c.Assert(err, checker.IsNil)
|
||||
|
||||
connectIP := s.composeProject.Container(c, "connect").NetworkSettings.IPAddress
|
||||
connectIP := s.getComposeServiceIP(c, "connect")
|
||||
reg := &api.AgentServiceRegistration{
|
||||
ID: "uuid-api1",
|
||||
Name: "uuid-api",
|
||||
@@ -649,7 +641,7 @@ func (s *ConsulCatalogSuite) TestConsulConnect(c *check.C) {
|
||||
err = s.registerService(reg, false)
|
||||
c.Assert(err, checker.IsNil)
|
||||
|
||||
whoamiIP := s.composeProject.Container(c, "whoami1").NetworkSettings.IPAddress
|
||||
whoamiIP := s.getComposeServiceIP(c, "whoami1")
|
||||
regWhoami := &api.AgentServiceRegistration{
|
||||
ID: "whoami1",
|
||||
Name: "whoami",
|
||||
@@ -667,7 +659,7 @@ func (s *ConsulCatalogSuite) TestConsulConnect(c *check.C) {
|
||||
tempObjects := struct {
|
||||
ConsulAddress string
|
||||
}{
|
||||
ConsulAddress: s.consulAddress,
|
||||
ConsulAddress: s.consulURL,
|
||||
}
|
||||
file := s.adaptFile(c, "fixtures/consul_catalog/connect.toml", tempObjects)
|
||||
defer os.Remove(file)
|
||||
@@ -695,7 +687,7 @@ func (s *ConsulCatalogSuite) TestConsulConnect_ByDefault(c *check.C) {
|
||||
err := s.waitForConnectCA()
|
||||
c.Assert(err, checker.IsNil)
|
||||
|
||||
connectIP := s.composeProject.Container(c, "connect").NetworkSettings.IPAddress
|
||||
connectIP := s.getComposeServiceIP(c, "connect")
|
||||
reg := &api.AgentServiceRegistration{
|
||||
ID: "uuid-api1",
|
||||
Name: "uuid-api",
|
||||
@@ -714,7 +706,7 @@ func (s *ConsulCatalogSuite) TestConsulConnect_ByDefault(c *check.C) {
|
||||
err = s.registerService(reg, false)
|
||||
c.Assert(err, checker.IsNil)
|
||||
|
||||
whoamiIP := s.composeProject.Container(c, "whoami1").NetworkSettings.IPAddress
|
||||
whoamiIP := s.getComposeServiceIP(c, "whoami1")
|
||||
regWhoami := &api.AgentServiceRegistration{
|
||||
ID: "whoami1",
|
||||
Name: "whoami1",
|
||||
@@ -729,7 +721,7 @@ func (s *ConsulCatalogSuite) TestConsulConnect_ByDefault(c *check.C) {
|
||||
err = s.registerService(regWhoami, false)
|
||||
c.Assert(err, checker.IsNil)
|
||||
|
||||
whoami2IP := s.composeProject.Container(c, "whoami2").NetworkSettings.IPAddress
|
||||
whoami2IP := s.getComposeServiceIP(c, "whoami2")
|
||||
regWhoami2 := &api.AgentServiceRegistration{
|
||||
ID: "whoami2",
|
||||
Name: "whoami2",
|
||||
@@ -748,7 +740,7 @@ func (s *ConsulCatalogSuite) TestConsulConnect_ByDefault(c *check.C) {
|
||||
tempObjects := struct {
|
||||
ConsulAddress string
|
||||
}{
|
||||
ConsulAddress: s.consulAddress,
|
||||
ConsulAddress: s.consulURL,
|
||||
}
|
||||
file := s.adaptFile(c, "fixtures/consul_catalog/connect_by_default.toml", tempObjects)
|
||||
defer os.Remove(file)
|
||||
@@ -781,7 +773,7 @@ func (s *ConsulCatalogSuite) TestConsulConnect_NotAware(c *check.C) {
|
||||
err := s.waitForConnectCA()
|
||||
c.Assert(err, checker.IsNil)
|
||||
|
||||
connectIP := s.composeProject.Container(c, "connect").NetworkSettings.IPAddress
|
||||
connectIP := s.getComposeServiceIP(c, "connect")
|
||||
reg := &api.AgentServiceRegistration{
