Merge current v2.4 into v2.5

This commit is contained in:
romain 2021-07-28 14:40:49 +02:00
commit 4b456f3b76
5 changed files with 50 additions and 14 deletions

View file

@ -61,7 +61,6 @@ blocks:
jobs: jobs:
- name: Test Integration Host - name: Test Integration Host
commands: commands:
- cache restore traefik-$(checksum go.sum)
- mkdir -p static # Avoid to generate webui - mkdir -p static # Avoid to generate webui
- make test-integration-host - make test-integration-host
epilogue: epilogue:

View file

@ -1,3 +1,12 @@
## [v2.4.12](https://github.com/traefik/traefik/tree/v2.4.12) (2021-07-26)
[All Commits](https://github.com/traefik/traefik/compare/v2.4.11...v2.4.12)
**Bug fixes:**
- **[k8s,k8s/ingress]** Get Kubernetes server version early ([#8286](https://github.com/traefik/traefik/pull/8286) by [rtribotte](https://github.com/rtribotte))
- **[k8s,k8s/ingress]** Don't remove ingress config on API call failure ([#8185](https://github.com/traefik/traefik/pull/8185) by [dtomcej](https://github.com/dtomcej))
- **[middleware]** Ratelimiter: use correct ttlSeconds value, and always call Set ([#8254](https://github.com/traefik/traefik/pull/8254) by [mpl](https://github.com/mpl))
- **[tls]** Check if defaultcertificate is defined in store ([#8274](https://github.com/traefik/traefik/pull/8274) by [dtomcej](https://github.com/dtomcej))
## [v2.5.0-rc3](https://github.com/traefik/traefik/tree/v2.5.0-rc3) (2021-07-20) ## [v2.5.0-rc3](https://github.com/traefik/traefik/tree/v2.5.0-rc3) (2021-07-20)
[All Commits](https://github.com/traefik/traefik/compare/v2.5.0-rc2...v2.5.0-rc3) [All Commits](https://github.com/traefik/traefik/compare/v2.5.0-rc2...v2.5.0-rc3)

View file

@ -1,5 +1,5 @@
server: server:
image: rancher/k3s:v1.18.15-k3s1 image: rancher/k3s:v1.18.20-k3s1
command: server --disable-agent --no-deploy coredns --no-deploy servicelb --no-deploy traefik --no-deploy local-storage --no-deploy metrics-server --log /output/k3s.log command: server --disable-agent --no-deploy coredns --no-deploy servicelb --no-deploy traefik --no-deploy local-storage --no-deploy metrics-server --log /output/k3s.log
environment: environment:
- K3S_CLUSTER_SECRET=somethingtotallyrandom - K3S_CLUSTER_SECRET=somethingtotallyrandom
@ -12,7 +12,7 @@ server:
- 6443:6443 - 6443:6443
node: node:
image: rancher/k3s:v1.18.15-k3s1 image: rancher/k3s:v1.18.20-k3s1
privileged: true privileged: true
links: links:
- server - server

