diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index b01448af0..1cade3ff1 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -2,11 +2,11 @@ PLEASE READ THIS MESSAGE. Documentation fixes or enhancements: -- for Traefik v2: use branch v2.10 +- for Traefik v2: use branch v2.11 - for Traefik v3: use branch v3.0 Bug fixes: -- for Traefik v2: use branch v2.10 +- for Traefik v2: use branch v2.11 - for Traefik v3: use branch v3.0 Enhancements: diff --git a/CHANGELOG.md b/CHANGELOG.md index a570148ec..d0cabd687 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,31 @@ +## [v2.11.0-rc1](https://github.com/traefik/traefik/tree/v2.11.0-rc1) (2024-01-02) +[All Commits](https://github.com/traefik/traefik/compare/0a7964300166d167f68d5502bc245b3b9c8842b4...v2.11.0-rc1) + +**Enhancements:** +- **[middleware]** Deprecate IPWhiteList middleware in favor of IPAllowList ([#10249](https://github.com/traefik/traefik/pull/10249) by [lbenguigui](https://github.com/lbenguigui)) +- **[redis]** Add Redis Sentinel support ([#10245](https://github.com/traefik/traefik/pull/10245) by [youkoulayley](https://github.com/youkoulayley)) +- **[server]** Add KeepAliveMaxTime and KeepAliveMaxRequests features to entrypoints ([#10247](https://github.com/traefik/traefik/pull/10247) by [juliens](https://github.com/juliens)) +- **[sticky-session]** Hash WRR sticky cookies ([#10243](https://github.com/traefik/traefik/pull/10243) by [youkoulayley](https://github.com/youkoulayley)) + +**Bug fixes:** +- **[file]** Update github.com/fsnotify/fsnotify to v1.7.0 ([#10313](https://github.com/traefik/traefik/pull/10313) by [ldez](https://github.com/ldez)) +- **[http3]** Update quic-go to v0.40.1 ([#10296](https://github.com/traefik/traefik/pull/10296) by [ldez](https://github.com/ldez)) +- **[server]** Fix ReadHeaderTimeout for PROXY protocol ([#10320](https://github.com/traefik/traefik/pull/10320) by [juliens](https://github.com/juliens)) + +**Documentation:** +- **[acme]** Fix TLS challenge explanation ([#10293](https://github.com/traefik/traefik/pull/10293) by [cavokz](https://github.com/cavokz)) +- **[docker,acme]** Fix typo ([#10294](https://github.com/traefik/traefik/pull/10294) by [youpsla](https://github.com/youpsla)) +- **[docker]** Update wording of compose example ([#10276](https://github.com/traefik/traefik/pull/10276) by [svx](https://github.com/svx)) +- **[k8s/crd]** Adjust deprecation notice for Kubernetes CRD provider ([#10317](https://github.com/traefik/traefik/pull/10317) by [rtribotte](https://github.com/rtribotte)) +- Fix description for anonymous usage statistics references ([#10287](https://github.com/traefik/traefik/pull/10287) by [ariyonaty](https://github.com/ariyonaty)) +- Documentation enhancements ([#10261](https://github.com/traefik/traefik/pull/10261) by [svx](https://github.com/svx)) + +## [v2.10.7](https://github.com/traefik/traefik/tree/v2.10.7) (2023-12-06) +[All Commits](https://github.com/traefik/traefik/compare/v2.10.6...v2.10.7) + +**Bug fixes:** +- **[logs]** Fixed datadog logs json format issue ([#10233](https://github.com/traefik/traefik/pull/10233) by [sssash18](https://github.com/sssash18)) + ## [v3.0.0-beta5](https://github.com/traefik/traefik/tree/v3.0.0-beta5) (2023-11-29) [All Commits](https://github.com/traefik/traefik/compare/v3.0.0-beta4...v3.0.0-beta5) diff --git a/LICENSE.md b/LICENSE.md index d56287566..fda9f5084 100644 --- a/LICENSE.md +++ b/LICENSE.md @@ -1,6 +1,6 @@ The MIT License (MIT) -Copyright (c) 2016-2020 Containous SAS; 2020-2023 Traefik Labs +Copyright (c) 2016-2020 Containous SAS; 2020-2024 Traefik Labs Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/docs/content/deprecation/features.md b/docs/content/deprecation/features.md index c5f0f2dfe..50b42873b 100644 --- a/docs/content/deprecation/features.md +++ b/docs/content/deprecation/features.md @@ -4,7 +4,7 @@ This page is maintained and updated periodically to reflect our roadmap and any | Feature | Deprecated | End of Support | Removal | |----------------------------------------------------------------------------------------------------------------------|------------|----------------|---------| -| [Kubernetes CRDs API Version `traefik.io/v1alpha1`](#kubernetes-crds-api-version-traefikiov1alpha1) | N/A | N/A | 3.0 | +| [Kubernetes CRDs API Version `traefik.io/v1alpha1`](#kubernetes-crds-api-version-traefikiov1alpha1) | 3.0 | N/A | 4.0 | | [Kubernetes Ingress API Version `networking.k8s.io/v1beta1`](#kubernetes-ingress-api-version-networkingk8siov1beta1) | N/A | N/A | 3.0 | | [CRD API Version `apiextensions.k8s.io/v1beta1`](#kubernetes-ingress-api-version-networkingk8siov1beta1) | N/A | N/A | 3.0 | @@ -12,7 +12,7 @@ This page is maintained and updated periodically to reflect our roadmap and any ### Kubernetes CRDs API Version `traefik.io/v1alpha1` -The newly introduced Kubernetes CRD API Version `traefik.io/v1alpha1` will subsequently be removed in Traefik v3. The following version will be `traefik.io/v1`. +The Kubernetes CRD provider API Version `traefik.io/v1alpha1` will subsequently be deprecated in Traefik v3. The next version will be `traefik.io/v1`. ### Kubernetes Ingress API Version `networking.k8s.io/v1beta1` diff --git a/docs/content/getting-started/configuration-overview.md b/docs/content/getting-started/configuration-overview.md index 261103b87..c194562e1 100644 --- a/docs/content/getting-started/configuration-overview.md +++ b/docs/content/getting-started/configuration-overview.md @@ -82,11 +82,11 @@ docker run traefik[:version] --help # ex: docker run traefik:v3.0 --help ``` -All available arguments can also be found [here](../reference/static-configuration/cli.md). +Check the [CLI reference](../reference/static-configuration/cli.md "Link to CLI reference overview") for an overview about all available arguments. ### Environment Variables -All available environment variables can be found [here](../reference/static-configuration/env.md) +All available environment variables can be found in the [static configuration environment overview](../reference/static-configuration/env.md). ## Available Configuration Options diff --git a/docs/content/getting-started/faq.md b/docs/content/getting-started/faq.md index caa82058f..761e8d3a7 100644 --- a/docs/content/getting-started/faq.md +++ b/docs/content/getting-started/faq.md @@ -29,7 +29,7 @@ Not to mention that dynamic configuration changes potentially make that kind of Therefore, in this dynamic context, the static configuration of an `entryPoint` does not give any hint whatsoever about how the traffic going through that `entryPoint` is going to be routed. Or whether it's even going to be routed at all, -i.e. whether there is a Router matching the kind of traffic going through it. +that is whether there is a Router matching the kind of traffic going through it. ### `404 Not found` @@ -71,7 +71,7 @@ Traefik returns a `502` response code when an error happens while contacting the ### `503 Service Unavailable` -Traefik returns a `503` response code when a Router has been matched +Traefik returns a `503` response code when a Router has been matched, but there are no servers ready to handle the request. This situation is encountered when a service has been explicitly configured without servers, @@ -84,7 +84,7 @@ Sometimes, the `404` response code doesn't play well with other parties or servi In these situations, you may want Traefik to always reply with a `503` response code, instead of a `404` response code. -To achieve this behavior, a simple catchall router, +To achieve this behavior, a catchall router, with the lowest possible priority and routing to a service without servers, can handle all the requests when no other router has been matched. @@ -130,7 +130,7 @@ http: the principle of the above example above (a catchall router) still stands, but the `unavailable` service should be adapted to fit such a need. -## Why Is My TLS Certificate Not Reloaded When Its Contents Change? +## Why Is My TLS Certificate Not Reloaded When Its Contents Change? With the file provider, a configuration update is only triggered when one of the [watched](../providers/file.md#provider-configuration) configuration files is modified. @@ -216,7 +216,7 @@ error: field not found, node: -badField- The "field not found" error occurs, when an unknown property is encountered in the dynamic or static configuration. -One easy way to check whether a configuration file is well-formed, is to validate it with: +One way to check whether a configuration file is well-formed, is to validate it with: - [JSON Schema of the static configuration](https://json.schemastore.org/traefik-v2.json) - [JSON Schema of the dynamic configuration](https://json.schemastore.org/traefik-v2-file-provider.json) @@ -226,11 +226,11 @@ One easy way to check whether a configuration file is well-formed, is to validat As a common tip, if a resource is dropped/not created by Traefik after the dynamic configuration was evaluated, one should look for an error in the logs. -If found, the error obviously confirms that something went wrong while creating the resource, +If found, the error confirms that something went wrong while creating the resource, and the message should help in figuring out the mistake(s) in the configuration, and how to fix it. When using the file provider, -one