|
||||
ID: "uuid-api1",
|
||||
Name: "uuid-api",
|
||||
@@ -801,7 +793,7 @@ func (s *ConsulCatalogSuite) TestConsulConnect_NotAware(c *check.C) {
|
||||
err = s.registerService(reg, false)
|
||||
c.Assert(err, checker.IsNil)
|
||||
|
||||
whoamiIP := s.composeProject.Container(c, "whoami1").NetworkSettings.IPAddress
|
||||
whoamiIP := s.getComposeServiceIP(c, "whoami1")
|
||||
regWhoami := &api.AgentServiceRegistration{
|
||||
ID: "whoami1",
|
||||
Name: "whoami",
|
||||
@@ -819,7 +811,7 @@ func (s *ConsulCatalogSuite) TestConsulConnect_NotAware(c *check.C) {
|
||||
tempObjects := struct {
|
||||
ConsulAddress string
|
||||
}{
|
||||
ConsulAddress: s.consulAddress,
|
||||
ConsulAddress: s.consulURL,
|
||||
}
|
||||
file := s.adaptFile(c, "fixtures/consul_catalog/connect_not_aware.toml", tempObjects)
|
||||
defer os.Remove(file)
|
||||
|
||||
@@ -3,6 +3,8 @@ package integration
|
||||
import (
|
||||
"bytes"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"net"
|
||||
"net/http"
|
||||
"os"
|
||||
"path/filepath"
|
||||
@@ -18,20 +20,24 @@ import (
|
||||
checker "github.com/vdemeester/shakers"
|
||||
)
|
||||
|
||||
// Consul test suites (using libcompose).
|
||||
// Consul test suites.
|
||||
type ConsulSuite struct {
|
||||
BaseSuite
|
||||
kvClient store.Store
|
||||
kvClient store.Store
|
||||
consulURL string
|
||||
}
|
||||
|
||||
func (s *ConsulSuite) setupStore(c *check.C) {
|
||||
s.createComposeProject(c, "consul")
|
||||
s.composeProject.Start(c)
|
||||
s.composeUp(c)
|
||||
|
||||
consulAddr := net.JoinHostPort(s.getComposeServiceIP(c, "consul"), "8500")
|
||||
s.consulURL = fmt.Sprintf("http://%s", consulAddr)
|
||||
|
||||
consul.Register()
|
||||
kv, err := valkeyrie.NewStore(
|
||||
store.CONSUL,
|
||||
[]string{s.composeProject.Container(c, "consul").NetworkSettings.IPAddress + ":8500"},
|
||||
[]string{consulAddr},
|
||||
&store.Config{
|
||||
ConnectionTimeout: 10 * time.Second,
|
||||
},
|
||||
@@ -46,20 +52,10 @@ func (s *ConsulSuite) setupStore(c *check.C) {
|
||||
c.Assert(err, checker.IsNil)
|
||||
}
|
||||
|
||||
func (s *ConsulSuite) TearDownTest(c *check.C) {
|
||||
// shutdown and delete compose project
|
||||
if s.composeProject != nil {
|
||||
s.composeProject.Stop(c)
|
||||
}
|
||||
}
|
||||
|
||||
func (s *ConsulSuite) TearDownSuite(c *check.C) {}
|
||||
|
||||
func (s *ConsulSuite) TestSimpleConfiguration(c *check.C) {
|
||||
s.setupStore(c)
|
||||
|
||||
address := "http://" + s.composeProject.Container(c, "consul").NetworkSettings.IPAddress + ":8500"
|
||||
file := s.adaptFile(c, "fixtures/consul/simple.toml", struct{ ConsulAddress string }{address})
|
||||
file := s.adaptFile(c, "fixtures/consul/simple.toml", struct{ ConsulAddress string }{s.consulURL})
|
||||
defer os.Remove(file)
|
||||
|
||||
data := map[string]string{
|
||||
|
||||
@@ -14,33 +14,17 @@ import (
|
||||
checker "github.com/vdemeester/shakers"
|
||||
)
|
||||
|
||||
const (
|
||||
composeProject = "minimal"
|
||||
)
|
||||
|
||||
// Docker tests suite.
