baalajimaestro/traefik
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Merge current v2.6 into master

Browse source
This commit is contained in:
Tom Moulard 2022-02-04 14:32:57 +01:00
parent 7543709ecf 6742dd8454
commit 764bf59d4d
No known key found for this signature in database
GPG key ID: 521ABE0C1A0DEAF6
7 changed files with 206 additions and 79 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
docs/content/https/acme.md
View file

@ -23,6 +23,8 @@ Certificates are requested for domain names retrieved from the router's [dynamic
You can read more about this retrieval mechanism in the following section: [ACME Domain Definition](#domain-definition).
!!! warning "Defining an [ACME challenge type](#the-different-acme-challenges) is a requirement for a certificate resolver to be functional."
!!! important "Defining a certificates resolver does not result in all routers automatically using it. Each router that is supposed to use the resolver must [reference](../routing/routers/index.md#certresolver) it."
??? note "Configuration Reference"
@ -158,6 +160,8 @@ When using LetsEncrypt with kubernetes, there are some known caveats with both t
## The Different ACME Challenges
!!! warning "Defining one ACME challenge is a requirement for a certificate resolver to be functional."
!!! important "Defining a certificates resolver does not result in all routers automatically using it. Each router that is supposed to use the resolver must [reference](../routing/routers/index.md#certresolver) it."
### `tlsChallenge`
@ -329,6 +333,7 @@ For complete details, refer to your provider's _Additional configuration_ link.
| [hosting.de](https://www.hosting.de) | `hostingde` | `HOSTINGDE_API_KEY`, `HOSTINGDE_ZONE_NAME` | [Additional configuration](https://go-acme.github.io/lego/dns/hostingde) |
| [Hosttech](https://www.hosttech.eu) | `hosttech` | `HOSTTECH_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/hosttech) |
| [HyperOne](https://www.hyperone.com) | `hyperone` | `HYPERONE_PASSPORT_LOCATION`, `HYPERONE_LOCATION_ID` | [Additional configuration](https://go-acme.github.io/lego/dns/hyperone) |
| [Hurricane Electric](https://dns.he.net) | `hurricane` | `HURRICANE_TOKENS` [^6] | [Additional configuration](https://go-acme.github.io/lego/dns/hurricane) |
| [IBM Cloud (SoftLayer)](https://www.ibm.com/cloud/) | `ibmcloud` | `SOFTLAYER_USERNAME`, `SOFTLAYER_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/ibmcloud) |
| [IIJ](https://www.iij.ad.jp/) | `iij` | `IIJ_API_ACCESS_KEY`, `IIJ_API_SECRET_KEY`, `IIJ_DO_SERVICE_CODE` | [Additional configuration](https://go-acme.github.io/lego/dns/iij) |
| [Infoblox](https://www.infoblox.com/) | `infoblox` | `INFOBLOX_USER`, `INFOBLOX_PASSWORD`, `INFOBLOX_HOST` | [Additional configuration](https://go-acme.github.io/lego/dns/infoblox) |
@ -387,11 +392,12 @@ For complete details, refer to your provider's _Additional configuration_ link.
| HTTP request | `httpreq` | `HTTPREQ_ENDPOINT`, `HTTPREQ_MODE`, `HTTPREQ_USERNAME`, `HTTPREQ_PASSWORD` [^1] | [Additional configuration](https://go-acme.github.io/lego/dns/httpreq) |
| manual | `manual` | none, but you need to run Traefik interactively [^4], turn on debug log to see instructions and press <kbd>Enter</kbd>. | |
[^1]: more information about the HTTP message format can be found [here](https://go-acme.github.io/lego/dns/httpreq/)
[^2]: [providing_credentials_to_your_application](https://cloud.google.com/docs/authentication/production)
[^1]: More information about the HTTP message format can be found [here](https://go-acme.github.io/lego/dns/httpreq/).
[^2]: [Providing credentials to your application](https://cloud.google.com/docs/authentication/production).