easy way to check if the dynamic configuration is well-formed is to validate it with the [JSON Schema of the dynamic configuration](https://json.schemastore.org/traefik-v2-file-provider.json). +one way to check if the dynamic configuration is well-formed is to validate it with the [JSON Schema of the dynamic configuration](https://json.schemastore.org/traefik-v2-file-provider.json). ## Why does Let's Encrypt wildcard certificate renewal/generation with DNS challenge fail? @@ -248,6 +248,6 @@ then it could be due to `CNAME` support. In which case, you should make sure your infrastructure is properly set up for a `DNS` challenge that does not rely on `CNAME`, and you should try disabling `CNAME` support with: -```bash +```shell LEGO_DISABLE_CNAME_SUPPORT=true ``` diff --git a/docs/content/getting-started/install-traefik.md b/docs/content/getting-started/install-traefik.md index a0a5df6ea..630202288 100644 --- a/docs/content/getting-started/install-traefik.md +++ b/docs/content/getting-started/install-traefik.md @@ -19,7 +19,7 @@ Choose one of the [official Docker images](https://hub.docker.com/_/traefik) and * [YAML](https://raw.githubusercontent.com/traefik/traefik/v3.0/traefik.sample.yml) * [TOML](https://raw.githubusercontent.com/traefik/traefik/v3.0/traefik.sample.toml) -```bash +```shell docker run -d -p 8080:8080 -p 80:80 \ -v $PWD/traefik.yml:/etc/traefik/traefik.yml traefik:v3.0 ``` @@ -59,7 +59,7 @@ You can update the chart repository by running: helm repo update ``` -And install it with the `helm` command line: +And install it with the Helm command line: ```bash helm install traefik traefik/traefik @@ -69,7 +69,7 @@ helm install traefik traefik/traefik All [Helm features](https://helm.sh/docs/intro/using_helm/) are supported. - Examples are provided [here](https://github.com/traefik/traefik-helm-chart/blob/master/EXAMPLES.md). + Examples are provided [here](https://github.com/traefik/traefik-helm-chart/blob/master/EXAMPLES.md). For instance, installing the chart in a dedicated namespace: @@ -106,7 +106,7 @@ helm install traefik traefik/traefik ### Exposing the Traefik dashboard -This HelmChart does not expose the Traefik dashboard by default, for security concerns. +This Helm chart does not expose the Traefik dashboard by default, for security concerns. Thus, there are multiple ways to expose the dashboard. For instance, the dashboard access could be achieved through a port-forward: diff --git a/docs/content/getting-started/quick-start-with-kubernetes.md b/docs/content/getting-started/quick-start-with-kubernetes.md index 00f9fccd2..30530522d 100644 --- a/docs/content/getting-started/quick-start-with-kubernetes.md +++ b/docs/content/getting-started/quick-start-with-kubernetes.md @@ -1,23 +1,23 @@ --- title: "Traefik Getting Started With Kubernetes" -description: "Looking to get started with Traefik Proxy? Read the technical documentation to learn a simple use case that leverages Kubernetes." +description: "Get started with Traefik Proxy and Kubernetes." --- # Quick Start -A Simple Use Case of Traefik Proxy and Kubernetes +A Use Case of Traefik Proxy and Kubernetes {: .subtitle } -This guide is an introduction to using Traefik Proxy in a Kubernetes environment. -The objective is to learn how to run an application behind a Traefik reverse proxy in Kubernetes. +This guide is an introduction to using Traefik Proxy in a Kubernetes environment. +The objective is to learn how to run an application behind a Traefik reverse proxy in Kubernetes. It presents and explains the basic blocks required to start with Traefik such as Ingress Controller, Ingresses, Deployments, static, and dynamic configuration. ## Permissions and Accesses Traefik uses the Kubernetes API to discover running services. -In order to use the Kubernetes API, Traefik needs some permissions. -This [permission mechanism](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) is based on roles defined by the cluster administrator. +To use the Kubernetes API, Traefik needs some permissions. +This [permission mechanism](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) is based on roles defined by the cluster administrator. The role is then bound to an account used by an application, in this case, Traefik Proxy. The first step is to create the role. @@ -88,7 +88,7 @@ roleRef: subjects: - kind: ServiceAccount name: traefik-account - namespace: default # Using "default" because we did not specify a namespace when creating the ClusterAccount. + namespace: default # This tutorial uses the "default" K8s namespace. ``` !!! info "`roleRef` is the Kubernetes reference to the role created in `00-role.yml`." @@ -102,7 +102,7 @@ subjects: !!! info "This section can be managed with the help of the [Traefik Helm chart](../install-traefik/#use-the-helm-chart)." The [ingress controller](https://traefik.io/glossary/kubernetes-ingress-and-ingress-controller-101/#what-is-a-kubernetes-ingress-controller) -is a software that runs in the same way as any other application on a cluster. +is a software that runs in the same way as any other application on a cluster. To start Traefik on the Kubernetes cluster, a [`Deployment`](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/deployment-v1/) resource must exist to describe how to configure and scale containers horizontally to support larger workloads. @@ -141,12 +141,12 @@ spec: containerPort: 8080 ``` -The deployment contains an important attribute for customizing Traefik: `args`. -These arguments are the static configuration for Traefik. +The deployment contains an important attribute for customizing Traefik: `args`. +These arguments are the static configuration for Traefik. From here, it is possible to enable the dashboard, configure entry points, select dynamic configuration providers, -and [more](../reference/static-configuration/cli.md)... +and [more](../reference/static-configuration/cli.md). In this deployment, the static configuration enables the Traefik dashboard, @@ -159,10 +159,10 @@ and uses Kubernetes native Ingress resources as router definitions to route inco !!! info "When enabling the [`api.insecure`](../../operations/api/#insecure) mode, Traefik exposes the dashboard on the port `8080`." A deployment manages scaling and then can create lots of containers, called [Pods](https://kubernetes.io/docs/concepts/workloads/pods/). -Each Pod is configured following the `spec` field in the deployment. +Each Pod is configured following the `spec` field in the deployment. Given that, a Deployment can run multiple Traefik Proxy Pods, a piece is required to forward the traffic to any of the instance: -namely a [`Service`](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/service-v1/#Service). +namely a [`Service`](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/service-v1/#Service). Create a file called `02-traefik-services.yml` and insert the two `Service` resources: ```yaml tab="02-traefik-services.yml" @@ -195,7 +195,7 @@ spec: !!! warning "It is possible to expose a service in different ways." - Depending on your working environment and use case, the `spec.type` might change. + Depending on your working environment and use case, the `spec.type` might change. It is strongly recommended to understand the available [service types](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) before proceeding to the next step. It is now time to apply those files on your cluster to start Traefik. @@ -210,11 +210,11 @@ kubectl apply -f 00-role.yml \ ## Proxying applications -The only part still missing is the business application behind the reverse proxy. +The only part still missing is the business application behind the reverse proxy. For this guide, we use the example application [traefik/whoami](https://github.com/traefik/whoami), but the principles are applicable to any other application. -The `whoami` application is a simple HTTP server running on port 80 which answers host-related information to the incoming requests. +The `whoami` application is an HTTP server running on port 80 which answers host-related information to the incoming requests. As usual, start by creating a file called `03-whoami.yml` and paste the following `Deployment` resource: ```yaml tab="03-whoami.yml" @@ -262,8 +262,8 @@ spec: ``` Thanks to the Kubernetes API, -Traefik is notified when an Ingress resource is created, updated, or deleted. -This makes the process dynamic. +Traefik is notified when an Ingress resource is created, updated, or deleted. +This makes the process dynamic. The ingresses are, in a way, the [dynamic configuration](../../providers/kubernetes-ingress/) for Traefik. !!! tip diff --git a/docs/content/getting-started/quick-start.md b/docs/content/getting-started/quick-start.md index e4007910d..a33eb4b22 100644 --- a/docs/content/getting-started/quick-start.md +++ b/docs/content/getting-started/quick-start.md @@ -1,11 +1,11 @@ --- title: "Traefik Getting Started Quickly" -description: "Looking to get started with Traefik Proxy quickly? Read the technical documentation to see a basic use case that leverages Docker." +description: "Get started with Traefik Proxy and Docker." --- # Quick Start -A Basic Use Case Using Docker +A Use Case Using Docker {: .subtitle } ![quickstart-diagram](../assets/img/quickstart-diagram.png) @@ -19,9 +19,9 @@ version: '3' services: reverse-proxy: - # The official v3 Traefik Docker image + # The official v2 Traefik docker image image: traefik:v3.0 - # Enables the web UI and tells Traefik to listen to Docker + # Enables the web UI and tells Traefik to listen to docker command: --api.insecure=true --providers.docker ports: # The HTTP port @@ -41,11 +41,11 @@ Start your `reverse-proxy` with the following command: docker-compose up -d reverse-proxy ``` -You can open a browser and go to `http://localhost:8080/api/rawdata` to see Traefik's API rawdata (we'll go back there once we have launched a service in step 2). +You can open a browser and go to `http://localhost:8080/api/rawdata` to see Traefik's API rawdata (you'll go back there once you have launched a service in step 2). ## Traefik Detects New Services and Creates the Route for You -Now that we have a Traefik instance up and running, we will deploy new services. +Now that you have a Traefik instance up and running, you will deploy new services. Edit your `docker-compose.yml` file and add the following at the end of your file. @@ -63,7 +63,7 @@ services: - "traefik.http.routers.whoami.rule=Host(`whoami.docker.localhost`)" ``` -The above defines [`whoami`](https://github.com/traefik/whoami "Link to whoami app on GitHub"), a web service that outputs information about the machine it is deployed on (its IP address, host, etc.). +The above defines `whoami`: a web service that outputs information about the machine it is deployed on (its IP address, host, and others). Start the `whoami` service with the following command: @@ -73,7 +73,7 @@ docker-compose up -d whoami Browse `http://localhost:8080/api/rawdata` and see that Traefik has automatically detected the new container and updated its own configuration. -When Traefik detects new services, it creates the corresponding routes, so you can call them ... _let's see!_ (Here, we're using curl) +When Traefik detects new services, it creates the corresponding routes, so you can call them ... _let's see!_ (Here, you're using curl) ```shell curl -H Host:whoami.docker.localhost http://127.0.0.1 @@ -103,7 +103,7 @@ Finally, see that Traefik load-balances between the two instances of your servic curl -H Host:whoami.docker.localhost http://127.0.0.1 ``` -The output will show alternatively one of the followings: +The output will show alternatively one of the following: ```yaml Hostname: a656c8ddca6c diff --git a/docs/content/index.md b/docs/content/index.md index afcc18db8..072faae0b 100644 --- a/docs/content/index.md +++ b/docs/content/index.md @@ -18,7 +18,7 @@ Traefik is natively compliant with every major cluster technology, such as Kuber With Traefik, there is no need to maintain and synchronize a separate configuration file: everything happens automatically, in real time (no restarts, no connection interruptions). With Traefik, you spend time developing and deploying new features to your system, not on configuring and maintaining its working state. -Developing Traefik, our main goal is to make it simple to use, and we're sure you'll enjoy it. +Developing Traefik, our main goal is to make it effortless to use, and we're sure you'll enjoy it. -- The Traefik Maintainer Team diff --git a/docs/content/middlewares/http/ipallowlist.md b/docs/content/middlewares/http/ipallowlist.md index d62e253bb..703b9f89b 100644 --- a/docs/content/middlewares/http/ipallowlist.md +++ b/docs/content/middlewares/http/ipallowlist.md @@ -8,7 +8,21 @@ description: "Learn how to use IPAllowList in HTTP middleware for limiting clien Limiting Clients to Specific IPs {: .subtitle } +<<<<<<<< HEAD:docs/content/middlewares/http/ipallowlist.md IPAllowList accepts / refuses requests based on the client IP. +|||||||| dae0491b6:docs/content/middlewares/http/ipwhitelist.md +![IpWhiteList](../../assets/img/middleware/ipwhitelist.png) + +IPWhitelist accepts / refuses requests based on the client IP. +======== +![IPWhiteList](../../assets/img/middleware/ipwhitelist.png) + +IPWhiteList accepts / refuses requests based on the client IP. + +!!! warning + + This middleware is deprecated, please use the [IPAllowList](./ipallowlist.md) middleware instead. +>>>>>>>> upstream/v2.11:docs/content/middlewares/http/ipwhitelist.md ## Configuration Examples diff --git a/docs/content/middlewares/tcp/ipallowlist.md b/docs/content/middlewares/tcp/ipallowlist.md index e8466b94e..7f1859dd0 100644 --- a/docs/content/middlewares/tcp/ipallowlist.md +++ b/docs/content/middlewares/tcp/ipallowlist.md @@ -8,7 +8,7 @@ description: "Learn how to use IPAllowList in TCP middleware for limiting client Limiting Clients to Specific IPs {: .subtitle } -IPAllowList accepts / refuses connections based on the client IP. +IPWhitelist accepts / refuses connections based on the client IP. ## Configuration Examples diff --git a/docs/content/migration/v2.md b/docs/content/migration/v2.md index 7d14ae9aa..6db72ea76 100644 --- a/docs/content/migration/v2.md +++ b/docs/content/migration/v2.md @@ -526,3 +526,13 @@ kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.10/docs/co ### Traefik Hub In `v2.10`, Traefik Hub configuration has been removed because Traefik Hub v2 doesn't require this configuration. + +## v2.11 + +### IPWhiteList (HTTP) + +In `v2.11`, the `IPWhiteList` middleware is deprecated, please use the [IPAllowList](../middlewares/http/ipallowlist.md) middleware instead. + +### IPWhiteList (TCP) + +In `v2.11`, the `IPWhiteList` middleware is deprecated, please use the [IPAllowList](../middlewares/tcp/ipallowlist.md) middleware instead. diff --git a/docs/content/operations/dashboard.md b/docs/content/operations/dashboard.md index 5b79dfc98..170d5ebe4 100644 --- a/docs/content/operations/dashboard.md +++ b/docs/content/operations/dashboard.md @@ -71,11 +71,11 @@ with a router attached to the service `api@internal` in the to allow defining: - One or more security features through [middlewares](../middlewares/overview.md) - like authentication ([basicAuth](../middlewares/http/basicauth.md) , [digestAuth](../middlewares/http/digestauth.md), + like authentication ([basicAuth](../middlewares/http/basicauth.md), [digestAuth](../middlewares/http/digestauth.md), [forwardAuth](../middlewares/http/forwardauth.md)) or [allowlisting](../middlewares/http/ipallowlist.md). - A [router rule](#dashboard-router-rule) for accessing the dashboard, - through Traefik itself (sometimes referred as "Traefik-ception"). + through Traefik itself (sometimes referred to as "Traefik-ception"). ### Dashboard Router Rule @@ -83,7 +83,7 @@ As underlined in the [documentation for the `api.dashboard` option](./api.md#das the [router rule](../routing/routers/index.md#rule) defined for Traefik must match the path prefixes `/api` and `/dashboard`. -We recommend to use a "Host Based rule" as ```Host(`traefik.example.com`)``` to match everything on the host domain, +We recommend using a "Host Based rule" as ```Host(`traefik.example.com`)``` to match everything on the host domain, or to make sure that the defined rule captures both prefixes: ```bash tab="Host Rule" diff --git a/docs/content/operations/ping.md b/docs/content/operations/ping.md index 3dc1de3d9..a2b4577f3 100644 --- a/docs/content/operations/ping.md +++ b/docs/content/operations/ping.md @@ -33,7 +33,7 @@ whose default value is `traefik` (port `8080`). | Path | Method | Description | |---------|---------------|-----------------------------------------------------------------------------------------------------| -| `/ping` | `GET`, `HEAD` | A simple endpoint to check for Traefik process liveness. Return a code `200` with the content: `OK` | +| `/ping` | `GET`, `HEAD` | An endpoint to check for Traefik process liveness. Return a code `200` with the content: `OK` | !!! note The `cli` comes with a [`healthcheck`](./cli.md#healthcheck) command which can be used for calling this endpoint. @@ -92,10 +92,11 @@ ping: _Optional, Default=503_ During the period in which Traefik is gracefully shutting down, the ping handler -returns a 503 status code by default. If Traefik is behind e.g. a load-balancer +returns a `503` status code by default. +If Traefik is behind, for example a load-balancer doing health checks (such as the Kubernetes LivenessProbe), another code might -be expected as the signal for graceful termination. In which case, the -terminatingStatusCode can be used to set the code returned by the ping +be expected as the signal for graceful termination. +In that case, the terminatingStatusCode can be used to set the code returned by the ping handler during termination. ```yaml tab="File (YAML)" diff --git a/docs/content/providers/docker.md b/docs/content/providers/docker.md index c42748ddb..312c1ad26 100644 --- a/docs/content/providers/docker.md +++ b/docs/content/providers/docker.md @@ -163,7 +163,7 @@ See the [Docker API Access](#docker-api-access) section for more information. services: traefik: - image: traefik:v3.0 # The official v2 Traefik docker image + image: traefik:v3.0 # The official v3 Traefik docker image ports: - "80:80" volumes: diff --git a/docs/content/providers/redis.md b/docs/content/providers/redis.md index bd61e103c..309531423 100644 --- a/docs/content/providers/redis.md +++ b/docs/content/providers/redis.md @@ -229,3 +229,166 @@ providers: ```bash tab="CLI" --providers.redis.tls.insecureSkipVerify=true ``` + +### `sentinel` + +_Optional_ + +Defines the Sentinel configuration used to interact with Redis Sentinel. + +#### `masterName` + +_Required_ + +`masterName` is the name of the Sentinel master. + +```yaml tab="File (YAML)" +providers: + redis: + sentinel: + masterName: my-master +``` + +```toml tab="File (TOML)" +[providers.redis.sentinel] + masterName = "my-master" +``` + +```bash tab="CLI" +--providers.redis.sentinel.masterName=my-master +``` + +#### `username` + +_Optional_ + +`username` is the username for Sentinel authentication. + +```yaml tab="File (YAML)" +providers: + redis: + sentinel: + username: user +``` + +```toml tab="File (TOML)" +[providers.redis.sentinel] + username = "user" +``` + +```bash tab="CLI" +--providers.redis.sentinel.username=user +``` + +#### `password` + +_Optional_ + +`password` is the password for Sentinel authentication. + +```yaml tab="File (YAML)" +providers: + redis: + sentinel: + password: password +``` + +```toml tab="File (TOML)" +[providers.redis.sentinel] + password = "password" +``` + +```bash tab="CLI" +--providers.redis.sentinel.password=password +``` + +#### `latencyStrategy` + +_Optional, Default=false_ + +`latencyStrategy` defines whether to route commands to the closest master or replica nodes +(mutually exclusive with RandomStrategy and ReplicaStrategy). + +```yaml tab="File (YAML)" +providers: + redis: + sentinel: + latencyStrategy: true +``` + +```toml tab="File (TOML)" +[providers.redis.sentinel] +latencyStrategy = true +``` + +```bash tab="CLI" +--providers.redis.sentinel.latencyStrategy=true +``` + +#### `randomStrategy` + +_Optional, Default=false_ + +`randomStrategy` defines whether to route commands randomly to master or replica nodes +(mutually exclusive with LatencyStrategy and ReplicaStrategy). + +```yaml tab="File (YAML)" +providers: + redis: + sentinel: + randomStrategy: true +``` + +```toml tab="File (TOML)" +[providers.redis.sentinel] +randomStrategy = true +``` + +```bash tab="CLI" +--providers.redis.sentinel.randomStrategy=true +``` + +#### `replicaStrategy` + +_Optional, Default=false_ + +`replicaStrategy` Defines whether to route all commands to replica nodes +(mutually exclusive with LatencyStrategy and RandomStrategy). + +```yaml tab="File (YAML)" +providers: + redis: + sentinel: + replicaStrategy: true +``` + +```toml tab="File (TOML)" +[providers.redis.sentinel] +replicaStrategy = true +``` + +```bash tab="CLI" +--providers.redis.sentinel.replicaStrategy=true +``` + +#### `useDisconnectedReplicas` + +_Optional, Default=false_ + +`useDisconnectedReplicas` defines whether to use replicas disconnected with master when cannot get connected replicas. + +```yaml tab="File (YAML)" +providers: + redis: + sentinel: + useDisconnectedReplicas: true +``` + +```toml tab="File (TOML)" +[providers.redis.sentinel] +useDisconnectedReplicas = true +``` + +```bash tab="CLI" +--providers.redis.sentinel.useDisconnectedReplicas=true +``` diff --git a/docs/content/reference/dynamic-configuration/docker-labels.yml b/docs/content/reference/dynamic-configuration/docker-labels.yml index fb497fe41..26ef425c7 100644 --- a/docs/content/reference/dynamic-configuration/docker-labels.yml +++ b/docs/content/reference/dynamic-configuration/docker-labels.yml @@ -163,6 +163,7 @@ - "traefik.http.services.service01.loadbalancer.server.scheme=foobar" - "traefik.tcp.middlewares.tcpmiddleware00.ipallowlist.sourcerange=foobar, foobar" - "traefik.tcp.middlewares.tcpmiddleware01.inflightconn.amount=42" +- "traefik.tcp.middlewares.tcpmiddleware02.ipallowlist.sourcerange=foobar, foobar" - "traefik.tcp.routers.tcprouter0.entrypoints=foobar, foobar" - "traefik.tcp.routers.tcprouter0.middlewares=foobar, foobar" - "traefik.tcp.routers.tcprouter0.rule=foobar" diff --git a/docs/content/reference/dynamic-configuration/file.yaml b/docs/content/reference/dynamic-configuration/file.yaml index e760e19ec..aa61082de 100644 --- a/docs/content/reference/dynamic-configuration/file.yaml +++ b/docs/content/reference/dynamic-configuration/file.yaml @@ -450,6 +450,11 @@ tcp: TCPMiddleware01: inFlightConn: amount: 42 + TCPMiddleware02: + ipAllowList: + sourceRange: + - foobar + - foobar serversTransports: TCPServersTransport0: dialTimeout: 42s diff --git a/docs/content/reference/dynamic-configuration/marathon-labels.json b/docs/content/reference/dynamic-configuration/marathon-labels.json new file mode 100644 index 000000000..e69de29bb diff --git a/docs/content/reference/static-configuration/cli-ref.md b/docs/content/reference/static-configuration/cli-ref.md index 030d8fa2c..8f6441ea9 100644 --- a/docs/content/reference/static-configuration/cli-ref.md +++ b/docs/content/reference/static-configuration/cli-ref.md @@ -177,6 +177,12 @@ Trust all. (Default: ```false```) `--entrypoints..proxyprotocol.trustedips`: Trust only selected IPs. +`--entrypoints..transport.keepalivemaxrequests`: +Maximum number of requests before closing a keep-alive connection. (Default: ```0```) + +`--entrypoints..transport.keepalivemaxtime`: +Maximum duration before closing a keep-alive connection. (Default: ```0```) + `--entrypoints..transport.lifecycle.gracetimeout`: Duration to give active requests a chance to finish before Traefik stops. (Default: ```10```) @@ -217,7 +223,7 @@ plugin's version. Periodically check if a new version has been released. (Default: ```true```) `--global.sendanonymoususage`: -Periodically send anonymous usage statistics. If the option is not specified, it will be enabled by default. (Default: ```false```) +Periodically send anonymous usage statistics. If the option is not specified, it will be disabled by default. (Default: ```false```) `--hostresolver`: Enable CNAME Flattening. (Default: ```false```) @@ -822,6 +828,27 @@ Password for authentication. `--providers.redis.rootkey`: Root key used for KV store. (Default: ```traefik```) +`--providers.redis.sentinel.latencystrategy`: +Defines whether to route commands to the closest master or replica nodes (mutually exclusive with RandomStrategy and ReplicaStrategy). (Default: ```false```) + +`--providers.redis.sentinel.mastername`: +Name of the master. + +`--providers.redis.sentinel.password`: +Password for Sentinel authentication. + +`--providers.redis.sentinel.randomstrategy`: +Defines whether to route commands randomly to master or replica nodes (mutually exclusive with LatencyStrategy and ReplicaStrategy). (Default: ```false```) + +`--providers.redis.sentinel.replicastrategy`: +Defines whether to route all commands to replica nodes (mutually exclusive with LatencyStrategy and RandomStrategy). (Default: ```false```) + +`--providers.redis.sentinel.usedisconnectedreplicas`: +Use replicas disconnected with master when cannot get connected replicas. (Default: ```false```) + +`--providers.redis.sentinel.username`: +Username for Sentinel authentication. + `--providers.redis.tls.ca`: TLS CA diff --git a/docs/content/reference/static-configuration/env-ref.md b/docs/content/reference/static-configuration/env-ref.md index cec5bd2a4..2a8302879 100644 --- a/docs/content/reference/static-configuration/env-ref.md +++ b/docs/content/reference/static-configuration/env-ref.md @@ -177,6 +177,12 @@ Trust all. (Default: ```false```) `TRAEFIK_ENTRYPOINTS__PROXYPROTOCOL_TRUSTEDIPS`: Trust only selected IPs. +`TRAEFIK_ENTRYPOINTS__TRANSPORT_KEEPALIVEMAXREQUESTS`: +Maximum number of requests before closing a keep-alive connection. (Default: ```0```) + +`TRAEFIK_ENTRYPOINTS__TRANSPORT_KEEPALIVEMAXTIME`: +Maximum duration before closing a keep-alive connection. (Default: ```0```) + `TRAEFIK_ENTRYPOINTS__TRANSPORT_LIFECYCLE_GRACETIMEOUT`: Duration to give active requests a chance to finish before Traefik stops. (Default: ```10```) @@ -217,7 +223,7 @@ plugin's version. Periodically check if a new version has been released. (Default: ```true```) `TRAEFIK_GLOBAL_SENDANONYMOUSUSAGE`: -Periodically send anonymous usage statistics. If the option is not specified, it will be enabled by default. (Default: ```false```) +Periodically send anonymous usage statistics. If the option is not specified, it will be disabled by default. (Default: ```false```) `TRAEFIK_HOSTRESOLVER`: Enable CNAME Flattening. (Default: ```false```) @@ -822,6 +828,27 @@ Password for authentication. `TRAEFIK_PROVIDERS_REDIS_ROOTKEY`: Root key used for KV store. (Default: ```traefik```) +`TRAEFIK_PROVIDERS_REDIS_SENTINEL_LATENCYSTRATEGY`: +Defines whether to route commands to the closest master or replica nodes (mutually exclusive with RandomStrategy and ReplicaStrategy). (Default: ```false```) + +`TRAEFIK_PROVIDERS_REDIS_SENTINEL_MASTERNAME`: +Name of the master. + +`TRAEFIK_PROVIDERS_REDIS_SENTINEL_PASSWORD`: +Password for Sentinel authentication. + +`TRAEFIK_PROVIDERS_REDIS_SENTINEL_RANDOMSTRATEGY`: +Defines whether to route commands randomly to master or replica nodes (mutually exclusive with LatencyStrategy and ReplicaStrategy). (Default: ```false```) + +`TRAEFIK_PROVIDERS_REDIS_SENTINEL_REPLICASTRATEGY`: +Defines whether to route all commands to replica nodes (mutually exclusive with LatencyStrategy and RandomStrategy). (Default: ```false```) + +`TRAEFIK_PROVIDERS_REDIS_SENTINEL_USEDISCONNECTEDREPLICAS`: +Use replicas disconnected with master when cannot get connected replicas. (Default: ```false```) + +`TRAEFIK_PROVIDERS_REDIS_SENTINEL_USERNAME`: +Username for Sentinel authentication. + `TRAEFIK_PROVIDERS_REDIS_TLS_CA`: TLS CA diff --git a/docs/content/reference/static-configuration/file.toml b/docs/content/reference/static-configuration/file.toml index a6b0f0bc0..5ae9a9356 100644 --- a/docs/content/reference/static-configuration/file.toml +++ b/docs/content/reference/static-configuration/file.toml @@ -35,6 +35,8 @@ address = "foobar" asDefault = true [entryPoints.EntryPoint0.transport] + keepAliveMaxRequests = 42 + keepAliveMaxTime = "42s" [entryPoints.EntryPoint0.transport.lifeCycle] requestAcceptGraceTimeout = "42s" graceTimeOut = "42s" @@ -242,6 +244,14 @@ cert = "foobar" key = "foobar" insecureSkipVerify = true + [providers.redis.sentinel] + masterName = "foobar" + username = "foobar" + password = "foobar" + latencyStrategy = true + randomStrategy = true + replicaStrategy = true + useDisconnectedReplicas = true [providers.http] endpoint = "foobar" pollInterval = "42s" diff --git a/docs/content/reference/static-configuration/file.yaml b/docs/content/reference/static-configuration/file.yaml index 7372f9a2a..0dc2390c2 100644 --- a/docs/content/reference/static-configuration/file.yaml +++ b/docs/content/reference/static-configuration/file.yaml @@ -36,6 +36,8 @@ entryPoints: address: foobar asDefault: true transport: + keepAliveMaxRequests: 42 + keepAliveMaxTime: 42s lifeCycle: requestAcceptGraceTimeout: 42s graceTimeOut: 42s @@ -271,6 +273,14 @@ providers: cert: foobar key: foobar insecureSkipVerify: true + sentinel: + masterName: foobar + username: foobar + password: foobar + latencyStrategy: true + randomStrategy: true + replicaStrategy: true + useDisconnectedReplicas: true http: endpoint: foobar pollInterval: 42s diff --git a/docs/content/routing/entrypoints.md b/docs/content/routing/entrypoints.md index ae3d9412c..cd79c3cfd 100644 --- a/docs/content/routing/entrypoints.md +++ b/docs/content/routing/entrypoints.md @@ -623,17 +623,77 @@ Controls the behavior of Traefik during the shutdown phase. --entryPoints.name.transport.lifeCycle.graceTimeOut=42 ``` +#### `keepAliveMaxRequests` + +_Optional, Default=0_ + +The maximum number of requests Traefik can handle before sending a `Connection: Close` header to the client (for HTTP2, Traefik sends a GOAWAY). Zero means no limit. + + ```yaml tab="File (YAML)" + ## Static configuration + entryPoints: + name: + address: ":8888" + transport: + keepAliveMaxRequests: 42 + ``` + + ```toml tab="File (TOML)" + ## Static configuration + [entryPoints] + [entryPoints.name] + address = ":8888" + [entryPoints.name.transport] + keepAliveMaxRequests = 42 + ``` + + ```bash tab="CLI" + ## Static configuration + --entryPoints.name.address=:8888 + --entryPoints.name.transport.keepAliveRequests=42 + ``` + +#### `keepAliveMaxTime` + +_Optional, Default=0s_ + +The maximum duration Traefik can handle requests before sending a `Connection: Close` header to the client (for HTTP2, Traefik sends a GOAWAY). Zero means no limit. + + ```yaml tab="File (YAML)" + ## Static configuration + entryPoints: + name: + address: ":8888" + transport: + keepAliveMaxTime: 42s + ``` + + ```toml tab="File (TOML)" + ## Static configuration + [entryPoints] + [entryPoints.name] + address = ":8888" + [entryPoints.name.transport] + keepAliveMaxTime = 42s + ``` + + ```bash tab="CLI" + ## Static configuration + --entryPoints.name.address=:8888 + --entryPoints.name.transport.keepAliveTime=42s + ``` + ### ProxyProtocol -Traefik supports [ProxyProtocol](https://www.haproxy.org/download/2.0/doc/proxy-protocol.txt) version 1 and 2. +Traefik supports [PROXY protocol](https://www.haproxy.org/download/2.0/doc/proxy-protocol.txt) version 1 and 2. -If Proxy Protocol header parsing is enabled for the entry point, this entry point can accept connections with or without Proxy Protocol headers. +If PROXY protocol header parsing is enabled for the entry point, this entry point can accept connections with or without PROXY protocol headers. -If the Proxy Protocol header is passed, then the version is determined automatically. +If the PROXY protocol header is passed, then the version is determined automatically. ??? info "`proxyProtocol.trustedIPs`" - Enabling Proxy Protocol with Trusted IPs. + Enabling PROXY protocol with Trusted IPs. ```yaml tab="File (YAML)" ## Static configuration @@ -696,7 +756,7 @@ If the Proxy Protocol header is passed, then the version is determined automatic !!! warning "Queuing Traefik behind Another Load Balancer" - When queuing Traefik behind another load-balancer, make sure to configure Proxy Protocol on both sides. + When queuing Traefik behind another load-balancer, make sure to configure PROXY protocol on both sides. Not doing so could introduce a security risk in your system (enabling request forgery). ## HTTP Options diff --git a/docs/content/user-guides/docker-compose/acme-dns/index.md b/docs/content/user-guides/docker-compose/acme-dns/index.md index 59872c44e..84fc9c8dc 100644 --- a/docs/content/user-guides/docker-compose/acme-dns/index.md +++ b/docs/content/user-guides/docker-compose/acme-dns/index.md @@ -3,9 +3,9 @@ title: "Traefik Docker DNS Challenge Documentation" description: "Learn how to create a certificate with the Let's Encrypt DNS challenge to use HTTPS on a Service exposed with Traefik Proxy. Read the tehnical documentation." --- -# Docker-compose with let's encrypt: DNS Challenge +# Docker-compose with Let's Encrypt: DNS Challenge -This guide aim to demonstrate how to create a certificate with the let's encrypt DNS challenge to use https on a simple service exposed with Traefik. +This guide aim to demonstrate how to create a certificate with the Let's Encrypt DNS challenge to use https on a simple service exposed with Traefik. Please also read the [basic example](../basic-example) for details on how to expose such a service. ## Prerequisite @@ -52,7 +52,7 @@ For the DNS challenge, you'll need: !!! Note If you uncommented the `acme.caserver` line, you will get an SSL error, but if you display the certificate and see it was emitted by `Fake LE Intermediate X1` then it means all is good. - (It is the staging environment intermediate certificate used by let's encrypt). + (It is the staging environment intermediate certificate used by Let's Encrypt). You can now safely comment the `acme.caserver` line, remove the `letsencrypt/acme.json` file and restart Traefik to issue a valid certificate. ## Explanation @@ -69,7 +69,7 @@ ports: - "443:443" ``` -- We configure the DNS let's encrypt challenge: +- We configure the DNS Let's Encrypt challenge: ```yaml command: @@ -77,7 +77,7 @@ command: - "--certificatesresolvers.myresolver.acme.dnschallenge=true" # Tell which provider to use - "--certificatesresolvers.myresolver.acme.dnschallenge.provider=ovh" - # The email to provide to let's encrypt + # The email to provide to Let's Encrypt - "--certificatesresolvers.myresolver.acme.email=postmaster@example.com" ``` @@ -175,7 +175,7 @@ services: - "ovh_consumer_key" ``` -- The environment variable within our `whoami` service are suffixed by `_FILE` which allow us to point to files containing the value, instead of exposing the value itself. +- The environment variable within our `traefik` service are suffixed by `_FILE` which allow us to point to files containing the value, instead of exposing the value itself. The acme client will read the content of those file to get the required configuration values. ```yaml diff --git a/docs/content/user-guides/docker-compose/acme-http/index.md b/docs/content/user-guides/docker-compose/acme-http/index.md index 7f8a05873..67808853e 100644 --- a/docs/content/user-guides/docker-compose/acme-http/index.md +++ b/docs/content/user-guides/docker-compose/acme-http/index.md @@ -3,9 +3,9 @@ title: "Traefik Docker HTTP Challenge Documentation" description: "Learn how to create a certificate with the Let's Encrypt HTTP challenge to use HTTPS on a Service exposed with Traefik Proxy. Read the technical documentation." --- -# Docker-compose with let's encrypt : HTTP Challenge +# Docker-compose with Let's Encrypt : HTTP Challenge -This guide aim to demonstrate how to create a certificate with the let's encrypt HTTP challenge to use https on a simple service exposed with Traefik. +This guide aim to demonstrate how to create a certificate with the Let's Encrypt HTTP challenge to use https on a simple service exposed with Traefik. Please also read the [basic example](../basic-example) for details on how to expose such a service. ## Prerequisite @@ -38,7 +38,7 @@ For the HTTP challenge you will need: !!! Note If you uncommented the `acme.caserver` line, you will get an SSL error, but if you display the certificate and see it was emitted by `Fake LE Intermediate X1` then it means all is good. - (It is the staging environment intermediate certificate used by let's encrypt). + (It is the staging environment intermediate certificate used by Let's Encrypt). You can now safely comment the `acme.caserver` line, remove the `letsencrypt/acme.json` file and restart Traefik to issue a valid certificate. ## Explanation @@ -55,7 +55,7 @@ ports: - "443:443" ``` -- We configure the HTTPS let's encrypt challenge: +- We configure the HTTPS Let's Encrypt challenge: ```yaml command: @@ -63,7 +63,7 @@ command: - "--certificatesresolvers.myresolver.acme.httpchallenge=true" # Tell