From 526c19181e9b34192efd4505c2a1928c9d59857b Mon Sep 17 00:00:00 2001 From: Ludovic Fernandez Date: Thu, 15 Mar 2018 22:22:03 +0100 Subject: [PATCH] Merge v1.5.4 into master --- CHANGELOG.md | 25 +++++++++++++ docs/configuration/backends/file.md | 2 + docs/configuration/backends/kubernetes.md | 11 ++++++ docs/user-guide/kv-config.md | 2 +- provider/kv/keynames.go | 45 ++++++++++++----------- provider/kv/kv_config.go | 22 ++++++++++- provider/rancher/config.go | 3 +- provider/rancher/rancher.go | 3 +- server/server.go | 6 +-- server/server_test.go | 5 ++- 10 files changed, 92 insertions(+), 32 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2833b3490..9f5b8ddd6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,30 @@ # Change Log +## [v1.5.4](https://github.com/containous/traefik/tree/v1.5.4) (2018-03-15) +[All Commits](https://github.com/containous/traefik/compare/v1.5.3...v1.5.4) + +**Bug fixes:** +- **[acme]** Fix panic when parsing resolv.conf ([#2955](https://github.com/containous/traefik/pull/2955) by [ldez](https://github.com/ldez)) +- **[acme]** Don't failed traefik start if register and subscribe failed on acme ([#2977](https://github.com/containous/traefik/pull/2977) by [Juliens](https://github.com/Juliens)) +- **[ecs]** Safe access to ECS API pointer values. ([#2983](https://github.com/containous/traefik/pull/2983) by [ldez](https://github.com/ldez)) +- **[kv]** Add lower-case passHostHeader key support. ([#3015](https://github.com/containous/traefik/pull/3015) by [ldez](https://github.com/ldez)) +- **[middleware]** Propagate insecure in white list. ([#2981](https://github.com/containous/traefik/pull/2981) by [ldez](https://github.com/ldez)) +- **[rancher]** Fix Rancher Healthcheck when upgrading a service ([#2962](https://github.com/containous/traefik/pull/2962) by [jmirc](https://github.com/jmirc)) +- **[websocket]** Capitalize Sec-WebSocket-Protocol Header ([#2975](https://github.com/containous/traefik/pull/2975) by [Juliens](https://github.com/Juliens)) +- Use goroutine pool in throttleProvider ([#3013](https://github.com/containous/traefik/pull/3013) by [Juliens](https://github.com/Juliens)) +- Handle quoted strings in UnmarshalJSON ([#3004](https://github.com/containous/traefik/pull/3004) by [Juliens](https://github.com/Juliens)) + +**Documentation:** +- **[acme]** Clarify some deprecations. ([#2959](https://github.com/containous/traefik/pull/2959) by [ldez](https://github.com/ldez)) +- **[acme]** Second defaultEntryPoint should be https, not http. ([#2948](https://github.com/containous/traefik/pull/2948) by [GerbenWelter](https://github.com/GerbenWelter)) +- **[api]** Enhance API, REST, ping documentation. ([#2950](https://github.com/containous/traefik/pull/2950) by [ldez](https://github.com/ldez)) +- **[k8s]** Add TLS Docs ([#3012](https://github.com/containous/traefik/pull/3012) by [dtomcej](https://github.com/dtomcej)) +- Enhance Traefik TOML sample. ([#2996](https://github.com/containous/traefik/pull/2996) by [ldez](https://github.com/ldez)) +- Fix typo in docs ([#2990](https://github.com/containous/traefik/pull/2990) by [mo](https://github.com/mo)) +- Clarify how setting a frontend priority works ([#2984](https://github.com/containous/traefik/pull/2984) by [jbdoumenjou](https://github.com/jbdoumenjou)) +- Add [file] in syntax reference ([#3016](https://github.com/containous/traefik/pull/3016) by [ldez](https://github.com/ldez)) +- Updated the test-it example according to the latest docker version ([#3000](https://github.com/containous/traefik/pull/3000) by [geraldcroes](https://github.com/geraldcroes)) + ## [v1.5.3](https://github.com/containous/traefik/tree/v1.5.3) (2018-02-27) [All Commits](https://github.com/containous/traefik/compare/v1.5.2...v1.5.3) diff --git a/docs/configuration/backends/file.md b/docs/configuration/backends/file.md index 361db9c39..5e6ff0c99 100644 --- a/docs/configuration/backends/file.md +++ b/docs/configuration/backends/file.md @@ -5,6 +5,8 @@ Træfik can be configured with a file. ## Reference ```toml +[file] + # Backends [backends] diff --git a/docs/configuration/backends/kubernetes.md b/docs/configuration/backends/kubernetes.md index b63cbde28..117e17cbb 100644 --- a/docs/configuration/backends/kubernetes.md +++ b/docs/configuration/backends/kubernetes.md @@ -105,6 +105,17 @@ A label selector can be defined to filter on specific Ingress objects only. See [label-selectors](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors) for details. +### TLS communication between Traefik and backend pods + +Traefik automatically requests endpoint information based on