From ddf53494f0ff726410ceb94950e5600fcd04dbd7 Mon Sep 17 00:00:00 2001 From: Thomas Steinbach Date: Tue, 8 Sep 2020 10:32:03 +0200 Subject: [PATCH 01/12] fixed typo in buffering.md docs --- docs/content/middlewares/buffering.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/content/middlewares/buffering.md b/docs/content/middlewares/buffering.md index ced3878d5..b67bef2cf 100644 --- a/docs/content/middlewares/buffering.md +++ b/docs/content/middlewares/buffering.md @@ -165,7 +165,7 @@ http: ### `maxResponseBodyBytes` -With the `maxReesponseBodyBytes` option, you can configure the maximum allowed response size from the service (in Bytes). +With the `maxResponseBodyBytes` option, you can configure the maximum allowed response size from the service (in Bytes). If the response exceeds the allowed size, it is not forwarded to the client. The client gets a `413 (Request Entity Too Large) response` instead. From 5c8b8149eb06f6819f7ed1f851032b027d78a0fd Mon Sep 17 00:00:00 2001 From: kosssi Date: Tue, 8 Sep 2020 10:54:04 +0200 Subject: [PATCH 02/12] doc: fix typo in health check options --- docs/content/routing/services/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/content/routing/services/index.md b/docs/content/routing/services/index.md index cbc271dfc..61b86b2ec 100644 --- a/docs/content/routing/services/index.md +++ b/docs/content/routing/services/index.md @@ -317,7 +317,7 @@ Below are the available options for the health check mechanism: - `path` is appended to the server URL to set the health check endpoint. - `scheme`, if defined, will replace the server URL `scheme` for the health check endpoint -- `hostname`, if defined, will apply `Host` header `hostname` to the the health check request. +- `hostname`, if defined, will apply `Host` header `hostname` to the health check request. - `port`, if defined, will replace the server URL `port` for the health check endpoint. - `interval` defines the frequency of the health check calls. - `timeout` defines the maximum duration Traefik will wait for a health check request before considering the server failed (unhealthy). From 56329e89bb770029ca8c24e4db72ffbb1426f624 Mon Sep 17 00:00:00 2001 From: Toni Peric Date: Tue, 8 Sep 2020 17:52:03 +0200 Subject: [PATCH 03/12] Change wording --- docs/content/middlewares/circuitbreaker.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/content/middlewares/circuitbreaker.md b/docs/content/middlewares/circuitbreaker.md index 49d911101..c19415846 100644 --- a/docs/content/middlewares/circuitbreaker.md +++ b/docs/content/middlewares/circuitbreaker.md @@ -7,7 +7,7 @@ Don't Waste Time Calling Unhealthy Services The circuit breaker protects your system from stacking requests to unhealthy services (resulting in cascading failures). -When your system is healthy, the circuit is close (normal operations). +When your system is healthy, the circuit is closed (normal operations). When your system becomes unhealthy, the circuit becomes open and the requests are no longer forwarded (but handled by a fallback mechanism). To assess if your system is healthy, the circuit breaker constantly monitors the services. @@ -82,13 +82,13 @@ http: There are three possible states for your circuit breaker: -- Close (your service operates normally) +- Closed (your service operates normally) - Open (the fallback mechanism takes over your service) - Recovering (the circuit breaker tries to resume normal operations by progressively sending requests to your service) -### Close +### Closed -While close, the