diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index 0df46760d..6f48169bb 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -2,11 +2,11 @@ PLEASE READ THIS MESSAGE. Documentation fixes or enhancements: -- for Traefik v2: use branch v2.9 +- for Traefik v2: use branch v2.10 - for Traefik v3: use branch master Bug fixes: -- for Traefik v2: use branch v2.9 +- for Traefik v2: use branch v2.10 - for Traefik v3: use branch master Enhancements: diff --git a/.github/workflows/documentation.yml b/.github/workflows/documentation.yml index fb7e99fa9..b799e0ca1 100644 --- a/.github/workflows/documentation.yml +++ b/.github/workflows/documentation.yml @@ -7,7 +7,7 @@ on: - v* env: - STRUCTOR_VERSION: v1.12.0 + STRUCTOR_VERSION: v1.13.1 MIXTUS_VERSION: v0.4.1 jobs: diff --git a/CHANGELOG.md b/CHANGELOG.md index b5892b51d..cc9a911ca 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,37 @@ +## [v2.10.0-rc1](https://github.com/traefik/traefik/tree/v2.10.0-rc1) (2023-03-22) +[All Commits](https://github.com/traefik/traefik/compare/b3f162a8a61d89beaa9edc8adc12cc4cb3e1de0f...v2.10.0-rc1) + +**Enhancements:** +- **[docker]** Expose ContainerName in Docker provider ([#9770](https://github.com/traefik/traefik/pull/9770) by [quinot](https://github.com/quinot)) +- **[hub]** hub: get out of experimental. ([#9792](https://github.com/traefik/traefik/pull/9792) by [mpl](https://github.com/mpl)) +- **[k8s/crd]** Introduce traefik.io API Group CRDs ([#9765](https://github.com/traefik/traefik/pull/9765) by [rtribotte](https://github.com/rtribotte)) +- **[k8s/ingress,k8s/crd,k8s]** Native Kubernetes service load-balancing ([#9740](https://github.com/traefik/traefik/pull/9740) by [rtribotte](https://github.com/rtribotte)) +- **[middleware,metrics]** Add prometheus metric requests_total with headers ([#9783](https://github.com/traefik/traefik/pull/9783) by [rtribotte](https://github.com/rtribotte)) +- **[nomad]** Support multiple namespaces in the Nomad Provider ([#9794](https://github.com/traefik/traefik/pull/9794) by [rtribotte](https://github.com/rtribotte)) +- **[tracing]** Add support to send DataDog traces via Unix Socket ([#9714](https://github.com/traefik/traefik/pull/9714) by [der-eismann](https://github.com/der-eismann)) + +**Documentation:** +- docs: update order of log levels ([#9791](https://github.com/traefik/traefik/pull/9791) by [svx](https://github.com/svx)) + +**Misc:** +- Merge current v2.9 into v2.10 ([#9798](https://github.com/traefik/traefik/pull/9798) by [ldez](https://github.com/ldez)) + +## [v2.9.9](https://github.com/traefik/traefik/tree/v2.9.9) (2023-03-21) +[All Commits](https://github.com/traefik/traefik/compare/v2.9.8...v2.9.9) + +**Bug fixes:** +- **[acme]** Update go-acme/lego to v4.10.2 ([#9749](https://github.com/traefik/traefik/pull/9749) by [ldez](https://github.com/ldez)) +- **[http3]** Update quic-go to v0.33.0 ([#9737](https://github.com/traefik/traefik/pull/9737) by [ldez](https://github.com/ldez)) +- **[metrics]** Include user-defined default cert for traefik_tls_certs_not_after metric ([#9742](https://github.com/traefik/traefik/pull/9742) by [rtribotte](https://github.com/rtribotte)) +- **[middleware]** Update vulcand/oxy to a0e9f7ff1040 ([#9750](https://github.com/traefik/traefik/pull/9750) by [ldez](https://github.com/ldez)) +- **[nomad]** Fix default configuration settings for Nomad Provider ([#9758](https://github.com/traefik/traefik/pull/9758) by [aofei](https://github.com/aofei)) +- **[nomad]** Fix Nomad client TLS defaults ([#9795](https://github.com/traefik/traefik/pull/9795) by [rtribotte](https://github.com/rtribotte)) +- **[server]** Remove User-Agent header removal from ReverseProxy director func ([#9752](https://github.com/traefik/traefik/pull/9752) by [rtribotte](https://github.com/rtribotte)) + +**Documentation:** +- **[middleware]** Clarify ratelimit middleware ([#9777](https://github.com/traefik/traefik/pull/9777) by [mpl](https://github.com/mpl)) +- **[tcp]** Correcting variable name 'server address' in TCP Router ([#9743](https://github.com/traefik/traefik/pull/9743) by [ralphg6](https://github.com/ralphg6)) + ## [v2.9.8](https://github.com/traefik/traefik/tree/v2.9.8) (2023-02-15) [All Commits](https://github.com/traefik/traefik/compare/v2.9.7...v2.9.8) @@ -174,13 +208,7 @@ Release canceled. - **[acme]** Fix ACME panic ([#9365](https://github.com/traefik/traefik/pull/9365) by [ldez](https://github.com/ldez)) **Documentation:** -- Prepare release v2.9.0 ([#9409](https://github.com/traefik/traefik/pull/9409) by [tomMoulard](https://github.com/tomMoulard)) - **[metrics]** Rework metrics overview page ([#9366](https://github.com/traefik/traefik/pull/9366) by [ddtmachado](https://github.com/ddtmachado)) -- Prepare release v2.9.0-rc5 ([#9402](https://github.com/traefik/traefik/pull/9402) by [ldez](https://github.com/ldez)) -- Prepare release v2.9.0-rc4 ([#9372](https://github.com/traefik/traefik/pull/9372) by [kevinpollet](https://github.com/kevinpollet)) -- Prepare release v2.9.0-rc3 ([#9344](https://github.com/traefik/traefik/pull/9344) by [kevinpollet](https://github.com/kevinpollet)) -- Prepare release v2.9.0-rc2 ([6c2c561](https://github.com/traefik/traefik/commit/6c2c561d8f935d76ccd07d28e1455c7768adc153) by [ldez](https://github.com/ldez)) -- Prepare release v2.9.0-rc1 ([#9334](https://github.com/traefik/traefik/pull/9334) by [rtribotte](https://github.com/rtribotte)) **Misc:** - Merge current v2.8 into v2.9 ([#9400](https://github.com/traefik/traefik/pull/9400) by [ldez](https://github.com/ldez)) diff --git a/docs/content/getting-started/install-traefik.md b/docs/content/getting-started/install-traefik.md index 9292897a7..a0a5df6ea 100644 --- a/docs/content/getting-started/install-traefik.md +++ b/docs/content/getting-started/install-traefik.md @@ -16,8 +16,8 @@ You can install Traefik with the following flavors: Choose one of the [official Docker images](https://hub.docker.com/_/traefik) and run it with one sample configuration file: -* [YAML](https://raw.githubusercontent.com/traefik/traefik/v2.9/traefik.sample.yml) -* [TOML](https://raw.githubusercontent.com/traefik/traefik/v2.9/traefik.sample.toml) +* [YAML](https://raw.githubusercontent.com/traefik/traefik/v3.0/traefik.sample.yml) +* [TOML](https://raw.githubusercontent.com/traefik/traefik/v3.0/traefik.sample.toml) ```bash docker run -d -p 8080:8080 -p 80:80 \ diff --git a/docs/content/migration/v2.md b/docs/content/migration/v2.md index 164dfb7c9..60cb2b813 100644 --- a/docs/content/migration/v2.md +++ b/docs/content/migration/v2.md @@ -502,6 +502,12 @@ In `v2.9`, Traefik Pilot support has been removed. ## v2.10 +### Nomad Namespace + +In `v2.10`, the `namespace` option of the Nomad provider is deprecated, please use the `namespaces` options instead. + +## v2.10 + ### Kubernetes CRDs In `v2.10`, the Kubernetes CRDs API Group `traefik.containo.us` is deprecated, and its support will end starting with Traefik v3. Please use the API Group `traefik.io` instead. diff --git a/docs/content/providers/kubernetes-crd.md b/docs/content/providers/kubernetes-crd.md index dccc60eb6..26579d758 100644 --- a/docs/content/providers/kubernetes-crd.md +++ b/docs/content/providers/kubernetes-crd.md @@ -35,10 +35,10 @@ the Traefik engineering team developed a [Custom Resource Definition](https://ku ```bash # Install Traefik Resource Definitions: - kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.9/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml + kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.0/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml # Install RBAC for Traefik: - kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.9/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml + kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.0/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml ``` ## Resource Configuration diff --git a/docs/content/providers/kubernetes-ingress.md b/docs/content/providers/kubernetes-ingress.md index 4d915a596..d6eb1b4e9 100644 --- a/docs/content/providers/kubernetes-ingress.md +++ b/docs/content/providers/kubernetes-ingress.md @@ -531,6 +531,6 @@ providers: ### Further To learn more about the various aspects of the Ingress specification that Traefik supports, -many examples of Ingresses definitions are located in the test [examples](https://github.com/traefik/traefik/tree/v2.9/pkg/provider/kubernetes/ingress/fixtures) of the Traefik repository. +many examples of Ingresses definitions are located in the test [examples](https://github.com/traefik/traefik/tree/v3.0/pkg/provider/kubernetes/ingress/fixtures) of the Traefik repository. {!traefik-for-business-applications.md!