the service provided in the ingress spec. +Although traefik will connect directly to the endpoints (pods), it still checks the service port to see if TLS communication is required. +If the service port defined in the ingress spec is 443, then the backend communication protocol is assumed to be TLS, and will connect via TLS automatically. + +!!! note + Please note that by enabling TLS communication between traefik and your pods, you will have to have trusted certificates that have the proper trust chain and IP subject name. + If this is not an option, you may need to skip TLS certificate verification. + See the [InsecureSkipVerify](configuration/commons/#main-section) setting for more details. + ## Annotations ### General annotations diff --git a/docs/user-guide/kv-config.md b/docs/user-guide/kv-config.md index 4713bd0f0..c2d0878f0 100644 --- a/docs/user-guide/kv-config.md +++ b/docs/user-guide/kv-config.md @@ -328,7 +328,7 @@ And there, the same dynamic configuration in a KV Store (using `prefix = "traefi | Key | Value | |----------------------------------------------------|--------------------| | `/traefik/frontends/frontend2/backend` | `backend1` | -| `/traefik/frontends/frontend2/passHostHeader` | `true` | +| `/traefik/frontends/frontend2/passhostheader` | `true` | | `/traefik/frontends/frontend2/priority` | `10` | | `/traefik/frontends/frontend2/entrypoints` | `http,https` | | `/traefik/frontends/frontend2/routes/test_2/rule` | `PathPrefix:/test` | diff --git a/provider/kv/keynames.go b/provider/kv/keynames.go index 558f11843..964841d91 100644 --- a/provider/kv/keynames.go +++ b/provider/kv/keynames.go @@ -22,28 +22,29 @@ const ( pathBackendBufferingMemRequestBodyBytes = pathBackendBuffering + "memrequestbodybytes" pathBackendBufferingRetryExpression = pathBackendBuffering + "retryexpression" - pathFrontends = "/frontends/" - pathFrontendBackend = "/backend" - pathFrontendPriority = "/priority" - pathFrontendPassHostHeader = "/passHostHeader" - pathFrontendPassTLSCert = "/passtlscert" - pathFrontendWhiteListSourceRange = "/whitelistsourcerange" - pathFrontendBasicAuth = "/basicauth" - pathFrontendEntryPoints = "/entrypoints" - pathFrontendRedirectEntryPoint = "/redirect/entrypoint" - pathFrontendRedirectRegex = "/redirect/regex" - pathFrontendRedirectReplacement = "/redirect/replacement" - pathFrontendRedirectPermanent = "/redirect/permanent" - pathFrontendErrorPages = "/errors/" - pathFrontendErrorPagesBackend = "/backend" - pathFrontendErrorPagesQuery = "/query" - pathFrontendErrorPagesStatus = "/status" - pathFrontendRateLimit = "/ratelimit/" - pathFrontendRateLimitRateSet = pathFrontendRateLimit + "rateset/" - pathFrontendRateLimitExtractorFunc = pathFrontendRateLimit + "extractorfunc" - pathFrontendRateLimitPeriod = "/period" - pathFrontendRateLimitAverage = "/average" - pathFrontendRateLimitBurst = "/burst" + pathFrontends = "/frontends/" + pathFrontendBackend = "/backend" + pathFrontendPriority = "/priority" + pathFrontendPassHostHeaderDeprecated = "/passHostHeader" // Deprecated + pathFrontendPassHostHeader = "/passhostheader" + pathFrontendPassTLSCert = "/passtlscert" + pathFrontendWhiteListSourceRange = "/whitelistsourcerange" + pathFrontendBasicAuth = "/basicauth" + pathFrontendEntryPoints = "/entrypoints" + pathFrontendRedirectEntryPoint = "/redirect/entrypoint" + pathFrontendRedirectRegex = "/redirect/regex" + pathFrontendRedirectReplacement = "/redirect/replacement" + pathFrontendRedirectPermanent = "/redirect/permanent" + pathFrontendErrorPages = "/errors/" + pathFrontendErrorPagesBackend = "/backend" + pathFrontendErrorPagesQuery = "/query" + pathFrontendErrorPagesStatus = "/status" + pathFrontendRateLimit = "/ratelimit/" + pathFrontendRateLimitRateSet = pathFrontendRateLimit + "rateset/" + pathFrontendRateLimitExtractorFunc = pathFrontendRateLimit + "extractorfunc" + pathFrontendRateLimitPeriod = "/period" + pathFrontendRateLimitAverage = "/average" + pathFrontendRateLimitBurst = "/burst" pathFrontendCustomRequestHeaders = "/headers/customrequestheaders/" pathFrontendCustomResponseHeaders = "/headers/customresponseheaders/" diff --git a/provider/kv/kv_config.go b/provider/kv/kv_config.go index 23ce07c05..d2c6fd8e9 100644 --- a/provider/kv/kv_config.go +++ b/provider/kv/kv_config.go @@ -42,8 +42,8 @@ func (p *Provider) buildConfiguration() *types.Configuration { // Frontend functions "getBackendName": p.getFuncString(pathFrontendBackend, ""), - "getPriority": p.getFuncInt(pathFrontendPriority, 