[^3]: [google/default.go](https://github.com/golang/oauth2/blob/36a7019397c4c86cf59eeab3bc0d188bac444277/google/default.go#L61-L76)
[^4]: `docker stack` remark: there is no way to support terminal attached to container when deploying with `docker stack`, so you might need to run container with `docker run -it` to generate certificates using `manual` provider.
[^5]: The `Global API Key` needs to be used, not the `Origin CA Key`.
[^6]: As explained in the [LEGO hurricane configuration](https://go-acme.github.io/lego/dns/hurricane/#credentials), each domain or wildcard (record name) needs a token. So each update of record name must be followed by an update of the `HURRICANE_TOKENS` variable, and a restart of Traefik.
!!! info "`delayBeforeCheck`"
By default, the `provider` verifies the TXT record _before_ letting ACME verify.

4
docs/content/observability/metrics/datadog.md
View file

@ -118,7 +118,7 @@ metrics:
```toml tab="File (TOML)"
[metrics]
[metrics.datadog]
pushInterval = 10s
pushInterval = "10s"
```
```bash tab="CLI"
@ -144,5 +144,5 @@ metrics:
```
```bash tab="CLI"
--metrics.datadog.prefix="traefik"
--metrics.datadog.prefix=traefik
```

38
docs/content/observability/metrics/influxdb.md
View file

@ -69,7 +69,7 @@ InfluxDB database used when protocol is http.
```yaml tab="File (YAML)"
metrics:
influxDB:
database: "db"
database: db
```
```toml tab="File (TOML)"
@ -91,7 +91,7 @@ InfluxDB retention policy used when protocol is http.
```yaml tab="File (YAML)"
metrics:
influxDB:
retentionPolicy: "two_hours"
retentionPolicy: two_hours
```
```toml tab="File (TOML)"
@ -113,7 +113,7 @@ InfluxDB username (only with http).
```yaml tab="File (YAML)"
metrics:
influxDB:
username: "john"
username: john
```
```toml tab="File (TOML)"
@ -135,7 +135,7 @@ InfluxDB password (only with http).
```yaml tab="File (YAML)"
metrics:
influxDB:
password: "secret"
password: secret
```
```toml tab="File (TOML)"
@ -176,18 +176,18 @@ _Optional, Default=false_
Enable metrics on routers.
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB]
addRoutersLabels = true
```
```yaml tab="File (YAML)"
metrics:
influxDB:
addRoutersLabels: true
```
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB]
addRoutersLabels = true
```
```bash tab="CLI"
--metrics.influxdb.addrouterslabels=true
```
@ -229,7 +229,7 @@ metrics:
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB]
pushInterval = 10s
pushInterval = "10s"
```
```bash tab="CLI"
@ -242,14 +242,6 @@ _Optional, Default={}_
Additional labels (influxdb tags) on all metrics.
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB]
[metrics.influxDB.additionalLabels]
host = "example.com"
environment = "production"
```
```yaml tab="File (YAML)"
metrics:
influxDB:
@ -258,6 +250,14 @@ metrics:
environment: production
```
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB]
[metrics.influxDB.additionalLabels]
host = "example.com"
environment = "production"
```
```bash tab="CLI"
--metrics.influxdb.additionallabels.host=example.com --metrics.influxdb.additionallabels.environment=production
```

193
docs/content/observability/metrics/overview.md
View file

@ -7,16 +7,16 @@ Traefik supports 4 metrics backends:
- [Prometheus](./prometheus.md)
- [StatsD](./statsd.md)
## Server Metrics
## Global Metrics
| Metric | DataDog | InfluxDB | Prometheus | StatsD |
|-------------------------------------------------------------------------|---------|----------|------------|--------|
| [Configuration reloads](#configuration-reloads) | ✓ | ✓ | ✓ | ✓ |
| [Configuration reload failures](#configuration-reload-failures) | ✓ | ✓ | ✓ | ✓ |
| [Last Configuration Reload Success](#last-configuration-reload-success) | ✓ | ✓ | ✓ | ✓ |
| [Last Configuration Reload Failure](#last-configuration-reload-failure) | ✓ | ✓ | ✓ | ✓ |
| [TLS certificates expiration](#tls-certificates-expiration) | ✓ | ✓ | ✓ | ✓ |
### Configuration Reloads
The total count of configuration reloads.