} diff --git a/docs/content/providers/nomad.md b/docs/content/providers/nomad.md index 3bc27d3b2..90b3eeb4d 100644 --- a/docs/content/providers/nomad.md +++ b/docs/content/providers/nomad.md @@ -442,6 +442,36 @@ For additional information, refer to [Restrict the Scope of Service Discovery](. ### `namespaces` +??? warning "Deprecated in favor of the [`namespaces`](#namespaces) option." + + _Optional, Default=""_ + + The `namespace` option defines the namespace in which the Nomad services will be discovered. + + !!! warning + + One should only define either the `namespaces` option or the `namespace` option. + + ```yaml tab="File (YAML)" + providers: + nomad: + namespace: "production" + # ... + ``` + + ```toml tab="File (TOML)" + [providers.nomad] + namespace = "production" + # ... + ``` + + ```bash tab="CLI" + --providers.nomad.namespace=production + # ... + ``` + +### `namespaces` + _Optional, Default=""_ The `namespaces` option defines the namespaces in which the nomad services will be discovered. diff --git a/docs/content/user-guides/crd-acme/index.md b/docs/content/user-guides/crd-acme/index.md index 67953a85b..7eac2b9f8 100644 --- a/docs/content/user-guides/crd-acme/index.md +++ b/docs/content/user-guides/crd-acme/index.md @@ -49,10 +49,10 @@ and the RBAC authorization resources which will be referenced through the `servi ```bash # Install Traefik Resource Definitions: -kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.9/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml +kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.0/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml # Install RBAC for Traefik: -kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.9/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml +kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.0/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml ``` ### Services @@ -60,7 +60,7 @@ kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.9/docs/con Then, the services. One for Traefik itself, and one for the app it routes for, i.e. in this case our demo HTTP server: [whoami](https://github.com/traefik/whoami). ```bash -kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.9/docs/content/user-guides/crd-acme/02-services.yml +kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.0/docs/content/user-guides/crd-acme/02-services.yml ``` ```yaml @@ -73,7 +73,7 @@ Next, the deployments, i.e. the actual pods behind the services. Again, one pod for Traefik, and one for the whoami app. ```bash -kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.9/docs/content/user-guides/crd-acme/03-deployments.yml +kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.0/docs/content/user-guides/crd-acme/03-deployments.yml ``` ```yaml @@ -100,7 +100,7 @@ Look it up. We can now finally apply the actual ingressRoutes, with: ```bash -kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.9/docs/content/user-guides/crd-acme/04-ingressroutes.yml +kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.0/docs/content/user-guides/crd-acme/04-ingressroutes.yml ``` ```yaml @@ -126,7 +126,7 @@ Nowadays, TLS v1.0 and v1.1 are deprecated. In order to force TLS v1.2 or later on all your IngressRoute, you can define the `default` TLSOption: ```bash -kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.9/docs/content/user-guides/crd-acme/05-tlsoption.yml +kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.0/docs/content/user-guides/crd-acme/05-tlsoption.yml ``` ```yaml diff --git a/pkg/provider/nomad/nomad.go b/pkg/provider/nomad/nomad.go index 