|
||||
type DockerComposeSuite struct {
|
||||
BaseSuite
|
||||
}
|
||||
|
||||
func (s *DockerComposeSuite) SetUpSuite(c *check.C) {
|
||||
s.createComposeProject(c, composeProject)
|
||||
s.composeProject.Start(c)
|
||||
}
|
||||
|
||||
func (s *DockerComposeSuite) TearDownSuite(c *check.C) {
|
||||
// shutdown and delete compose project
|
||||
if s.composeProject != nil {
|
||||
s.composeProject.Stop(c)
|
||||
}
|
||||
s.createComposeProject(c, "minimal")
|
||||
s.composeUp(c)
|
||||
}
|
||||
|
||||
func (s *DockerComposeSuite) TestComposeScale(c *check.C) {
|
||||
serviceCount := 2
|
||||
composeService := "whoami1"
|
||||
|
||||
s.composeProject.Scale(c, composeService, serviceCount)
|
||||
|
||||
tempObjects := struct {
|
||||
DockerHost string
|
||||
DefaultRule string
|
||||
@@ -81,8 +65,8 @@ func (s *DockerComposeSuite) TestComposeScale(c *check.C) {
|
||||
if strings.HasSuffix(name, "@internal") {
|
||||
continue
|
||||
}
|
||||
c.Assert(name, checker.Equals, composeService+"-integrationtest"+composeProject+"@docker")
|
||||
c.Assert(service.LoadBalancer.Servers, checker.HasLen, serviceCount)
|
||||
c.Assert(name, checker.Equals, "whoami1-"+s.composeProject.Name+"@docker")
|
||||
c.Assert(service.LoadBalancer.Servers, checker.HasLen, 2)
|
||||
// We could break here, but we don't just to keep us honest.
|
||||
}
|
||||
}
|
||||
|
||||
@@ -6,80 +6,24 @@ import (
|
||||
"io"
|
||||
"net/http"
|
||||
"os"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/docker/docker/pkg/namesgenerator"
|
||||
"github.com/go-check/check"
|
||||
d "github.com/libkermit/docker"
|
||||
"github.com/libkermit/docker-check"
|
||||
"github.com/traefik/traefik/v2/integration/try"
|
||||
checker "github.com/vdemeester/shakers"
|
||||
)
|
||||
|
||||
// Images to have or pull before the build in order to make it work.
|
||||
// FIXME handle this offline but loading them before build.
|
||||
var RequiredImages = map[string]string{
|
||||
"swarm": "1.0.0",
|
||||
"traefik/whoami": "latest",
|
||||
}
|
||||
|
||||
// Docker tests suite.
|
||||
type DockerSuite struct {
|
||||
BaseSuite
|
||||
project *docker.Project
|
||||
}
|
||||
|
||||
func (s *DockerSuite) startContainer(c *check.C, image string, args ...string) string {
|
||||
return s.startContainerWithConfig(c, image, d.ContainerConfig{
|
||||
Cmd: args,
|
||||
})
|
||||
}
|
||||
|
||||
func (s *DockerSuite) startContainerWithLabels(c *check.C, image string, labels map[string]string, args ...string) string {
|
||||
return s.startContainerWithConfig(c, image, d.ContainerConfig{
|
||||
Cmd: args,
|
||||
Labels: labels,
|
||||
})
|
||||
}
|
||||
|
||||
func (s *DockerSuite) startContainerWithNameAndLabels(c *check.C, name, image string, labels map[string]string, args ...string) string {
|
||||
return s.startContainerWithConfig(c, image, d.ContainerConfig{
|
||||
Name: name,
|
||||
Cmd: args,
|
||||
Labels: labels,
|
||||
})
|
||||
}
|
||||
|
||||
func (s *DockerSuite) startContainerWithConfig(c *check.C, image string, config d.ContainerConfig) string {
|
||||
if config.Name == "" {
|
||||
config.Name = namesgenerator.GetRandomName(10)
|
||||
}
|
||||
|
||||
container := s.project.StartWithConfig(c, image, config)
|
||||
|
||||
// FIXME(vdemeester) this is ugly (it's because of the / in front of the name in docker..)