```dd tab="Datadog"
@ -36,27 +36,8 @@ traefik_config_reloads_total
{prefix}.config.reload.total
```
### Configuration Reload Failures
The total count of configuration reload failures.
```dd tab="Datadog"
config.reload.total (with tag "failure" to true)
```
```influxdb tab="InfluxDB"
traefik.config.reload.total.failure
```
```prom tab="Prometheus"
traefik_config_reloads_failure_total
```
```statsd tab="StatsD"
# Default prefix: "traefik"
{prefix}.config.reload.total.failure
```
### Last Configuration Reload Success
The timestamp of the last configuration reload success.
```dd tab="Datadog"
@ -76,24 +57,27 @@ traefik_config_last_reload_success
{prefix}.config.reload.lastSuccessTimestamp
```
### Last Configuration Reload Failure
The timestamp of the last configuration reload failure.
### TLS certificates expiration
The expiration date of certificates.
Available labels: `cn`, `sans`, `serial`.
```dd tab="Datadog"
config.reload.lastFailureTimestamp
tls.certs.notAfterTimestamp
```
```influxdb tab="InfluxDB"
traefik.config.reload.lastFailureTimestamp
traefik.tls.certs.notAfterTimestamp
```
```prom tab="Prometheus"
traefik_config_last_reload_failure
traefik_tls_certs_not_after
```
```statsd tab="StatsD"
# Default prefix: "traefik"
{prefix}.config.reload.lastFailureTimestamp
{prefix}.tls.certs.notAfterTimestamp
```
## EntryPoint Metrics
@ -101,12 +85,13 @@ traefik_config_last_reload_failure
| Metric | DataDog | InfluxDB | Prometheus | StatsD |
|-----------------------------------------------------------|---------|----------|------------|--------|
| [HTTP Requests Count](#http-requests-count) | ✓ | ✓ | ✓ | ✓ |
| [HTTPS Requests Count](#https-requests-count) | | | ✓ | |
| [HTTPS Requests Count](#https-requests-count) | ✓ | ✓ | ✓ | ✓ |
| [Request Duration Histogram](#request-duration-histogram) | ✓ | ✓ | ✓ | ✓ |
| [Open Connections Count](#open-connections-count) | ✓ | ✓ | ✓ | ✓ |
### HTTP Requests Count
The total count of HTTP requests processed on an entrypoint.
The total count of HTTP requests received by an entrypoint.
Available labels: `code`, `method`, `protocol`, `entrypoint`.
@ -128,16 +113,31 @@ traefik_entrypoint_requests_total
```
### HTTPS Requests Count
The total count of HTTPS requests processed on an entrypoint.
The total count of HTTPS requests received by an entrypoint.
Available labels: `tls_version`, `tls_cipher`, `entrypoint`.
```dd tab="Datadog"
entrypoint.request.tls.total
```
```influxdb tab="InfluxDB"
traefik.entrypoint.requests.tls.total
```
```prom tab="Prometheus"
traefik_entrypoint_requests_tls_total
```
```statsd tab="StatsD"
# Default prefix: "traefik"
{prefix}.entrypoint.request.tls.total
```
### Request Duration Histogram
Request process time duration histogram on an entrypoint.
Request processing duration histogram on an entrypoint.
Available labels: `code`, `method`, `protocol`, `entrypoint`.
@ -159,6 +159,7 @@ traefik_entrypoint_request_duration_seconds
```
### Open Connections Count
The current count of open connections on an entrypoint.
Available labels: `method`, `protocol`, `entrypoint`.