circuit breaker only collects metrics to analyze the behavior of the requests. +While the circuit is closed, the circuit breaker only collects metrics to analyze the behavior of the requests. At specified intervals (`checkPeriod`), it will evaluate `expression` to decide if its state must change. From 93b3d601d5f1a0a1e2642bc95756a027bed1f85f Mon Sep 17 00:00:00 2001 From: Jake Howard Date: Thu, 10 Sep 2020 15:44:04 +0100 Subject: [PATCH 04/12] Fix typo when comparing exported data --- docs/content/contributing/data-collection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/content/contributing/data-collection.md b/docs/content/contributing/data-collection.md index 67fe211c2..a91ef9e2b 100644 --- a/docs/content/contributing/data-collection.md +++ b/docs/content/contributing/data-collection.md @@ -85,7 +85,7 @@ Once a day (the first call begins 10 minutes after the start of Traefik), we col ca = "xxxx" cert = "xxxx" key = "xxxx" - insecureSkipVerify = false + insecureSkipVerify = true ``` ## The Code for Data Collection From 0f7c32262394925ba22e285f6799a585038ea2a3 Mon Sep 17 00:00:00 2001 From: Freddy Grieshaber Date: Tue, 15 Sep 2020 09:46:04 +0200 Subject: [PATCH 05/12] Improve documentation for usage of Kubernetes Ingress --- docs/content/https/tls.md | 10 +++++++++ docs/content/middlewares/overview.md | 32 ++++++++++++++++++++++++++-- 2 files changed, 40 insertions(+), 2 deletions(-) diff --git a/docs/content/https/tls.md b/docs/content/https/tls.md index 789a46937..a0f667d48 100644 --- a/docs/content/https/tls.md +++ b/docs/content/https/tls.md @@ -134,6 +134,16 @@ If no default certificate is provided, Traefik generates and uses a self-signed The TLS options allow one to configure some parameters of the TLS connection. +!!! important "TLSOptions in Kubernetes" + + When using the TLSOptions-CRD in Kubernetes, one might setup a default set of options that, + if not explicitly overwritten, should apply to all ingresses. To achieve that, you'll have to + create a TLSOptions CR with the name `default`. There may exist only one TLSOption with the + name `default` (across all namespaces) - otherwise they will be dropped. + To explicitly use a different TLSOption (and using the Kubernetes Ingress resources) you'll + have to add an annotation to the Ingress in the following form: + `traefik.ingress.kubernetes.io/router.tls.options: -@kubernetescrd` + ### Minimum TLS Version ```toml tab="File (TOML)" diff --git a/docs/content/middlewares/overview.md b/docs/content/middlewares/overview.md index 68862ec8f..622db7e86 100644 --- a/docs/content/middlewares/overview.md +++ b/docs/content/middlewares/overview.md @@ -25,7 +25,7 @@ whoami: - "traefik.http.routers.router1.middlewares=foo-add-prefix@docker" ``` -```yaml tab="Kubernetes" +```yaml tab="Kubernetes IngressRoute" # As a Kubernetes Traefik IngressRoute apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition @@ -148,6 +148,9 @@ then you'll have to append to the middleware name, the `@` separator, followed b In this case, since the definition of the middleware is not in kubernetes, specifying a "kubernetes namespace" when referring to the resource does not make any sense, and therefore this specification would be ignored even if present. + On the other hand, if you declare the middleware as a Custom Resource in Kubernetes and use the + non-crd Ingress objects, you'll have to add the kubernetes namespace of the middleware to the + annotation like this `-@kubernetescrd`. !!! abstract "Referencing a Middleware from