|
||||
return strings.SplitAfter(container.Name, "/")[1]
|
||||
}
|
||||
|
||||
func (s *DockerSuite) stopAndRemoveContainerByName(c *check.C, name string) {
|
||||
s.project.Stop(c, name)
|
||||
s.project.Remove(c, name)
|
||||
}
|
||||
|
||||
func (s *DockerSuite) SetUpSuite(c *check.C) {
|
||||
project := docker.NewProjectFromEnv(c)
|
||||
s.project = project
|
||||
|
||||
// Pull required images
|
||||
for repository, tag := range RequiredImages {
|
||||
image := fmt.Sprintf("%s:%s", repository, tag)
|
||||
s.project.Pull(c, image)
|
||||
}
|
||||
func (s *DockerSuite) SetUpTest(c *check.C) {
|
||||
s.createComposeProject(c, "docker")
|
||||
}
|
||||
|
||||
func (s *DockerSuite) TearDownTest(c *check.C) {
|
||||
s.project.Clean(c, os.Getenv("CIRCLECI") != "") // FIXME
|
||||
s.composeDown(c)
|
||||
}
|
||||
|
||||
func (s *DockerSuite) TestSimpleConfiguration(c *check.C) {
|
||||
@@ -94,13 +38,15 @@ func (s *DockerSuite) TestSimpleConfiguration(c *check.C) {
|
||||
file := s.adaptFile(c, "fixtures/docker/simple.toml", tempObjects)
|
||||
defer os.Remove(file)
|
||||
|
||||
s.composeUp(c)
|
||||
|
||||
cmd, display := s.traefikCmd(withConfigFile(file))
|
||||
defer display(c)
|
||||
|
||||
err := cmd.Start()
|
||||
c.Assert(err, checker.IsNil)
|
||||
defer s.killCmd(cmd)
|
||||
|
||||
// TODO validate : run on 80
|
||||
// Expected a 404 as we did not configure anything
|
||||
err = try.GetRequest("http://127.0.0.1:8000/", 500*time.Millisecond, try.StatusCodeIs(http.StatusNotFound))
|
||||
c.Assert(err, checker.IsNil)
|
||||
@@ -118,18 +64,19 @@ func (s *DockerSuite) TestDefaultDockerContainers(c *check.C) {
|
||||
file := s.adaptFile(c, "fixtures/docker/simple.toml", tempObjects)
|
||||
defer os.Remove(file)
|
||||
|
||||
name := s.startContainer(c, "swarm:1.0.0", "manage", "token://blablabla")
|
||||
s.composeUp(c, "simple")
|
||||
|
||||
// Start traefik
|
||||
cmd, display := s.traefikCmd(withConfigFile(file))
|
||||
defer display(c)
|
||||
|
||||
err := cmd.Start()
|
||||
c.Assert(err, checker.IsNil)
|
||||
defer s.killCmd(cmd)
|
||||
|
||||
req, err := http.NewRequest(http.MethodGet, "http://127.0.0.1:8000/version", nil)
|
||||
c.Assert(err, checker.IsNil)
|
||||
req.Host = fmt.Sprintf("%s.docker.localhost", strings.ReplaceAll(name, "_", "-"))
|
||||
req.Host = fmt.Sprintf("simple-%s.docker.localhost", s.composeProject.Name)
|
||||
|
||||
// FIXME Need to wait than 500 milliseconds more (for swarm or traefik to boot up ?)
