From ddf53494f0ff726410ceb94950e5600fcd04dbd7 Mon Sep 17 00:00:00 2001 From: Thomas Steinbach Date: Tue, 8 Sep 2020 10:32:03 +0200 Subject: [PATCH 1/5] fixed typo in buffering.md docs --- docs/content/middlewares/buffering.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/content/middlewares/buffering.md b/docs/content/middlewares/buffering.md index ced3878d5..b67bef2cf 100644 --- a/docs/content/middlewares/buffering.md +++ b/docs/content/middlewares/buffering.md @@ -165,7 +165,7 @@ http: ### `maxResponseBodyBytes` -With the `maxReesponseBodyBytes` option, you can configure the maximum allowed response size from the service (in Bytes). +With the `maxResponseBodyBytes` option, you can configure the maximum allowed response size from the service (in Bytes). If the response exceeds the allowed size, it is not forwarded to the client. The client gets a `413 (Request Entity Too Large) response` instead. From 5c8b8149eb06f6819f7ed1f851032b027d78a0fd Mon Sep 17 00:00:00 2001 From: kosssi Date: Tue, 8 Sep 2020 10:54:04 +0200 Subject: [PATCH 2/5] doc: fix typo in health check options --- docs/content/routing/services/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/content/routing/services/index.md b/docs/content/routing/services/index.md index cbc271dfc..61b86b2ec 100644 --- a/docs/content/routing/services/index.md +++ b/docs/content/routing/services/index.md @@ -317,7 +317,7 @@ Below are the available options for the health check mechanism: - `path` is appended to the server URL to set the health check endpoint. - `scheme`, if defined, will replace the server URL `scheme` for the health check endpoint -- `hostname`, if defined, will apply `Host` header `hostname` to the the health check request. +- `hostname`, if defined, will apply `Host` header `hostname` to the health check request. - `port`, if defined, will replace the server URL `port` for the health check endpoint. - `interval` defines the frequency of the health check calls. - `timeout` defines the maximum duration Traefik will wait for a health check request before considering the server failed (unhealthy). From 56329e89bb770029ca8c24e4db72ffbb1426f624 Mon Sep 17 00:00:00 2001 From: Toni Peric Date: Tue, 8 Sep 2020 17:52:03 +0200 Subject: [PATCH 3/5] Change wording --- docs/content/middlewares/circuitbreaker.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/content/middlewares/circuitbreaker.md b/docs/content/middlewares/circuitbreaker.md index 49d911101..c19415846 100644 --- a/docs/content/middlewares/circuitbreaker.md +++ b/docs/content/middlewares/circuitbreaker.md @@ -7,7 +7,7 @@ Don't Waste Time Calling Unhealthy Services The circuit breaker protects your system from stacking requests to unhealthy services (resulting in cascading failures). -When your system is healthy, the circuit is close (normal operations). +When your system is healthy, the circuit is closed (normal operations). When your system becomes unhealthy, the circuit becomes open and the requests are no longer forwarded (but handled by a fallback mechanism). To assess if your system is healthy, the circuit breaker constantly monitors the services. @@ -82,13 +82,13 @@ http: There are three possible states for your circuit breaker: -- Close (your service operates normally) +- Closed (your service operates normally) - Open (the fallback mechanism takes over your service) - Recovering (the circuit breaker tries to resume normal operations by progressively sending requests to your service) -### Close +### Closed -While close, the circuit breaker only collects metrics to analyze the behavior of the requests. +While the circuit is closed, the circuit breaker only collects metrics to analyze the behavior of the requests. At specified intervals (`checkPeriod`), it will evaluate `expression` to decide if its state must change. From 93b3d601d5f1a0a1e2642bc95756a027bed1f85f Mon Sep 17 00:00:00 2001 From: Jake Howard Date: Thu, 10 Sep 2020 15:44:04 +0100 Subject: [PATCH 4/5] Fix typo when comparing exported data --- docs/content/contributing/data-collection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/content/contributing/data-collection.md b/docs/content/contributing/data-collection.md index 67fe211c2..a91ef9e2b 100644 --- a/docs/content/contributing/data-collection.md +++ b/docs/content/contributing/data-collection.md @@ -85,7 +85,7 @@ Once a day (the first call begins 10 minutes after the start of Traefik), we col ca = "xxxx" cert = "xxxx" key = "xxxx" - insecureSkipVerify = false + insecureSkipVerify = true ``` ## The Code for Data Collection From 0f7c32262394925ba22e285f6799a585038ea2a3 Mon Sep 17 00:00:00 2001 From: Freddy Grieshaber Date: Tue, 15 Sep 2020 09:46:04 +0200 Subject: [PATCH 5/5] Improve documentation for usage of Kubernetes Ingress --- docs/content/https/tls.md | 10 +++++++++ docs/content/middlewares/overview.md | 32 ++++++++++++++++++++++++++-- 2 files changed, 40 insertions(+), 2 deletions(-) diff --git a/docs/content/https/tls.md b/docs/content/https/tls.md index 789a46937..a0f667d48 100644 --- a/docs/content/https/tls.md +++ b/docs/content/https/tls.md @@ -134,6 +134,16 @@ If no default certificate is provided, Traefik generates and uses a self-signed The TLS options allow one to configure some parameters of the TLS connection. +!!! important "TLSOptions in Kubernetes" + + When using the TLSOptions-CRD in Kubernetes, one might setup a default set of options that, + if not explicitly overwritten, should apply to all ingresses. To achieve that, you'll have to + create a TLSOptions CR with the name `default`. There may exist only one TLSOption with the + name `default` (across all namespaces) - otherwise they will be dropped. + To explicitly use a different TLSOption (and using the Kubernetes Ingress resources) you'll + have to add an annotation to the Ingress in the following form: + `traefik.ingress.kubernetes.io/router.tls.options: -@kubernetescrd` + ### Minimum TLS Version ```toml tab="File (TOML)" diff --git a/docs/content/middlewares/overview.md b/docs/content/middlewares/overview.md index 68862ec8f..622db7e86 100644 --- a/docs/content/middlewares/overview.md +++ b/docs/content/middlewares/overview.md @@ -25,7 +25,7 @@ whoami: - "traefik.http.routers.router1.middlewares=foo-add-prefix@docker" ``` -```yaml tab="Kubernetes" +```yaml tab="Kubernetes IngressRoute" # As a Kubernetes Traefik IngressRoute apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition @@ -148,6 +148,9 @@ then you'll have to append to the middleware name, the `@` separator, followed b In this case, since the definition of the middleware is not in kubernetes, specifying a "kubernetes namespace" when referring to the resource does not make any sense, and therefore this specification would be ignored even if present. + On the other hand, if you declare the middleware as a Custom Resource in Kubernetes and use the + non-crd Ingress objects, you'll have to add the kubernetes namespace of the middleware to the + annotation like this `-@kubernetescrd`. !!! abstract "Referencing a Middleware from Another Provider" @@ -178,7 +181,7 @@ then you'll have to append to the middleware name, the `@` separator, followed b - "traefik.http.routers.my-container.middlewares=add-foo-prefix@file" ``` - ```yaml tab="Kubernetes" + ```yaml tab="Kubernetes Ingress Route" apiVersion: traefik.containo.us/v1alpha1 kind: IngressRoute metadata: @@ -199,6 +202,31 @@ then you'll have to append to the middleware name, the `@` separator, followed b # A namespace specification such as above is ignored # when the cross-provider syntax is used. ``` + + ```yaml tab="Kubernetes Ingress" + apiVersion: traefik.containo.us/v1alpha1 + kind: Middleware + metadata: + name: stripprefix + namespace: appspace + spec: + stripPrefix: + prefixes: + - /stripit + + --- + apiVersion: networking.k8s.io/v1 + kind: Ingress + metadata: + name: ingress + namespace: appspace + annotations: + # referencing a middleware from Kubernetes CRD provider: + # -@kubernetescrd + "traefik.ingress.kubernetes.io/router.middlewares": appspace-stripprefix@kubernetescrd + spec: + # ... regular ingress definition + ``` ## Available Middlewares