Another Provider" @@ -178,7 +181,7 @@ then you'll have to append to the middleware name, the `@` separator, followed b - "traefik.http.routers.my-container.middlewares=add-foo-prefix@file" ``` - ```yaml tab="Kubernetes" + ```yaml tab="Kubernetes Ingress Route" apiVersion: traefik.containo.us/v1alpha1 kind: IngressRoute metadata: @@ -199,6 +202,31 @@ then you'll have to append to the middleware name, the `@` separator, followed b # A namespace specification such as above is ignored # when the cross-provider syntax is used. ``` + + ```yaml tab="Kubernetes Ingress" + apiVersion: traefik.containo.us/v1alpha1 + kind: Middleware + metadata: + name: stripprefix + namespace: appspace + spec: + stripPrefix: + prefixes: + - /stripit + + --- + apiVersion: networking.k8s.io/v1 + kind: Ingress + metadata: + name: ingress + namespace: appspace + annotations: + # referencing a middleware from Kubernetes CRD provider: + # -@kubernetescrd + "traefik.ingress.kubernetes.io/router.middlewares": appspace-stripprefix@kubernetescrd + spec: + # ... regular ingress definition + ``` ## Available Middlewares From b980c87effca3f12e9cc441123e99b0a8d4e6623 Mon Sep 17 00:00:00 2001 From: Matthieu Hostache Date: Tue, 15 Sep 2020 10:26:03 +0200 Subject: [PATCH 06/12] Avoid Traefik Pilot iframe code in Traefik webui regarding notifications --- webui/package-lock.json | 56 ++++++--- webui/package.json | 4 +- webui/src/components/_commons/NavBar.vue | 6 +- .../components/platform/PlatformAuthState.vue | 64 ++++++---- .../platform/PlatformNotification.vue | 113 ------------------ .../src/components/platform/PlatformPanel.vue | 78 ++++++------ webui/src/pages/dashboard/Index.vue | 6 +- webui/src/store/platform/index.js | 14 ++- 8 files changed, 143 insertions(+), 198 deletions(-) delete mode 100644 webui/src/components/platform/PlatformNotification.vue diff --git a/webui/package-lock.json b/webui/package-lock.json index ecca9afd0..9f66f9475 100644 --- a/webui/package-lock.json +++ b/webui/package-lock.json @@ -4871,8 +4871,7 @@ "decode-uri-component": { "version": "0.2.0", "resolved": "https://registry.npmjs.org/decode-uri-component/-/decode-uri-component-0.2.0.tgz", - "integrity": "sha1-6zkTMzRYd1y4TNGh+uBiEGu4dUU=", - "dev": true + "integrity": "sha1-6zkTMzRYd1y4TNGh+uBiEGu4dUU=" }, "deep-eql": { "version": "3.0.1", @@ -7270,9 +7269,9 @@ "dev": true }, "iframe-resizer": { - "version": "4.2.10", - "resolved": "https://registry.npmjs.org/iframe-resizer/-/iframe-resizer-4.2.10.tgz", - "integrity": "sha512-9T/AWavGI5Q7nw2ch7qatkKvhK6S11eatuSh0SXpPXN3MV0HtN97KyifWJSuMj47rD6jbqe1CXT91PLQbexvEQ==" + "version": "4.2.11", + "resolved": "https://registry.npmjs.org/iframe-resizer/-/iframe-resizer-4.2.11.tgz", + "integrity": "sha512-fj5vX5kkpRbMb5Qje6veIDzqoJpnCEqUDdSOwASOeQHYmb8hLYX6Ev2yXf3jjMs2MclwcYY3chyZ3diGKcr8DA==" }, "ignore": { "version": "3.3.10", @@ -8558,7 +8557,25 @@ "prepend-http": "^1.0.0", "query-string": "^4.1.0", "sort-keys": "^1.0.0" + }, + "dependencies": { + "query-string": { + "version": "4.3.4", + "resolved": "https://registry.npmjs.org/query-string/-/query-string-4.3.4.tgz", + "integrity": "sha1-u7aTucqRXCMlFbIosaArYJBD2+s=", + "dev": true, + "requires": { + "object-assign": "^4.1.0", + "strict-uri-encode": "^1.0.0" + } + } } + }, + "strict-uri-encode": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/strict-uri-encode/-/strict-uri-encode-1.1.0.tgz", + "integrity": "sha1-J5siXfHVgrH1TmWt3UNS4Y+qBxM=", + "dev": true } } }, @@ -11555,13 +11572,13 @@ "integrity": "sha512-3sdNDPrkLX0LGoTEqA3nimvl0Qj6KnTq9uvpbs8UrPLRdBhlHvE/LRYb33jcy4uNNbMTkat0VCPyHKOaf7CUHw==" }, "query-string": { - "version": "4.3.4", - "resolved": "https://registry.npmjs.org/query-string/-/query-string-4.3.4.tgz", - "integrity": "sha1-u7aTucqRXCMlFbIosaArYJBD2+s=", - "dev": true, + "version": "6.13.1", + "resolved": "https://registry.npmjs.org/query-string/-/query-string-6.13.1.tgz", + "integrity": "sha512-RfoButmcK+yCta1+FuU8REvisx1oEzhMKwhLUNcepQTPGcNMp1sIqjnfCtfnvGSQZQEhaBHvccujtWoUV3TTbA==", "requires": { - "object-assign": "^4.1.0", - "strict-uri-encode": "^1.0.0" + "decode-uri-component": "^0.2.0", + "split-on-first": "^1.0.0", + "strict-uri-encode": "^2.0.0" } }, "querystring": { @@ -12471,6 +12488,11 @@ "integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==", "dev": true }, + "semver-regex": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/semver-regex/-/semver-regex-3.1.1.tgz", + "integrity": "sha512-3dPcmFqxblWB/cppQ2qXWqlp9b6GLgAS032+Ec5E0waDVHTkwYIL+7BFI9UqEe0tkoHle2f3pBgvT/Xl95+Dig==" + }, "send": { "version": "0.17.1", "resolved": "https://registry.npmjs.org/send/-/send-0.17.1.tgz", @@ -13012,6 +13034,11 @@ } } }, + "split-on-first": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/split-on-first/-/split-on-first-1.1.0.tgz", + "integrity": "sha512-43ZssAJaMusuKWL8sKUBQXHWOpq8d6CfN/u1p4gUzfJkM05C8rxTmYrkIPTXapZpORA6LkkzcUulJ8FqA7Uudw==" + }, "split-string": { "version": "3.1.0", "resolved": "https://registry.npmjs.org/split-string/-/split-string-3.1.0.tgz", @@ -13141,10 +13168,9 @@ "dev": true }, "strict-uri-encode": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/strict-uri-encode/-/strict-uri-encode-1.1.0.tgz", - "integrity": "sha1-J5siXfHVgrH1TmWt3UNS4Y+qBxM=", - "dev": true + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/strict-uri-encode/-/strict-uri-encode-2.0.0.tgz", + "integrity": "sha1-ucczDHBChi9rFC3CdLvMWGbONUY=" }, "string-width": { "version": "2.1.1", diff --git a/webui/package.json b/webui/package.json index 6562fabee..69c92ed13 100644 --- a/webui/package.json +++ b/webui/package.json @@ -21,10 +21,12 @@ "bowser": "^2.5.2", "chart.js": "^2.8.0", "dot-prop": "^5.2.0", - "iframe-resizer": "^4.2.10", + "iframe-resizer": "^4.2.11", "lodash.isequal": "4.5.0", "moment": "^2.24.0", "quasar": "^1.4.4", + "query-string": "^6.13.1", + "semver-regex": "^3.1.1", "vh-check": "^2.0.5", "vue-chartjs": "^3.4.2", "vuex-map-fields": "^1.3.4" diff --git a/webui/src/components/_commons/NavBar.vue b/webui/src/components/_commons/NavBar.vue index 8da0cb77c..9dddc7e82 100644 --- a/webui/src/components/_commons/NavBar.vue +++ b/webui/src/components/_commons/NavBar.vue @@ -46,6 +46,7 @@ import config from '../../../package' import PlatformAuthState from '../platform/PlatformAuthState' import { mapActions, mapGetters } from 'vuex' +import semverRegex from 'semver-regex' export default { name: 'NavBar', @@ -53,7 +54,10 @@ export default { computed: { ...mapGetters('core', { coreVersion: 'version' }), version () { - return this.coreVersion.Version + if (!this.coreVersion.Version) return null + return semverRegex().test(this.coreVersion.Version) + ? this.coreVersion.Version + : this.coreVersion.Version.substring(0, 7) }, parsedVersion () { if (this.version === undefined) { diff --git a/webui/src/components/platform/PlatformAuthState.vue b/webui/src/components/platform/PlatformAuthState.vue index 63472f184..9d4bfea21 100644 --- a/webui/src/components/platform/PlatformAuthState.vue +++ b/webui/src/components/platform/PlatformAuthState.vue @@ -1,10 +1,10 @@