41fb21d45..b836707eb 100644 --- a/pkg/provider/nomad/nomad.go +++ b/pkg/provider/nomad/nomad.go @@ -48,6 +48,13 @@ type item struct { ExtraConf configuration // global options } +// configuration contains information from the service's tags that are globals +// (not specific to the dynamic configuration). +type configuration struct { + Enable bool // .enable is the corresponding label. + Canary bool // .nomad.canary is the corresponding label. +} + // ProviderBuilder is responsible for constructing namespaced instances of the Nomad provider. type ProviderBuilder struct { Configuration `yaml:",inline" export:"true"` @@ -94,19 +101,34 @@ func (c *Configuration) SetDefaults() { Address: defConfig.Address, Region: defConfig.Region, Token: defConfig.SecretID, - TLS: &types.ClientTLS{ + } + + if defConfig.TLSConfig != nil && (defConfig.TLSConfig.Insecure || defConfig.TLSConfig.CACert != "" || defConfig.TLSConfig.ClientCert != "" || defConfig.TLSConfig.ClientKey != "") { + c.Endpoint.TLS = &types.ClientTLS{ CA: defConfig.TLSConfig.CACert, Cert: defConfig.TLSConfig.ClientCert, Key: defConfig.TLSConfig.ClientKey, InsecureSkipVerify: defConfig.TLSConfig.Insecure, - }, + } } + c.Prefix = defaultPrefix c.ExposedByDefault = true c.RefreshInterval = ptypes.Duration(15 * time.Second) c.DefaultRule = defaultTemplateRule } +type EndpointConfig struct { + // Address is the Nomad endpoint address, if empty it defaults to NOMAD_ADDR or "http://127.0.0.1:4646". + Address string `description:"The address of the Nomad server, including scheme and port." json:"address,omitempty" toml:"address,omitempty" yaml:"address,omitempty"` + // Region is the Nomad region, if empty it defaults to NOMAD_REGION. + Region string `description:"Nomad region to use. If not provided, the local agent region is used." json:"region,omitempty" toml:"region,omitempty" yaml:"region,omitempty"` + // Token is the ACL token to connect with Nomad, if empty it defaults to NOMAD_TOKEN. + Token string `description:"Token is used to provide a per-request ACL token." json:"token,omitempty" toml:"token,omitempty" yaml:"token,omitempty" loggable:"false"` + TLS *types.ClientTLS `description:"Configure TLS." json:"tls,omitempty" toml:"tls,omitempty" yaml:"tls,omitempty" export:"true"` + EndpointWaitTime ptypes.Duration `description:"WaitTime limits how long a Watch will block. If not provided, the agent default values will be used" json:"endpointWaitTime,omitempty" toml:"endpointWaitTime,omitempty" yaml:"endpointWaitTime,omitempty" export:"true"` +} + // Provider holds configuration along with the namespace it will discover services in. type Provider struct { Configuration @@ -117,15 +139,9 @@ type Provider struct { defaultRuleTpl *template.Template // default routing rule } -type EndpointConfig struct { - // Address is the Nomad endpoint address, if empty it defaults to NOMAD_ADDR or "http://127.0.0.1:4646". - Address string `description:"The address of the Nomad server, including scheme and port." json:"address,omitempty" toml:"address,omitempty" yaml:"address,omitempty"` - // Region is the Nomad region, if empty it defaults to NOMAD_REGION. - Region string `description:"Nomad region to use. If not provided, the local agent region is used." json:"region,omitempty" toml:"region,omitempty" yaml:"region,omitempty"` - // Token is the ACL token to connect with Nomad, if empty it defaults to NOMAD_TOKEN. - Token string `description:"Token is used to provide a per-request ACL token." json:"token,omitempty" toml:"token,omitempty" yaml:"token,omitempty" loggable:"false"` - TLS *types.ClientTLS `description:"Configure TLS." json:"tls,omitempty" toml:"tls,omitempty" yaml:"tls,omitempty" export:"true"` - EndpointWaitTime ptypes.Duration `description:"WaitTime limits how long a Watch will block. If not provided, the agent default values will be used" json:"endpointWaitTime,omitempty" toml:"endpointWaitTime,omitempty" yaml:"endpointWaitTime,omitempty" export:"true"` +// SetDefaults sets the default values for the Nomad Traefik Provider. +func (p *Provider) SetDefaults() { + p.Configuration.SetDefaults() } // Init