When Secrets permissions have not been granted (which is likely to be
the case for users not needing the basic auth feature), the watch on the
Secrets API will never yield a response, thereby causing the controller
to never sync successfully, and in turn causing the check for all
controller synchronizations to fail consistently. Thus, no event will
ever be handled.
Update traefik dependencies (docker/docker and related)
- Update dependencies
- Fix compilation problems
- Remove vdemeester/docker-events (in docker api now)
- Remove `integration/vendor`
- Use `testImport`
- update some deps.
- regenerate the lock from scratch (after a `glide cc`)
Introduces Rancher's metadata service as an optional provider source for
Traefik, enabled by setting `rancher.MetadataService`.
The provider uses a long polling technique to watch the metadata service and
obtain near instantaneous updates. Alternatively it can be configured to poll
the metadata service every `rancher.RefreshSeconds` by setting
`rancher.MetadataPoll`.
The refactor splits API and metadata service code into separate source
files respectively, and specific configuration is deferred to
sub-structs.
Incorporates bugfix #1414
This was likely just a copy-paste issue, the bug should be benign because the secret is cast to the correct type later, but the additional logging is a major annoyance, and is happening even if basic auth is not in use with Kubernetes.
We previously fell back to using ClusterIPs. However, the approach can
lead to all kinds of problems since Ingresses rely on being able to talk
to Endpoints directly. For instance, it can break stickiness and
retries.
Instead of doing sanity checks in the Kubernetes provider, we just
accept any non-empty value from the annotation and rely on the server
part to filter out unknown rules.
This allows us to automatically stay in sync with the currently
supported Path matchers/modifiers.
A missing annotation would previously be handled in the default error
case, causing a noisy warning-level log message to be generated each
time.
We add another case statement to ignore the case where the annotation is
missing from the annotations map.
Also piggybacking a minor improvement to the log message.
- Improves default filtering behavior to filter by container health/healthState
- Optionally allows filtering by service health/healthState
- Allows configuration of refresh interval
For the two existing health check parameters (path and interval), we add
support for Marathon labels.
Changes in detail:
- Extend the Marathon provider and template.
- Refactor Server.loadConfig to reduce duplication.
- Refactor the healthcheck package slightly to accommodate the changes
and allow extending by future parameters.
- Update documentation.
The IP-Per-Task feature changed the behavior for
clients without this configuration (using the task IP instead
of task hostname). This patch make the new behavior available
just for Mesos installation with IP-Per-Task enabled. It also
make it possible to force the use of task's hostname.
Previously, we did the check too late resulting in the traefik.port
label not being effective.
The change comes with additional refactorings in production and tests.
This fix allows the Traefik Rancher provider to obtain a complete view
of the environments, services and containers being managed by the
Rancher deployment.
- Split the file into smaller ones (docker, swarm and service tests)
- Use some builder to reduce a little bit the noise for creating containers
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
* Abort Kubernetes Ingress update if Kubernetes API call fails
Currently if a Kubernetes API call fails we potentially remove a working service from Traefik. This changes it so if a Kubernetes API call fails we abort out of the ingress update and use the current working config. Github issue: #1240
Also added a test to cover when requested resources (services and endpoints) that the user has specified don’t exist.
* Specifically capturing the tc range as documented here: https://blog.golang.org/subtests
* Updating service names in the mock data to be more clear
* Updated expected data to match what currently happens in the loadIngress
* Adding a blank Servers to the expected output so we compare against that instead of nil.
* Replacing the JSON test output with spew for the TestMissingResources test to help ensure we have useful output incase of failures
* Adding a temporary fix to the GetEndoints mocked function so we can override the return value for if the endpoints exist.
After the 1.2 release the use of properExists should be removed and the GetEndpoints function should return false for the second value indicating the endpoint doesn’t exist. However at this time that would break a lot of the tests.
* Adding quick TODO line about removing the properExists property
* Link to issue 1307 re: properExists flag.
If the ECS cluster has > 100 tasks, passing them to
ecs.DescribeTasksRequest() will result in the AWS API returning
errors.
This patch breaks them into chunks of at most 100, and calls
DescribeTasks for each chunk.
We also return early in case ListTasks returns no values; this
prevents DescribeTasks from throwing HTTP errors.
Currently with a kv tree like:
/traefik/backends/b1/servers/ẁeb1
/traefik/backends/b1/servers/web2
/traefik/backends/b1/servers/web2/url
Traefik would try to forward traffic to web1, which is impossible as
traefik doesn't know the url of web1.
This commit solve that, by ignoring backend server with no url "key"
when generating the config.
This is very useful, for people who use etcd TTL feature. They can then
just "renew" the url key every X second, and if the server goes down, it
is automatic removed from traefik after the TTL.
Signed-off-by: Taylor Skinner <tskinn12@gmail.com>
add some comments
Signed-off-by: Taylor Skinner <tskinn12@gmail.com>
update readmes
make test runnable
Signed-off-by: Taylor Skinner <tskinn12@gmail.com>
make test
squash! add dynamo
add glide.lock
format imports
gofmt
update glide.lock
fixes for review
golint
clean up and reorganize tests
add dynamodb integration test
remove default region. clean up tests. consistent docs
forgot the region is required
DRY
make validate
update readme and commit dependencies
- traefik.mycustomservice.port=443
- traefik.mycustomservice.frontend.rule=Path:/mycustomservice
- traefik.anothercustomservice.port=8080
- traefik.anothercustomservice.frontend.rule=Path:/anotherservice
all traffic to frontend /mycustomservice is redirected to the port 443 of the container while using /anotherservice will redirect to the port 8080 of the docker container
More documentation in the docs/toml.md file
Change-Id: Ifaa3bb00ef0a0f38aa189e0ca1586fde8c5ed862
Signed-off-by: Florent BENOIT <fbenoit@codenvy.com>
Detect whether in-cluster or cluster-external Kubernetes client should
be used based on the KUBERNETES_SERVICE_{HOST,PORT} environment
variables.
Adds bearer token and CA certificate file path parameters.