@ -180,18 +181,120 @@ traefik_entrypoint_open_connections
{prefix}.entrypoint.connections.open
```
## Service Metrics
## Router Metrics
| Metric | DataDog | InfluxDB | Prometheus | StatsD |
|-------------------------------------------------------------|---------|----------|------------|--------|
| [HTTP Requests Count](#http-requests-count_1) | ✓ | ✓ | ✓ | ✓ |
| [HTTPS Requests Count](#https-requests-count_1) | | | ✓ | |
| [HTTPS Requests Count](#https-requests-count_1) | ✓ | ✓ | ✓ | ✓ |
| [Request Duration Histogram](#request-duration-histogram_1) | ✓ | ✓ | ✓ | ✓ |
| [Open Connections Count](#open-connections-count_1) | ✓ | ✓ | ✓ | ✓ |
### HTTP Requests Count
The total count of HTTP requests handled by a router.
Available labels: `code`, `method`, `protocol`, `router`, `service`.
```dd tab="Datadog"
router.request.total
```
```influxdb tab="InfluxDB"
traefik.router.requests.total
```
```prom tab="Prometheus"
traefik_router_requests_total
```
```statsd tab="StatsD"
# Default prefix: "traefik"
{prefix}.router.request.total
```
### HTTPS Requests Count
The total count of HTTPS requests handled by a router.
Available labels: `tls_version`, `tls_cipher`, `router`, `service`.
```dd tab="Datadog"
router.request.tls.total
```
```influxdb tab="InfluxDB"
traefik.router.requests.tls.total
```
```prom tab="Prometheus"
traefik_router_requests_tls_total
```
```statsd tab="StatsD"
# Default prefix: "traefik"
{prefix}.router.request.tls.total
```
### Request Duration Histogram
Request processing duration histogram on a router.
Available labels: `code`, `method`, `protocol`, `router`, `service`.
```dd tab="Datadog"
router.request.duration
```
```influxdb tab="InfluxDB"
traefik.router.request.duration
```
```prom tab="Prometheus"
traefik_router_request_duration_seconds
```
```statsd tab="StatsD"
# Default prefix: "traefik"
{prefix}.router.request.duration
```
### Open Connections Count
The current count of open connections on a router.
Available labels: `method`, `protocol`, `router`, `service`.
```dd tab="Datadog"
router.connections.open
```
```influxdb tab="InfluxDB"
traefik.router.connections.open
```
```prom tab="Prometheus"
traefik_router_open_connections
```
```statsd tab="StatsD"
# Default prefix: "traefik"
{prefix}.router.connections.open
```
## Service Metrics
| Metric | DataDog | InfluxDB | Prometheus | StatsD |
|-------------------------------------------------------------|---------|----------|------------|--------|
| [HTTP Requests Count](#http-requests-count_2) | ✓ | ✓ | ✓ | ✓ |
| [HTTPS Requests Count](#https-requests-count_2) | ✓ | ✓ | ✓ | ✓ |
| [Request Duration Histogram](#request-duration-histogram_2) | ✓ | ✓ | ✓ | ✓ |
| [Open Connections Count](#open-connections-count_2) | ✓ | ✓ | ✓ | ✓ |
| [Requests Retries Count](#requests-retries-count) | ✓ | ✓ | ✓ | ✓ |
| [Service Server UP](#service-server-up) | ✓ | ✓ | ✓ | ✓ |
### HTTP Requests Count
The total count of HTTP requests processed on a service.
Available labels: `code`, `method`, `protocol`, `service`.
@ -214,16 +317,31 @@ traefik_service_requests_total
```
### HTTPS Requests Count
The total count of HTTPS requests processed on a service.
Available labels: `tls_version`, `tls_cipher`, `service`.
```dd tab="Datadog"
router.service.tls.total
```
```influxdb tab="InfluxDB"
traefik.service.requests.tls.total
```
```prom tab="Prometheus"
traefik_service_requests_tls_total
```
```statsd tab="StatsD"
# Default prefix: "traefik"
{prefix}.service.request.tls.total
```
### Request Duration Histogram
Request process time duration histogram on a service.
Request processing duration histogram on a service.
Available labels: `code`, `method`, `protocol`, `service`.
@ -245,6 +363,7 @@ traefik_service_request_duration_seconds
```
### Open Connections Count
The current count of open connections on a service.