0), - "getPassHostHeader": p.getFuncBool(pathFrontendPassHostHeader, true), + "getPriority": p.getFuncInt(pathFrontendPriority, label.DefaultFrontendPriorityInt), + "getPassHostHeader": p.getPassHostHeader(), "getPassTLSCert": p.getFuncBool(pathFrontendPassTLSCert, label.DefaultPassTLSCert), "getEntryPoints": p.getFuncList(pathFrontendEntryPoints), "getWhitelistSourceRange": p.getFuncList(pathFrontendWhiteListSourceRange), @@ -80,6 +80,24 @@ func (p *Provider) buildConfiguration() *types.Configuration { return configuration } +// Deprecated +func (p *Provider) getPassHostHeader() func(rootPath string) bool { + return func(rootPath string) bool { + rawValue := p.get("", rootPath, pathFrontendPassHostHeader) + + if len(rawValue) > 0 { + value, err := strconv.ParseBool(rawValue) + if err != nil { + log.Errorf("Invalid value for %s %s: %s", rootPath, pathFrontendPassHostHeader, rawValue) + return label.DefaultPassHostHeaderBool + } + return value + } + + return p.getBool(label.DefaultPassHostHeaderBool, rootPath, pathFrontendPassHostHeaderDeprecated) + } +} + // Deprecated func (p *Provider) getSticky(rootPath string) bool { stickyValue := p.get("", rootPath, pathBackendLoadBalancerSticky) diff --git a/provider/rancher/config.go b/provider/rancher/config.go index e77841505..9d8ff5b6e 100644 --- a/provider/rancher/config.go +++ b/provider/rancher/config.go @@ -128,8 +128,7 @@ func (p *Provider) serviceFilter(service rancherData) bool { log.Debugf("Filtering service %s with healthState of %s", service.Name, service.Health) return false } - - if service.State != "" && service.State != active && service.State != updatingActive && service.State != upgraded { + if service.State != "" && service.State != active && service.State != updatingActive && service.State != upgraded && service.State != upgrading { log.Debugf("Filtering service %s with state of %s", service.Name, service.State) return false } diff --git a/provider/rancher/rancher.go b/provider/rancher/rancher.go index cddb95da4..983f4c2e0 100644 --- a/provider/rancher/rancher.go +++ b/provider/rancher/rancher.go @@ -18,6 +18,7 @@ const ( active = "active" running = "running" upgraded = "upgraded" + upgrading = "upgrading" updatingActive = "updating-active" updatingRunning = "updating-running" ) @@ -63,7 +64,7 @@ func containerFilter(name, healthState, state string) bool { return false } - if state != "" && state != running && state != updatingRunning { + if state != "" && state != running && state != updatingRunning && state != upgraded { log.Debugf("Filtering container %s with state of %s", name, state) return false } diff --git a/server/server.go b/server/server.go index 7a71a8b38..f02af806e 100644 --- a/server/server.go +++ b/server/server.go @@ -385,7 +385,7 @@ func (s *Server) preLoadConfiguration(configMsg types.ConfigMessage) { providerConfigUpdateCh = make(chan types.ConfigMessage) s.providerConfigUpdateMap[configMsg.ProviderName] = providerConfigUpdateCh s.routinesPool.Go(func(stop chan bool) { - throttleProviderConfigReload(providersThrottleDuration, s.configurationValidatedChan, providerConfigUpdateCh, stop) + s.throttleProviderConfigReload(providersThrottleDuration, s.configurationValidatedChan, providerConfigUpdateCh, stop) }) } providerConfigUpdateCh <- configMsg @@ -396,11 +396,11 @@ func (s *Server) preLoadConfiguration(configMsg types.ConfigMessage) { // It will immediately publish a new configuration and then only publish the next configuration after the throttle duration. // Note that in the case it receives N new configs in the timeframe of the throttle duration after publishing, // it will publish the last of the newly received configurations. -func throttleProviderConfigReload(throttle time.Duration, publish chan<- types.ConfigMessage, in <-chan types.ConfigMessage, stop chan bool) { +func (s *Server) throttleProviderConfigReload(throttle time.Duration, publish chan<- types.ConfigMessage, in <-chan types.ConfigMessage, stop chan bool) { ring := channels.NewRingChannel(1) defer ring.Close() - safe.Go(func() { + s.routinesPool.Go(func(stop chan bool) { for { select { case <-stop: diff --git a/server/server_test.go b/server/server_test.go index cc5ebbd10..46632fec5 100644 --- a/server/server_test.go +++ b/server/server_test.go @@ -301,7 +301,10 @@ func TestThrottleProviderConfigReload(t *testing.T) { stop <- true }() - go throttleProviderConfigReload(throttleDuration, publishConfig, providerConfig, stop) + globalConfig := configuration.GlobalConfiguration{} + server := NewServer(globalConfig, nil) + + go server.throttleProviderConfigReload(throttleDuration, publishConfig, providerConfig, stop) publishedConfigCount := 0 stopConsumeConfigs := make(chan bool)