the Nomad Traefik Provider. @@ -218,46 +234,6 @@ func (p *Provider) loadConfiguration(ctx context.Context, configurationC chan<- return nil } -func createClient(namespace string, endpoint *EndpointConfig) (*api.Client, error) { - return api.NewClient(&api.Config{ - Address: endpoint.Address, - Namespace: namespace, - Region: endpoint.Region, - SecretID: endpoint.Token, - WaitTime: time.Duration(endpoint.EndpointWaitTime), - TLSConfig: &api.TLSConfig{ - CACert: endpoint.TLS.CA, - ClientCert: endpoint.TLS.Cert, - ClientKey: endpoint.TLS.Key, - Insecure: endpoint.TLS.InsecureSkipVerify, - }, - }) -} - -// configuration contains information from the service's tags that are globals -// (not specific to the dynamic configuration). -type configuration struct { - Enable bool // .enable is the corresponding label. - Canary bool // .nomad.canary is the corresponding label. -} - -// getExtraConf returns a configuration with settings which are not part of the dynamic configuration (e.g. ".enable"). -func (p *Provider) getExtraConf(tags []string) configuration { - labels := tagsToLabels(tags, p.Prefix) - - enabled := p.ExposedByDefault - if v, exists := labels["traefik.enable"]; exists { - enabled = strings.EqualFold(v, "true") - } - - var canary bool - if v, exists := labels["traefik.nomad.canary"]; exists { - canary = strings.EqualFold(v, "true") - } - - return configuration{Enable: enabled, Canary: canary} -} - func (p *Provider) getNomadServiceData(ctx context.Context) ([]item, error) { // first, get list of service stubs opts := &api.QueryOptions{AllowStale: p.Stale} @@ -315,6 +291,23 @@ func (p *Provider) getNomadServiceData(ctx context.Context) ([]item, error) { return items, nil } +// getExtraConf returns a configuration with settings which are not part of the dynamic configuration (e.g. ".enable"). +func (p *Provider) getExtraConf(tags []string) configuration { + labels := tagsToLabels(tags, p.Prefix) + + enabled := p.ExposedByDefault + if v, exists := labels["traefik.enable"]; exists { + enabled = strings.EqualFold(v, "true") + } + + var canary bool + if v, exists := labels["traefik.nomad.canary"]; exists { + canary = strings.EqualFold(v, "true") + } + + return configuration{Enable: enabled, Canary: canary} +} + // fetchService queries Nomad API for services matching name, // that also have the .enable=true set in its tags. func (p *Provider) fetchService(ctx context.Context, name string) ([]*api.ServiceRegistration, error) { @@ -335,3 +328,24 @@ func (p *Provider) fetchService(ctx context.Context, name string) ([]*api.Servic } return services, nil } + +func createClient(namespace string, endpoint *EndpointConfig) (*api.Client, error) { + config := api.Config{ + Address: endpoint.Address, + Namespace: namespace, + Region: endpoint.Region, + SecretID: endpoint.Token, + WaitTime: time.Duration(endpoint.EndpointWaitTime), + } + + if endpoint.TLS != nil { + config.TLSConfig = &api.TLSConfig{ + CACert: endpoint.TLS.CA, + ClientCert: endpoint.TLS.Cert, + ClientKey: endpoint.TLS.Key, + Insecure: endpoint.TLS.InsecureSkipVerify, + } + } + + return api.NewClient(&config) +} diff --git a/pkg/provider/nomad/nomad_test.go b/pkg/provider/nomad/nomad_test.go index d532c2622..b83c7727c 100644 --- a/pkg/provider/nomad/nomad_test.go +++ b/pkg/provider/nomad/nomad_test.go @@ -89,7 +89,6 @@ func TestProvider_SetDefaults_Endpoint(t *testing.T) { envs: map[string]string{}, expected: &EndpointConfig{ Address: "http://127.0.0.1:4646", - TLS: &types.ClientTLS{}, }, }, { diff --git a/script/gcg/traefik-bugfix.toml b/script/gcg/traefik-bugfix.toml index 95128b3e2..189f8c451 100644 --- a/script/gcg/traefik-bugfix.toml +++ b/script/gcg/traefik-bugfix.toml @@ -4,11 +4,11 @@ RepositoryName = "traefik" OutputType = "file" FileName = "traefik_changelog.md" -# example new bugfix v2.9.8 +# example new bugfix v2.9.9 CurrentRef = "v2.9" -PreviousRef = "v2.9.7" +PreviousRef = "v2.9.8" BaseBranch = "v2.9" -FutureCurrentRefName = "v2.9.8" +FutureCurrentRefName = "v2.9.9" ThresholdPreviousRef = 10 ThresholdCurrentRef = 10