|
||||
resp, err := try.ResponseUntilStatusCode(req, 1500*time.Millisecond, http.StatusOK)
|
||||
@@ -156,18 +103,12 @@ func (s *DockerSuite) TestDockerContainersWithTCPLabels(c *check.C) {
|
||||
file := s.adaptFile(c, "fixtures/docker/simple.toml", tempObjects)
|
||||
defer os.Remove(file)
|
||||
|
||||
// Start a container with some labels
|
||||
labels := map[string]string{
|
||||
"traefik.tcp.Routers.Super.Rule": "HostSNI(`my.super.host`)",
|
||||
"traefik.tcp.Routers.Super.tls": "true",
|
||||
"traefik.tcp.Services.Super.Loadbalancer.server.port": "8080",
|
||||
}
|
||||
|
||||
s.startContainerWithLabels(c, "traefik/whoamitcp", labels, "-name", "my.super.host")
|
||||
s.composeUp(c, "withtcplabels")
|
||||
|
||||
// Start traefik
|
||||
cmd, display := s.traefikCmd(withConfigFile(file))
|
||||
defer display(c)
|
||||
|
||||
err := cmd.Start()
|
||||
c.Assert(err, checker.IsNil)
|
||||
defer s.killCmd(cmd)
|
||||
@@ -193,17 +134,7 @@ func (s *DockerSuite) TestDockerContainersWithLabels(c *check.C) {
|
||||
file := s.adaptFile(c, "fixtures/docker/simple.toml", tempObjects)
|
||||
defer os.Remove(file)
|
||||
|
||||
// Start a container with some labels
|
||||
labels := map[string]string{
|
||||
"traefik.http.Routers.Super.Rule": "Host(`my.super.host`)",
|
||||
}
|
||||
s.startContainerWithLabels(c, "swarm:1.0.0", labels, "manage", "token://blabla")
|
||||
|
||||
// Start another container by replacing a '.' by a '-'
|
||||
labels = map[string]string{
|
||||
"traefik.http.Routers.SuperHost.Rule": "Host(`my-super.host`)",
|
||||
}
|
||||
s.startContainerWithLabels(c, "swarm:1.0.0", labels, "manage", "token://blablabla")
|
||||
s.composeUp(c, "withlabels1", "withlabels2")
|
||||
|
||||
// Start traefik
|
||||
cmd, display := s.traefikCmd(withConfigFile(file))
|
||||
@@ -249,15 +180,12 @@ func (s *DockerSuite) TestDockerContainersWithOneMissingLabels(c *check.C) {
|
||||
file := s.adaptFile(c, "fixtures/docker/simple.toml", tempObjects)
|
||||
defer os.Remove(file)
|
||||
|
||||
// Start a container with some labels
|
||||
labels := map[string]string{
|
||||
"traefik.random.value": "my.super.host",
|
||||
}
|
||||
s.startContainerWithLabels(c, "swarm:1.0.0", labels, "manage", "token://blabla")
|
||||
s.composeUp(c, "withonelabelmissing")
|
||||
|
||||
// Start traefik
|
||||
cmd, display := s.traefikCmd(withConfigFile(file))
|
||||
defer display(c)
|
||||
|
||||
err := cmd.Start()
|
||||
c.Assert(err, checker.IsNil)
|
||||
defer s.killCmd(cmd)
|
||||
@@ -285,16 +213,12 @@ func (s *DockerSuite) TestRestartDockerContainers(c *check.C) {
|
||||
file := s.adaptFile(c, "fixtures/docker/simple.toml", tempObjects)
|
||||
defer os.Remove(file)
|
||||
|
||||
// Start a container with some labels
|
||||
labels := map[string]string{
|
||||
"traefik.http.Routers.Super.Rule": "Host(`my.super.host`)",
|
||||
"traefik.http.Services.powpow.LoadBalancer.server.Port": "2375",
|
||||
}
|
||||
s.startContainerWithNameAndLabels(c, "powpow", "swarm:1.0.0", labels, "manage", "token://blabla")
|
||||
s.composeUp(c, "powpow")
|
||||
|
||||
// Start traefik
|
||||
cmd, display := s.traefikCmd(withConfigFile(file))
|
||||
defer display(c)
|
||||
|
||||
err := cmd.Start()
|
||||
c.Assert(err, checker.IsNil)
|
||||
defer s.killCmd(cmd)
|
||||
@@ -318,16 +242,14 @@ func (s *DockerSuite) TestRestartDockerContainers(c *check.C) {
|
||||
err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 60*time.Second, try.BodyContains("powpow"))
|
||||
c.Assert(err, checker.IsNil)
|
||||
|
||||
s.stopAndRemoveContainerByName(c, "powpow")
|
||||
defer s.project.Remove(c, "powpow")
|
||||
s.composeStop(c, "powpow")
|
||||
|
||||
time.Sleep(5 * time.Second)
|
||||
|
||||
err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 10*time.Second, try.BodyContains("powpow"))
|
||||
c.Assert(err, checker.NotNil)
|
||||
|
||||
s.startContainerWithNameAndLabels(c, "powpow", "swarm:1.0.0", labels, "manage", "token://blabla")
|
||||
|
||||
s.composeUp(c, "powpow")
|
||||
err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 60*time.Second, try.BodyContains("powpow"))
|
||||
c.Assert(err, checker.IsNil)
|
||||
}
|
||||
|
||||
@@ -10,7 +10,7 @@ import (
|
||||
checker "github.com/vdemeester/shakers"
|
||||
)
|
||||
|
||||
// ErrorPagesSuite test suites (using libcompose).