View file

@ -30,7 +30,12 @@ type rateLimiter struct {
burst int64 burst int64
// maxDelay is the maximum duration we're willing to wait for a bucket reservation to become effective, in nanoseconds. // maxDelay is the maximum duration we're willing to wait for a bucket reservation to become effective, in nanoseconds.
// For now it is somewhat arbitrarily set to 1/(2*rate). // For now it is somewhat arbitrarily set to 1/(2*rate).
maxDelay time.Duration maxDelay time.Duration
// each rate limiter for a given source is stored in the buckets ttlmap.
// To keep this ttlmap constrained in size,
// each ratelimiter is "garbage collected" when it is considered expired.
// It is considered expired after it hasn't been used for ttl seconds.
ttl int
sourceMatcher utils.SourceExtractor sourceMatcher utils.SourceExtractor
next http.Handler next http.Handler
@ -66,12 +71,15 @@ func New(ctx context.Context, next http.Handler, config dynamic.RateLimit, name
} }
period := time.Duration(config.Period) period := time.Duration(config.Period)
if period < 0 {
return nil, fmt.Errorf("negative value not valid for period: %v", period)
}
if period == 0 { if period == 0 {
period = time.Second period = time.Second
} }
// Logically, we should set maxDelay to infinity when config.Average == 0 (because it means no rate limiting), // if config.Average == 0, in that case,
// but since the reservation will give us a delay = 0 anyway in this case, we're good even with any maxDelay >= 0. // the value of maxDelay does not matter since the reservation will (buggily) give us a delay of 0 anyway.
var maxDelay time.Duration var maxDelay time.Duration
var rtl float64 var rtl float64
if config.Average > 0 { if config.Average > 0 {
@ -86,6 +94,17 @@ func New(ctx context.Context, next http.Handler, config dynamic.RateLimit, name
} }
} }
// Make the ttl inversely proportional to how often a rate limiter is supposed to see any activity (when maxed out),
// for low rate limiters.
// Otherwise just make it a second for all the high rate limiters.
// Add an extra second in both cases for continuity between the two cases.
ttl := 1
if rtl >= 1 {
ttl++
} else if rtl > 0 {
ttl += int(1 / rtl)
}
return &rateLimiter{ return &rateLimiter{
name: name, name: name,
rate: rate.Limit(rtl), rate: rate.Limit(rtl),
@ -94,6 +113,7 @@ func New(ctx context.Context, next http.Handler, config dynamic.RateLimit, name
next: next, next: next,
sourceMatcher: sourceMatcher, sourceMatcher: sourceMatcher,
buckets: buckets, buckets: buckets,
ttl: ttl,
}, nil }, nil
} }
@ -121,13 +141,21 @@ func (rl *rateLimiter) ServeHTTP(w http.ResponseWriter, r *http.Request) {
bucket = rlSource.(*rate.Limiter) bucket = rlSource.(*rate.Limiter)
} else { } else {
bucket = rate.NewLimiter(rl.rate, int(rl.burst)) bucket = rate.NewLimiter(rl.rate, int(rl.burst))
if err := rl.buckets.Set(source, bucket, int(rl.maxDelay)*10+1); err != nil {
logger.Errorf("could not insert bucket: %v", err)
http.Error(w, "could not insert bucket", http.StatusInternalServerError)
return
}
} }
// We Set even in the case where the source already exists,
// because we want to update the expiryTime everytime we get the source,
// as the expiryTime is supposed to reflect the activity (or lack thereof) on that source.
if err := rl.buckets.Set(source, bucket, rl.ttl); err != nil {
logger.Errorf("could not insert/update bucket: %v", err)
http.Error(w, "could not insert/update bucket", http.StatusInternalServerError)
return
}
// time/rate is bugged, since a rate.Limiter with a 0 Limit not only allows a Reservation to take place,
// but also gives a 0 delay below (because of a division by zero, followed by a multiplication that flips into the negatives),
// regardless of the current load.
// However, for now we take advantage of this behavior to provide the no-limit ratelimiter when config.Average is 0.
res := bucket.Reserve() res := bucket.Reserve()
if !res.OK() { if !res.OK() {
http.Error(w, "No bursty traffic allowed", http.StatusTooManyRequests) http.Error(w, "No bursty traffic allowed", http.StatusTooManyRequests)

View file

@ -4,11 +4,11 @@ RepositoryName = "traefik"
OutputType = "file" OutputType = "file"
FileName = "traefik_changelog.md" FileName = "traefik_changelog.md"
# example new bugfix v2.4.11 # example new bugfix v2.4.12
CurrentRef = "v2.4" CurrentRef = "v2.4"
PreviousRef = "v2.4.9" PreviousRef = "v2.4.11"
BaseBranch = "v2.4" BaseBranch = "v2.4"
FutureCurrentRefName = "v2.4.11" FutureCurrentRefName = "v2.4.12"
ThresholdPreviousRef = 10 ThresholdPreviousRef = 10
ThresholdCurrentRef = 10 ThresholdCurrentRef = 10