Available labels: `method`, `protocol`, `service`.
@ -267,6 +386,7 @@ traefik_service_open_connections
```
### Requests Retries Count
The count of requests retries on a service.
Available labels: `service`.
@ -289,6 +409,7 @@ traefik_service_retries_total
```
### Service Server UP
Current service's server status, described by a gauge with a value of 0 for a down server or a value of 1 for an up server.
Available labels: `service`, `url`.

16
docs/content/observability/metrics/prometheus.md
View file

@ -39,7 +39,7 @@ metrics:
```
```bash tab="CLI"
--metrics.prometheus.buckets=0.100000, 0.300000, 1.200000, 5.000000
--metrics.prometheus.buckets=0.1,0.3,1.2,5.0
```
#### `addEntryPointsLabels`
@ -70,18 +70,18 @@ _Optional, Default=false_
Enable metrics on routers.
```toml tab="File (TOML)"
[metrics]
[metrics.prometheus]
addRoutersLabels = true
```
```yaml tab="File (YAML)"
metrics:
prometheus:
addRoutersLabels: true
```
```toml tab="File (TOML)"
[metrics]
[metrics.prometheus]
addRoutersLabels = true
```
```bash tab="CLI"
--metrics.prometheus.addrouterslabels=true
```
@ -117,7 +117,7 @@ Entry point used to expose metrics.
```yaml tab="File (YAML)"
entryPoints:
metrics:
address: ":8082"
address: :8082
metrics:
prometheus:

16
docs/content/observability/metrics/statsd.md
View file

@ -66,18 +66,18 @@ _Optional, Default=false_
Enable metrics on entry points.
```toml tab="File (TOML)"
[metrics]
[metrics.statsD]
addRoutersLabels = true
```
```yaml tab="File (YAML)"
metrics:
statsD:
addRoutersLabels: true
```
```toml tab="File (TOML)"
[metrics]
[metrics.statsD]
addRoutersLabels = true
```
```bash tab="CLI"
--metrics.statsd.addrouterslabels=true
```
@ -119,7 +119,7 @@ metrics:
```toml tab="File (TOML)"
[metrics]
[metrics.statsD]
pushInterval = 10s
pushInterval = "10s"
```
```bash tab="CLI"
@ -145,5 +145,5 @@ metrics:
```
```bash tab="CLI"
--metrics.statsd.prefix="traefik"
--metrics.statsd.prefix=traefik
```

8
pkg/provider/acme/challenge_http.go
View file

@ -103,7 +103,7 @@ func (c *ChallengeHTTP) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
func (c *ChallengeHTTP) getTokenValue(ctx context.Context, token, domain string) []byte {
logger := log.FromContext(ctx)
logger.Debugf("Retrieving the ACME challenge for token %s...", token)
logger.Debugf("Retrieving the ACME challenge for %s (token %q)...", domain, token)
var result []byte
@ -112,13 +112,13 @@ func (c *ChallengeHTTP) getTokenValue(ctx context.Context, token, domain string)
defer c.lock.RUnlock()
if _, ok := c.httpChallenges[token]; !ok {
return fmt.Errorf("cannot find challenge for token %s", token)
return fmt.Errorf("cannot find challenge for token %q (%s)", token, domain)
}
var ok bool
result, ok = c.httpChallenges[token][domain]
if !ok {
return fmt.Errorf("cannot find challenge for domain %s", domain)
return fmt.Errorf("cannot find challenge for %s (token %q)", domain, token)
}
return nil
@ -132,7 +132,7 @@ func (c *ChallengeHTTP) getTokenValue(ctx context.Context, token, domain string)
ebo.MaxElapsedTime = 60 * time.Second
err := backoff.RetryNotify(safe.OperationWithRecover(operation), ebo, notify)
if err != nil {
logger.Errorf("Cannot retrieve the ACME challenge for token %v: %v", token, err)
logger.Errorf("Cannot retrieve the ACME challenge for %s (token %q): %v", domain, token, err)
return []byte{}
}