|
||||
// ErrorPagesSuite test suites.
|
||||
type ErrorPagesSuite struct {
|
||||
BaseSuite
|
||||
ErrorPageIP string
|
||||
@@ -19,10 +19,10 @@ type ErrorPagesSuite struct {
|
||||
|
||||
func (s *ErrorPagesSuite) SetUpSuite(c *check.C) {
|
||||
s.createComposeProject(c, "error_pages")
|
||||
s.composeProject.Start(c)
|
||||
s.composeUp(c)
|
||||
|
||||
s.ErrorPageIP = s.composeProject.Container(c, "nginx2").NetworkSettings.IPAddress
|
||||
s.BackendIP = s.composeProject.Container(c, "nginx1").NetworkSettings.IPAddress
|
||||
s.ErrorPageIP = s.getComposeServiceIP(c, "nginx2")
|
||||
s.BackendIP = s.getComposeServiceIP(c, "nginx1")
|
||||
}
|
||||
|
||||
func (s *ErrorPagesSuite) TestSimpleConfiguration(c *check.C) {
|
||||
|
||||
@@ -3,6 +3,7 @@ package integration
|
||||
import (
|
||||
"bytes"
|
||||
"encoding/json"
|
||||
"net"
|
||||
"net/http"
|
||||
"os"
|
||||
"path/filepath"
|
||||
@@ -18,20 +19,24 @@ import (
|
||||
checker "github.com/vdemeester/shakers"
|
||||
)
|
||||
|
||||
// etcd test suites (using libcompose).
|
||||
// etcd test suites.
|
||||
type EtcdSuite struct {
|
||||
BaseSuite
|
||||
kvClient store.Store
|
||||
etcdAddr string
|
||||
}
|
||||
|
||||
func (s *EtcdSuite) setupStore(c *check.C) {
|
||||
func (s *EtcdSuite) SetUpSuite(c *check.C) {
|
||||
s.createComposeProject(c, "etcd")
|
||||
s.composeProject.Start(c)
|
||||
s.composeUp(c)
|
||||
|
||||
etcdv3.Register()
|
||||
kv, err := valkeyrie.NewStore(
|
||||
|
||||
var err error
|
||||
s.etcdAddr = net.JoinHostPort(s.getComposeServiceIP(c, "etcd"), "2379")
|
||||
s.kvClient, err = valkeyrie.NewStore(
|
||||
store.ETCDV3,
|
||||
[]string{s.composeProject.Container(c, "etcd").NetworkSettings.IPAddress + ":2379"},
|
||||
[]string{s.etcdAddr},
|
||||
&store.Config{
|
||||
ConnectionTimeout: 10 * time.Second,
|
||||
},
|
||||
@@ -39,27 +44,14 @@ func (s *EtcdSuite) setupStore(c *check.C) {
|
||||
if err != nil {
|
||||
c.Fatal("Cannot create store etcd")
|
||||
}
|
||||
s.kvClient = kv
|
||||
|
||||
// wait for etcd
|
||||
err = try.Do(60*time.Second, try.KVExists(kv, "test"))
|
||||
err = try.Do(60*time.Second, try.KVExists(s.kvClient, "test"))
|
||||
c.Assert(err, checker.IsNil)
|
||||
}
|
||||
|
||||
func (s *EtcdSuite) TearDownTest(c *check.C) {
|
||||
// shutdown and delete compose project
|
||||
if s.composeProject != nil {
|
||||
s.composeProject.Stop(c)
|
||||
}
|
||||
}
|
||||
|
||||
func (s *EtcdSuite) TearDownSuite(c *check.C) {}
|
||||
|
||||
func (s *EtcdSuite) TestSimpleConfiguration(c *check.C) {
|
||||
s.setupStore(c)
|
||||
|
||||
address := s.composeProject.Container(c, "etcd").NetworkSettings.IPAddress + ":2379"
|
||||
file := s.adaptFile(c, "fixtures/etcd/simple.toml", struct{ EtcdAddress string }{address})
|
||||
file := s.adaptFile(c, "fixtures/etcd/simple.toml", struct{ EtcdAddress string }{s.etcdAddr})
|
||||
defer os.Remove(file)
|
||||
|
||||
data := map[string]string{
|
||||
|
||||
@@ -9,7 +9,9 @@ import (
|
||||
"github.com/traefik/traefik/v2/pkg/log"
|
||||
)
|
||||
|
||||
type handler struct{}
|
||||
type handler struct {
|
||||
traefikIP string
|
||||
}
|
||||
|
||||
// ServeDNS a fake DNS server
|
||||
// Simplified version of the Challenge Test Server from Boulder
|
||||
@@ -21,11 +23,6 @@ func (s *handler) ServeDNS(w dns.ResponseWriter, r *dns.Msg) {
|
||||
m.SetReply(r)
|
||||
m.Compress = false
|
||||
|
||||
fakeDNS := os.Getenv("DOCKER_HOST_IP")
|
||||
if fakeDNS == "" {
|
||||
fakeDNS = "127.0.0.1"
|
||||
}
|
||||
|
||||
for _, q := range r.Question {
|
||||
logger.Infof("Query -- [%s] %s", q.Name, dns.TypeToString[q.Qtype])
|
||||
|
||||
@@ -38,7 +35,7 @@ func (s *handler) ServeDNS(w dns.ResponseWriter, r *dns.Msg) {
|
||||
Class: dns.ClassINET,
|
||||
Ttl: 0,
|
||||
}
|
||||
record.A = net.ParseIP(fakeDNS)
|
||||
record.A = net.ParseIP(s.traefikIP)
|
||||
|
||||
m.Answer = append(m.Answer, record)
|
||||
case dns.TypeCAA:
|
||||
@@ -101,11 +98,11 @@ func (s *handler) ServeDNS(w dns.ResponseWriter, r *dns.Msg) {
|
||||
}
|
||||
}
|
||||
|
||||
func startFakeDNSServer() *dns.Server {
|
||||
func startFakeDNSServer(traefikIP string) *dns.Server {
|
||||
srv := &dns.Server{
|
||||
Addr: ":5053",
|
||||
Net: "udp",
|
||||
Handler: &handler{},
|
||||
Handler: &handler{traefikIP},
|
||||
}
|
||||
|
||||
go func() {
|
||||
|
||||
@@ -15,7 +15,7 @@ type FileSuite struct{ BaseSuite }
|
||||
|
||||
func (s *FileSuite) SetUpSuite(c *check.C) {
|
||||
s.createComposeProject(c, "file")
|
||||
s.composeProject.Start(c)
|
||||
s.composeUp(c)
|
||||
}
|
||||
|
||||
func (s *FileSuite) TestSimpleConfiguration(c *check.C) {
|
||||
|
||||
@@ -6,4 +6,4 @@
|
||||
[http.services]
|
||||
[http.services.service2.loadBalancer]
|
||||
[[http.services.service2.loadBalancer.servers]]
|
||||
url = "http://172.17.0.123:80"
|
||||
url = "http://127.0.0.1:80"
|
||||
|
||||
@@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.5.0
|
||||
controller-gen.kubebuilder.io/version: v0.6.2
|
||||
creationTimestamp: null
|
||||
name: ingressroutes.traefik.containo.us
|
||||
spec:
|
||||
@@ -202,7 +202,7 @@ apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.5.0
|
||||
controller-gen.kubebuilder.io/version: v0.6.2
|
||||
creationTimestamp: null
|
||||
name: ingressroutetcps.traefik.containo.us
|
||||
spec:
|
||||
@@ -362,7 +362,7 @@ apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.5.0
|
||||
controller-gen.kubebuilder.io/version: v0.6.2
|
||||
creationTimestamp: null
|
||||
name: ingressrouteudps.traefik.containo.us
|
||||
spec:
|
||||
@@ -446,7 +446,7 @@ apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.4.1
|
||||
controller-gen.kubebuilder.io/version: v0.6.2
|
||||
creationTimestamp: null
|
||||
name: middlewares.traefik.containo.us
|
||||
spec:
|
||||
@@ -840,7 +840,7 @@ spec:
|
||||
info configuration.
|
||||
properties:
|
||||
issuer:
|
||||
description: TLSCLientCertificateDNInfo holds the client TLS
|
||||
description: TLSClientCertificateDNInfo holds the client TLS
|
||||
certificate distinguished name info configuration. cf https://tools.ietf.org/html/rfc3739
|
||||
properties:
|
||||
commonName:
|
||||
@@ -867,7 +867,7 @@ spec:
|
||||
serialNumber:
|
||||
type: boolean
|
||||
subject:
|
||||
description: TLSCLientCertificateDNInfo holds the client TLS
|
||||
description: TLSClientCertificateDNInfo holds the client TLS
|
||||
certificate distinguished name info configuration. cf https://tools.ietf.org/html/rfc3739
|
||||
properties:
|
||||
commonName:
|
||||
@@ -1012,7 +1012,7 @@ apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.4.1
|
||||
controller-gen.kubebuilder.io/version: v0.6.2
|
||||
creationTimestamp: null
|
||||
name: middlewaretcps.traefik.containo.us
|
||||
spec:
|
||||
@@ -1071,7 +1071,7 @@ apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.4.1
|
||||
controller-gen.kubebuilder.io/version: v0.6.2
|
||||
creationTimestamp: null
|
||||
name: serverstransports.traefik.containo.us
|
||||
spec:
|
||||
@@ -1176,7 +1176,7 @@ apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.4.1
|
||||
controller-gen.kubebuilder.io/version: v0.6.2
|
||||
creationTimestamp: null
|
||||
name: tlsoptions.traefik.containo.us
|
||||
spec:
|
||||
@@ -1226,6 +1226,7 @@ spec:
|
||||
enum:
|
||||
- NoClientCert
|
||||
- RequestClientCert
|
||||
- RequireAnyClientCert
|
||||
- VerifyClientCertIfGiven
|
||||
- RequireAndVerifyClientCert
|
||||
type: string
|
||||
@@ -1267,7 +1268,7 @@ apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.4.1
|
||||
controller-gen.kubebuilder.io/version: v0.6.2
|
||||
creationTimestamp: null
|
||||
name: tlsstores.traefik.containo.us
|
||||
spec:
|
||||
@@ -1331,7 +1332,7 @@ apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.4.1
|
||||
controller-gen.kubebuilder.io/version: v0.6.2
|
||||
creationTimestamp: null
|
||||
name: traefikservices.traefik.containo.us
|
||||
spec:
|
||||
|
||||
@@ -33,13 +33,13 @@
|
||||
[http.services.service1.loadBalancer]
|
||||
|
||||
[[http.services.service1.loadBalancer.servers]]
|
||||
url = "http://{{.WhoamiEndpoint}}:8080"
|
||||
url = "http://{{ .WhoamiIP }}:8080"
|
||||
|
||||
[[http.services.service1.loadBalancer.servers]]
|
||||
url = "http://{{.WhoamiEndpoint}}:8081"
|
||||
url = "http://{{ .WhoamiIP }}:8081"
|
||||
|
||||
[[http.services.service1.loadBalancer.servers]]
|
||||
url = "http://{{.WhoamiEndpoint}}:8082"
|
||||
url = "http://{{ .WhoamiIP }}:8082"
|
||||
|
||||
[[http.services.service1.loadBalancer.servers]]
|
||||
url = "http://{{.WhoamiEndpoint}}:80"
|
||||
url = "http://{{ .WhoamiIP }}:80"
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user