it to use our predefined entrypoint named "web" - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web" - # The email to provide to let's encrypt + # The email to provide to Let's Encrypt - "--certificatesresolvers.myresolver.acme.email=postmaster@example.com" ``` diff --git a/docs/content/user-guides/docker-compose/acme-tls/index.md b/docs/content/user-guides/docker-compose/acme-tls/index.md index 3457b6ae1..b201a4c95 100644 --- a/docs/content/user-guides/docker-compose/acme-tls/index.md +++ b/docs/content/user-guides/docker-compose/acme-tls/index.md @@ -3,9 +3,9 @@ title: "Traefik Docker TLS Challenge Documentation" description: "Learn how to create a certificate with the Let's Encrypt TLS challenge to use HTTPS on a service exposed with Traefik Proxy. Read the technical documentation." --- -# Docker-compose with let's encrypt: TLS Challenge +# Docker-compose with Let's Encrypt: TLS Challenge -This guide aim to demonstrate how to create a certificate with the let's encrypt TLS challenge to use https on a simple service exposed with Traefik. +This guide aim to demonstrate how to create a certificate with the Let's Encrypt TLS challenge to use https on a simple service exposed with Traefik. Please also read the [basic example](../basic-example) for details on how to expose such a service. ## Prerequisite @@ -38,7 +38,7 @@ For the TLS challenge you will need: !!! Note If you uncommented the `acme.caserver` line, you will get an SSL error, but if you display the certificate and see it was emitted by `Fake LE Intermediate X1` then it means all is good. - (It is the staging environment intermediate certificate used by let's encrypt). + (It is the staging environment intermediate certificate used by Let's Encrypt). You can now safely comment the `acme.caserver` line, remove the `letsencrypt/acme.json` file and restart Traefik to issue a valid certificate. ## Explanation @@ -55,7 +55,7 @@ ports: - "443:443" ``` -- We configure the Https let's encrypt challenge: +- We configure the TLS Let's Encrypt challenge: ```yaml command: diff --git a/docs/content/user-guides/docker-compose/basic-example/index.md b/docs/content/user-guides/docker-compose/basic-example/index.md index affedba37..dff9d635e 100644 --- a/docs/content/user-guides/docker-compose/basic-example/index.md +++ b/docs/content/user-guides/docker-compose/basic-example/index.md @@ -1,16 +1,15 @@ --- title: "Traefik Docker Documentation" -description: "This guide covers a Docker Compose file exposing a service using the Docker provider in Traefik Proxy. Read the technical documentation." +description: "Learn how to use Docker Compose to expose a service with Traefik Proxy." --- # Docker Compose example -In this section, we quickly go over a Docker Compose file exposing a service using the Docker provider. -This will also be used as a starting point for the other Docker Compose guides. +In this section, you will learn how to use [Docker Compose](https://docs.docker.com/compose/ "Link to Docker Compose") to expose a service using the Docker provider. ## Setup -- Edit a `docker-compose.yml` file with the following content: +Create a `docker-compose.yml` file with the following content: ```yaml --8<-- "content/user-guides/docker-compose/basic-example/docker-compose.yml" @@ -45,33 +44,44 @@ This will also be used as a starting point for the other Docker Compose guides. ``` -- Replace `whoami.localhost` by your **own domain** within the `traefik.http.routers.whoami.rule` label of the `whoami` service. -- Run `docker-compose up -d` within the folder where you created the previous file. -- Wait a bit and visit `http://your_own_domain` to confirm everything went fine. - You should see the output of the whoami service. Something similar to: +Replace `whoami.localhost` by your **own domain** within the `traefik.http.routers.whoami.rule` label of the `whoami` service. - ```text - Hostname: d7f919e54651 - IP: 127.0.0.1 - IP: 192.168.64.2 - GET / HTTP/1.1 - Host: whoami.localhost - User-Agent: curl/7.52.1 - Accept: */* - Accept-Encoding: gzip - X-Forwarded-For: 192.168.64.1 - X-Forwarded-Host: whoami.localhost - X-Forwarded-Port: 80 - X-Forwarded-Proto: http - X-Forwarded-Server: 7f0c797dbc51 - X-Real-Ip: 192.168.64.1 - ``` +Now run `docker-compose up -d` within the folder where you created the previous file. +This will start Docker Compose in background mode. + +!!! info "This can take a moment" + + Docker Compose will now create and start the services declared in the `docker-compose.yml`. + +Wait a bit and visit `http://your_own_domain` to confirm everything went fine. + +You should see the output of the whoami service. +It should be similar to the following example: + +```text +Hostname: d7f919e54651 +IP: 127.0.0.1 +IP: 192.168.64.2 +GET / HTTP/1.1 +Host: whoami.localhost +User-Agent: curl/7.52.1 +Accept: */* +Accept-Encoding: gzip +X-Forwarded-For: 192.168.64.1 +X-Forwarded-Host: whoami.localhost +X-Forwarded-Port: 80 +X-Forwarded-Proto: http +X-Forwarded-Server: 7f0c797dbc51 +X-Real-Ip: 192.168.64.1 +``` ## Details -- As an example, we use [whoami](https://github.com/traefik/whoami "Link to the GitHub repo of whoami") (a tiny Go server that prints OS information and HTTP request to output) which was used to define our `simple-service` container. +Let's break it down and go through it, step-by-step. -- We define an entry point, along with the exposure of the matching port within Docker Compose, which allow us to "open and accept" HTTP traffic: +You use [whoami](https://github.com/traefik/whoami "Link to the GitHub repo of whoami"), a tiny Go server that prints OS information and HTTP request to output as service container. + +Second, you define an entry point, along with the exposure of the matching port within Docker Compose, which allows to "open and accept" HTTP traffic: ```yaml command: @@ -82,7 +92,7 @@ ports: - "80:80" ``` -- We expose the Traefik API to be able to check the configuration if needed: +Third, you expose the Traefik API to be able to check the configuration if needed: ```yaml command: @@ -101,7 +111,7 @@ ports: curl -s 127.0.0.1:8080/api/rawdata | jq . ``` -- We allow Traefik to gather configuration from Docker: +Fourth, you allow Traefik to gather configuration from Docker: ```yaml traefik: diff --git a/docs/mkdocs.yml b/docs/mkdocs.yml index 786b966bf..01cd88a98 100644 --- a/docs/mkdocs.yml +++ b/docs/mkdocs.yml @@ -27,7 +27,7 @@ theme: prev: 'Previous' next: 'Next' -copyright: 'Traefik Labs • Copyright © 2016-2023' +copyright: 'Traefik Labs • Copyright © 2016-2024' extra_javascript: - assets/js/hljs/highlight.pack.js # Download from https://highlightjs.org/download/ and enable YAML, TOML and Dockerfile @@ -125,7 +125,8 @@ nav: - 'ForwardAuth': 'middlewares/http/forwardauth.md' - 'GrpcWeb': 'middlewares/http/grpcweb.md' - 'Headers': 'middlewares/http/headers.md' - - 'IpAllowList': 'middlewares/http/ipallowlist.md' + - 'IPWhiteList': 'middlewares/http/ipwhitelist.md' + - 'IPAllowList': 'middlewares/http/ipallowlist.md' - 'InFlightReq': 'middlewares/http/inflightreq.md' - 'PassTLSClientCert': 'middlewares/http/passtlsclientcert.md' - 'RateLimit': 'middlewares/http/ratelimit.md' @@ -139,7 +140,8 @@ nav: - 'TCP': - 'Overview': 'middlewares/tcp/overview.md' - 'InFlightConn': 'middlewares/tcp/inflightconn.md' - - 'IpAllowList': 'middlewares/tcp/ipallowlist.md' + - 'IPWhiteList': 'middlewares/tcp/ipwhitelist.md' + - 'IPAllowList': 'middlewares/tcp/ipallowlist.md' - 'Plugins & Plugin Catalog': 'plugins/index.md' - 'Operations': - 'CLI': 'operations/cli.md' diff --git a/go.mod b/go.mod index 0089585ce..f0a5faf49 100644 --- a/go.mod +++ b/go.mod @@ -19,6 +19,7 @@ require ( github.com/docker/docker v20.10.21+incompatible github.com/docker/go-connections v0.4.0 github.com/fatih/structs v1.1.0 + github.com/fsnotify/fsnotify v1.7.0 github.com/go-acme/lego/v4 v4.14.0 github.com/go-check/check v0.0.0-00010101000000-000000000000 github.com/go-kit/kit v0.10.1-0.20200915143503-439c4d2ed3ea @@ -39,7 +40,7 @@ require ( github.com/klauspost/compress v1.17.1 github.com/kvtools/consul v1.0.2 github.com/kvtools/etcdv3 v1.0.2 - github.com/kvtools/redis v1.0.2 + github.com/kvtools/redis v1.1.0 github.com/kvtools/valkeyrie v1.0.0 github.com/kvtools/zookeeper v1.0.2 github.com/mailgun/ttlmap v0.0.0-20170619185759-c1c17f74874f @@ -56,7 +57,7 @@ require ( github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 github.com/prometheus/client_golang v1.14.0 github.com/prometheus/client_model v0.3.0 - github.com/quic-go/quic-go v0.39.1 + github.com/quic-go/quic-go v0.40.1 github.com/rs/zerolog v1.28.0 github.com/sirupsen/logrus v1.9.3 github.com/spiffe/go-spiffe/v2 v2.1.1 @@ -96,7 +97,6 @@ require ( golang.org/x/tools v0.12.1-0.20230815132531-74c255bcf846 google.golang.org/grpc v1.58.3 gopkg.in/DataDog/dd-trace-go.v1 v1.56.1 - gopkg.in/fsnotify.v1 v1.4.7 gopkg.in/yaml.v3 v3.0.1 k8s.io/api v0.26.3 k8s.io/apiextensions-apiserver v0.26.3 @@ -199,7 +199,6 @@ require ( github.com/evanphx/json-patch v4.12.0+incompatible // indirect github.com/exoscale/egoscale v0.100.1 // indirect github.com/fatih/color v1.15.0 // indirect - github.com/fsnotify/fsnotify v1.6.0 // indirect github.com/fvbommel/sortorder v1.0.1 // indirect github.com/ghodss/yaml v1.0.0 // indirect github.com/go-errors/errors v1.0.1 // indirect @@ -210,7 +209,6 @@ require ( github.com/go-openapi/jsonpointer v0.19.5 // indirect github.com/go-openapi/jsonreference v0.20.0 // indirect github.com/go-openapi/swag v0.19.14 // indirect - github.com/go-redis/redis/v8 v8.11.5 // indirect github.com/go-resty/resty/v2 v2.7.0 // indirect github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect github.com/go-zookeeper/zk v1.0.3 // indirect @@ -301,6 +299,7 @@ require ( github.com/nrdcg/nodion v0.1.0 // indirect github.com/nrdcg/porkbun v0.2.0 // indirect github.com/nzdjb/go-metaname v1.0.0 // indirect + github.com/onsi/ginkgo v1.16.5 // indirect github.com/onsi/ginkgo/v2 v2.9.5 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect github.com/opencontainers/image-spec v1.0.2 // indirect @@ -316,7 +315,8 @@ require ( github.com/prometheus/common v0.37.0 // indirect github.com/prometheus/procfs v0.8.0 // indirect github.com/quic-go/qpack v0.4.0 // indirect - github.com/quic-go/qtls-go1-20 v0.3.4 // indirect + github.com/quic-go/qtls-go1-20 v0.4.1 // indirect + github.com/redis/go-redis/v9 v9.2.1 // indirect github.com/rs/cors v1.7.0 // indirect github.com/sacloud/api-client-go v0.2.8 // indirect github.com/sacloud/go-http v0.1.6 // indirect diff --git a/go.sum b/go.sum index 1f07133c4..9780e2eb5 100644 --- a/go.sum +++ b/go.sum @@ -293,6 +293,10 @@ github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc h1:biVzkmvwrH8 github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= github.com/bshuster-repo/logrus-logstash-hook v0.4.1/go.mod h1:zsTqEiSzDgAa/8GZR7E1qaXrhYNDKBYy5/dWPTIflbk= github.com/bshuster-repo/logrus-logstash-hook v1.0.0/go.mod h1:zsTqEiSzDgAa/8GZR7E1qaXrhYNDKBYy5/dWPTIflbk= +github.com/bsm/ginkgo/v2 v2.12.0 h1:Ny8MWAHyOepLGlLKYmXG4IEkioBysk6GpaRTLC8zwWs= +github.com/bsm/ginkgo/v2 v2.12.0/go.mod h1:SwYbGRRDovPVboqFv0tPTcG1sN61LM1Z4ARdbAV9g4c= +github.com/bsm/gomega v1.27.10 h1:yeMWxP2pV2fG3FgAODIY8EiRE3dy0aeFYt4l7wh6yKA= +github.com/bsm/gomega v1.27.10/go.mod h1:JyEr/xRbxbtgWNi8tIEVPUYZ5Dzef52k01W3YH0H+O0= github.com/buger/goterm v1.0.0 h1:ZB6uUlY8+sjJyFGzz2WpRqX2XYPeXVgtZAOJMwOsTWM= github.com/buger/goterm v1.0.0/go.mod h1:16STi3LquiscTIHA8SXUNKEa/Cnu4ZHBH8NsCaWgso0= github.com/buger/jsonparser v0.0.0-20180808090653-f4dd9f5a6b44/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s= @@ -681,8 +685,8 @@ github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= github.com/fsnotify/fsnotify v1.5.1/go.mod h1:T3375wBYaZdLLcVNkcVbzGHY7f1l/uK5T5Ai1i3InKU= -github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY= -github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw= +github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= +github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa/go.mod h1:KnogPXtdwXqoenmZCw6S+25EAm2MkxbG0deNDu4cbSA= github.com/fvbommel/sortorder v1.0.1 h1:dSnXLt4mJYH25uDDGa3biZNQsozaUWDSWeKJ0qqFfzE= github.com/fvbommel/sortorder v1.0.1/go.mod h1:uk88iVf1ovNn1iLfgUVU2F9o5eO30ui720w+kxuqRs0= @@ -768,8 +772,6 @@ github.com/go-playground/validator/v10 v10.4.1/go.mod h1:nlOn6nFhuKACm19sB/8EGNn github.com/go-playground/validator/v10 v10.9.0/go.mod h1:74x4gJWsvQexRdW8Pn3dXSGrTK4nAUsbPlLADvpJkos= github.com/go-playground/validator/v10 v10.15.1 h1:BSe8uhN+xQ4r5guV/ywQI4gO59C2raYcGffYWZEjZzM= github.com/go-playground/validator/v10 v10.15.1/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU= -github.com/go-redis/redis/v8 v8.11.5 h1:AcZZR7igkdvfVmQTPnu9WE37LRrO/YrBH5zWyjDC0oI= -github.com/go-redis/redis/v8 v8.11.5/go.mod h1:gREzHqY1hg6oD9ngVRbLStwAWKhA0FEgq8Jd4h5lpwo= github.com/go-resty/resty/v2 v2.7.0 h1:me+K9p3uhSmXtrBZ4k9jcEAfJmuC8IivWHwaLZwPrFY= github.com/go-resty/resty/v2 v2.7.0/go.mod h1:9PWDzw47qPphMRFfhsyk0NnSgvluHcljSMVIq3w7q0I= github.com/go-sql-driver/mysql v1.3.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= @@ -1223,8 +1225,8 @@ github.com/kvtools/consul v1.0.2 h1:ltPgs4Ld09Xaa7zrOJ/TewBYKAsr11/LRFpErdkb8AA= github.com/kvtools/consul v1.0.2/go.mod h1:bFnzfGJ5ZIRRXCBGBmwhJlLdEWOlrjOcS1WjyAQzaJA= github.com/kvtools/etcdv3 v1.0.2 h1:EB0mAtzqe1folE7m7Q6wnCXcGwaOmrYmsVmF3hNsTKI= github.com/kvtools/etcdv3 v1.0.2/go.mod h1:Xr6DbwqjuCEcXAIWmXxw0DX+N5BhuvablXgN90XeqMM= -github.com/kvtools/redis v1.0.2 h1:D3GjGGtssJF2w8mniWtIxcT/YX9YnRc4jNCm0hrVygQ= -github.com/kvtools/redis v1.0.2/go.mod h1:wuUNwwKOHi2TYxDxj1sGF74Jdg0jywydnatXtnOR3hA= +github.com/kvtools/redis v1.1.0 h1:nXRAyh2nsaWiJyrX449/qHMc3SvGUqRqRXcrA/MplEo= +github.com/kvtools/redis v1.1.0/go.mod h1:cqg3esJOIYMQ1qy5LVIbPZz9kuiBBcFREP2N5b9+Dn0= github.com/kvtools/valkeyrie v1.0.0 h1:LAITop2wPoYCMitR24GZZsW0b57hmI+ePD18VRTtOf0= github.com/kvtools/valkeyrie v1.0.0/go.mod h1:bDi/OdhJCSbGPMsCgUQl881yuEweKCSItAtTBI+ZjpU= github.com/kvtools/zookeeper v1.0.2 h1:uK0CzQa+mtKGxDDH+DeqXo2HC1Kx4hWXZ7pX/zS4aTo= @@ -1642,13 +1644,15 @@ github.com/qri-io/jsonpointer v0.1.0/go.mod h1:DnJPaYgiKu56EuDp8TU5wFLdZIcAnb/uH github.com/qri-io/jsonschema v0.1.1/go.mod h1:QpzJ6gBQ0GYgGmh7mDQ1YsvvhSgE4rYj0k8t5MBOmUY= github.com/quic-go/qpack v0.4.0 h1:Cr9BXA1sQS2SmDUWjSofMPNKmvF6IiIfDRmgU0w1ZCo= github.com/quic-go/qpack v0.4.0/go.mod h1:UZVnYIfi5GRk+zI9UMaCPsmZ2xKJP7XBUvVyT1Knj9A= -github.com/quic-go/qtls-go1-20 v0.3.4 h1:MfFAPULvst4yoMgY9QmtpYmfij/em7O8UUi+bNVm7Cg= -github.com/quic-go/qtls-go1-20 v0.3.4/go.mod h1:X9Nh97ZL80Z+bX/gUXMbipO6OxdiDi58b/fMC9mAL+k= -github.com/quic-go/quic-go v0.39.1 h1:d/m3oaN/SD2c+f7/yEjZxe2zEVotXprnrCCJ2y/ZZFE= -github.com/quic-go/quic-go v0.39.1/go.mod h1:T09QsDQWjLiQ74ZmacDfqZmhY/NLnw5BC40MANNNZ1Q= +github.com/quic-go/qtls-go1-20 v0.4.1 h1:D33340mCNDAIKBqXuAvexTNMUByrYmFYVfKfDN5nfFs= +github.com/quic-go/qtls-go1-20 v0.4.1/go.mod h1:X9Nh97ZL80Z+bX/gUXMbipO6OxdiDi58b/fMC9mAL+k= +github.com/quic-go/quic-go v0.40.1 h1:X3AGzUNFs0jVuO3esAGnTfvdgvL4fq655WaOi1snv1Q= +github.com/quic-go/quic-go v0.40.1/go.mod h1:PeN7kuVJ4xZbxSv/4OX6S1USOX8MJvydwpTx31vx60c= github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 h1:N/ElC8H3+5XpJzTSTfLsJV/mx9Q9g7kxmchpfZyxgzM= github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= +github.com/redis/go-redis/v9 v9.2.1 h1:WlYJg71ODF0dVspZZCpYmoF1+U1Jjk9Rwd7pq6QmlCg= +github.com/redis/go-redis/v9 v9.2.1/go.mod h1:hdY0cQFCN4fnSYT6TkisLufl/4W5UIXyv0b/CLO2V2M= github.com/richardartoul/molecule v1.0.1-0.20221107223329-32cfee06a052 h1:Qp27Idfgi6ACvFQat5+VJvlYToylpM/hcyLBI3WaKPA= github.com/richardartoul/molecule v1.0.1-0.20221107223329-32cfee06a052/go.mod h1:uvX/8buq8uVeiZiFht+0lqSLBHF+uGV8BrTv8W/SIwk= github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= @@ -2339,7 +2343,6 @@ golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -2630,7 +2633,6 @@ gopkg.in/dancannon/gorethink.v3 v3.0.5/go.mod h1:GXsi1e3N2OcKhcP6nsYABTiUejbWMFO gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/fatih/pool.v2 v2.0.0 h1:xIFeWtxifuQJGk/IEPKsTduEKcKvPmhoiVDGpC40nKg= gopkg.in/fatih/pool.v2 v2.0.0/go.mod h1:8xVGeu1/2jr2wm5V9SPuMht2H5AEmf5aFMGSQixtjTY= -gopkg.in/fsnotify.v1 v1.4.7 h1:xOHLXZwVvI9hhs+cLKq5+I5onOuwQLhQwiu63xxlHs4= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= gopkg.in/gcfg.v1 v1.2.3/go.mod h1:yesOnuUOFQAhST5vPY4nbZsb/huCgGGXlipJsBn0b3o= gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKWaSkCsqBpgog8nAV2xsGOxlo= diff --git a/integration/fixtures/redis/sentinel.toml b/integration/fixtures/redis/sentinel.toml new file mode 100644 index 000000000..3d5a59ec4 --- /dev/null +++ b/integration/fixtures/redis/sentinel.toml @@ -0,0 +1,19 @@ +[global] + checkNewVersion = false + sendAnonymousUsage = false + +[log] + level = "DEBUG" + +[entryPoints.web] + address = ":8000" + +[api] + insecure = true + +[providers.redis] + rootKey = "traefik" + endpoints = ["{{ .RedisAddress }}"] + +[providers.redis.sentinel] + masterName = "mymaster" diff --git a/integration/redis_test.go b/integration/redis_test.go index a5f45bff7..ead903629 100644 --- a/integration/redis_test.go +++ b/integration/redis_test.go @@ -4,12 +4,18 @@ import ( "bytes" "context" "encoding/json" + "errors" + "fmt" + "io/fs" "net" "net/http" "os" "path/filepath" + "strings" + "text/template" "time" + "github.com/fatih/structs" "github.com/go-check/check" "github.com/kvtools/redis" "github.com/kvtools/valkeyrie" @@ -23,24 +29,36 @@ import ( // Redis test suites. type RedisSuite struct { BaseSuite - kvClient store.Store - redisAddr string + kvClient store.Store + redisEndpoints []string +} + +func (s *RedisSuite) TearDownSuite(c *check.C) { + s.composeDown(c) + + for _, filename := range []string{"sentinel1.conf", "sentinel2.conf", "sentinel3.conf"} { + err := os.Remove(filepath.Join(".", "resources", "compose", "config", filename)) + if err != nil && !errors.Is(err, fs.ErrNotExist) { + c.Fatal("unable to clean configuration file for sentinel: ", err) + } + } } func (s *RedisSuite) setupStore(c *check.C) { s.createComposeProject(c, "redis") s.composeUp(c) - s.redisAddr = net.JoinHostPort(s.getComposeServiceIP(c, "redis"), "6379") + s.redisEndpoints = []string{} + s.redisEndpoints = append(s.redisEndpoints, net.JoinHostPort(s.getComposeServiceIP(c, "redis"), "6379")) kv, err := valkeyrie.NewStore( context.Background(), redis.StoreName, - []string{s.redisAddr}, + s.redisEndpoints, &redis.Config{}, ) if err != nil { - c.Fatal("Cannot create store redis") + c.Fatal("Cannot create store redis: ", err) } s.kvClient = kv @@ -52,7 +70,172 @@ func (s *RedisSuite) setupStore(c *check.C) { func (s *RedisSuite) TestSimpleConfiguration(c *check.C) { s.setupStore(c) - file := s.adaptFile(c, "fixtures/redis/simple.toml", struct{ RedisAddress string }{s.redisAddr}) + file := s.adaptFile(c, "fixtures/redis/simple.toml", struct{ RedisAddress string }{ + RedisAddress: strings.Join(s.redisEndpoints, ","), + }) + defer os.Remove(file) + + data := map[string]string{ + "traefik/http/routers/Router0/entryPoints/0": "web", + "traefik/http/routers/Router0/middlewares/0": "compressor", + "traefik/http/routers/Router0/middlewares/1": "striper", + "traefik/http/routers/Router0/service": "simplesvc", + "traefik/http/routers/Router0/rule": "Host(`kv1.localhost`)", + "traefik/http/routers/Router0/priority": "42", + "traefik/http/routers/Router0/tls": "true", + + "traefik/http/routers/Router1/rule": "Host(`kv2.localhost`)", + "traefik/http/routers/Router1/priority": "42", + "traefik/http/routers/Router1/tls/domains/0/main": "aaa.localhost", + "traefik/http/routers/Router1/tls/domains/0/sans/0": "aaa.aaa.localhost", + "traefik/http/routers/Router1/tls/domains/0/sans/1": "bbb.aaa.localhost", + "traefik/http/routers/Router1/tls/domains/1/main": "bbb.localhost", + "traefik/http/routers/Router1/tls/domains/1/sans/0": "aaa.bbb.localhost", + "traefik/http/routers/Router1/tls/domains/1/sans/1": "bbb.bbb.localhost", + "traefik/http/routers/Router1/entryPoints/0": "web", + "traefik/http/routers/Router1/service": "simplesvc", + + "traefik/http/services/simplesvc/loadBalancer/servers/0/url": "http://10.0.1.1:8888", + "traefik/http/services/simplesvc/loadBalancer/servers/1/url": "http://10.0.1.1:8889", + + "traefik/http/services/srvcA/loadBalancer/servers/0/url": "http://10.0.1.2:8888", + "traefik/http/services/srvcA/loadBalancer/servers/1/url": "http://10.0.1.2:8889", + + "traefik/http/services/srvcB/loadBalancer/servers/0/url": "http://10.0.1.3:8888", + "traefik/http/services/srvcB/loadBalancer/servers/1/url": "http://10.0.1.3:8889", + + "traefik/http/services/mirror/mirroring/service": "simplesvc", + "traefik/http/services/mirror/mirroring/mirrors/0/name": "srvcA", + "traefik/http/services/mirror/mirroring/mirrors/0/percent": "42", + "traefik/http/services/mirror/mirroring/mirrors/1/name": "srvcB", + "traefik/http/services/mirror/mirroring/mirrors/1/percent": "42", + + "traefik/http/services/Service03/weighted/services/0/name": "srvcA", + "traefik/http/services/Service03/weighted/services/0/weight": "42", + "traefik/http/services/Service03/weighted/services/1/name": "srvcB", + "traefik/http/services/Service03/weighted/services/1/weight": "42", + + "traefik/http/middlewares/compressor/compress": "true", + "traefik/http/middlewares/striper/stripPrefix/prefixes/0": "foo", + "traefik/http/middlewares/striper/stripPrefix/prefixes/1": "bar", + } + + for k, v := range data { + err := s.kvClient.Put(context.Background(), k, []byte(v), nil) + c.Assert(err, checker.IsNil) + } + + cmd, display := s.traefikCmd(withConfigFile(file)) + defer display(c) + err := cmd.Start() + c.Assert(err, checker.IsNil) + defer s.killCmd(cmd) + + // wait for traefik + err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 2*time.Second, + try.BodyContains(`"striper@redis":`, `"compressor@redis":`, `"srvcA@redis":`, `"srvcB@redis":`), + ) + c.Assert(err, checker.IsNil) + + resp, err := http.Get("http://127.0.0.1:8080/api/rawdata") + c.Assert(err, checker.IsNil) + + var obtained api.RunTimeRepresentation + err = json.NewDecoder(resp.Body).Decode(&obtained) + c.Assert(err, checker.IsNil) + got, err := json.MarshalIndent(obtained, "", " ") + c.Assert(err, checker.IsNil) + + expectedJSON := filepath.FromSlash("testdata/rawdata-redis.json") + + if *updateExpected { + err = os.WriteFile(expectedJSON, got, 0o666) + c.Assert(err, checker.IsNil) + } + + expected, err := os.ReadFile(expectedJSON) + c.Assert(err, checker.IsNil) + + if !bytes.Equal(expected, got) { + diff := difflib.UnifiedDiff{ + FromFile: "Expected", + A: difflib.SplitLines(string(expected)), + ToFile: "Got", + B: difflib.SplitLines(string(got)), + Context: 3, + } + + text, err := difflib.GetUnifiedDiffString(diff) + c.Assert(err, checker.IsNil) + c.Error(text) + } +} + +func (s *RedisSuite) setupSentinelStore(c *check.C) { + s.setupSentinelConfiguration(c, []string{"26379", "36379", "46379"}) + + s.createComposeProject(c, "redis_sentinel") + s.composeUp(c) + + s.redisEndpoints = []string{ + net.JoinHostPort(s.getComposeServiceIP(c, "sentinel1"), "26379"), + net.JoinHostPort(s.getComposeServiceIP(c, "sentinel2"), "36379"), + net.JoinHostPort(s.getComposeServiceIP(c, "sentinel3"), "46379"), + } + + kv, err := valkeyrie.NewStore( + context.Background(), + redis.StoreName, + s.redisEndpoints, + &redis.Config{ + Sentinel: &redis.Sentinel{ + MasterName: "mymaster", + }, + }, + ) + if err != nil { + c.Fatal("Cannot create store redis sentinel") + } + s.kvClient = kv + + // wait for redis + err = try.Do(60*time.Second, try.KVExists(kv, "test")) + c.Assert(err, checker.IsNil) +} + +func (s *RedisSuite) setupSentinelConfiguration(c *check.C, ports []string) { + for i, port := range ports { + templateValue := struct{ SentinelPort string }{SentinelPort: port} + + // Load file + templateFile := "resources/compose/config/sentinel_template.conf" + tmpl, err := template.ParseFiles(templateFile) + c.Assert(err, checker.IsNil) + + folder, prefix := filepath.Split(templateFile) + + fileName := fmt.Sprintf("%s/sentinel%d.conf", folder, i+1) + tmpFile, err := os.Create(fileName) + c.Assert(err, checker.IsNil) + defer tmpFile.Close() + + model := structs.Map(templateValue) + model["SelfFilename"] = tmpFile.Name() + + err = tmpl.ExecuteTemplate(tmpFile, prefix, model) + c.Assert(err, checker.IsNil) + + err = tmpFile.Sync() + c.Assert(err, checker.IsNil) + } +} + +func (s *RedisSuite) TestSentinelConfiguration(c *check.C) { + s.setupSentinelStore(c) + + file := s.adaptFile(c, "fixtures/redis/sentinel.toml", struct{ RedisAddress string }{ + RedisAddress: strings.Join(s.redisEndpoints, `","`), + }) defer os.Remove(file) data := map[string]string{ diff --git a/integration/resources/compose/allowlist.yml b/integration/resources/compose/allowlist.yml index e5f4e0b31..02e3761ca 100644 --- a/integration/resources/compose/allowlist.yml +++ b/integration/resources/compose/allowlist.yml @@ -6,7 +6,7 @@ services: traefik.enable: true traefik.http.routers.rt1.rule: Host(`no.override.allowlist.docker.local`) traefik.http.routers.rt1.middlewares: wl1 - traefik.http.middlewares.wl1.ipallowList.sourceRange: 8.8.8.8 + traefik.http.middlewares.wl1.ipallowlist.sourceRange: 8.8.8.8 overrideIPStrategyRemoteAddrAllowlist: image: traefik/whoami diff --git a/integration/resources/compose/config/sentinel_template.conf b/integration/resources/compose/config/sentinel_template.conf new file mode 100644 index 000000000..c9f5acf6d --- /dev/null +++ b/integration/resources/compose/config/sentinel_template.conf @@ -0,0 +1,5 @@ +port {{ .SentinelPort }} +dir "/tmp" +sentinel resolve-hostnames yes +sentinel monitor mymaster master 6380 2 +sentinel deny-scripts-reconfig yes diff --git a/integration/resources/compose/redis_sentinel.yml b/integration/resources/compose/redis_sentinel.yml new file mode 100644 index 000000000..261e694e5 --- /dev/null +++ b/integration/resources/compose/redis_sentinel.yml @@ -0,0 +1,61 @@ +version: "3.8" +services: + master: + image: redis + container_name: redis-master + command: redis-server --port 6380 + ports: + - 6380:6380 + healthcheck: + test: redis-cli -p 6380 ping + node1: + image: redis + container_name: redis-node-1 + ports: + - 6381:6381 + command: redis-server --port 6381 --slaveof redis-master 6380 + healthcheck: + test: redis-cli -p 6381 ping + node2: + image: redis + container_name: redis-node-2 + ports: + - 6382:6382 + command: redis-server --port 6382 --slaveof redis-master 6380 + healthcheck: + test: redis-cli -p 6382 ping + sentinel1: + image: redis + container_name: redis-sentinel-1 + ports: + - 26379:26379 + command: redis-sentinel /usr/local/etc/redis/conf/sentinel1.conf + healthcheck: + test: redis-cli -p 26379 ping + volumes: + - ./resources/compose/config:/usr/local/etc/redis/conf + sentinel2: + image: redis + container_name: redis-sentinel-2 + ports: + - 36379:26379 + command: redis-sentinel /usr/local/etc/redis/conf/sentinel2.conf + healthcheck: + test: redis-cli -p 36379 ping + volumes: + - ./resources/compose/config:/usr/local/etc/redis/conf + sentinel3: + image: redis + container_name: redis-sentinel-3 + ports: + - 46379:26379 + command: redis-sentinel /usr/local/etc/redis/conf/sentinel3.conf + healthcheck: + test: redis-cli -p 46379 ping + volumes: + - ./resources/compose/config:/usr/local/etc/redis/conf + +networks: + default: + name: traefik-test-network + external: true diff --git a/pkg/config/dynamic/tcp_middlewares.go b/pkg/config/dynamic/tcp_middlewares.go index a688d4bd9..018ae65f7 100644 --- a/pkg/config/dynamic/tcp_middlewares.go +++ b/pkg/config/dynamic/tcp_middlewares.go @@ -23,7 +23,6 @@ type TCPInFlightConn struct { // +k8s:deepcopy-gen=true // TCPIPAllowList holds the TCP IPAllowList middleware configuration. -// This middleware accepts/refuses connections based on the client IP. type TCPIPAllowList struct { // SourceRange defines the allowed IPs (or ranges of allowed IPs by using CIDR notation). SourceRange []string `json:"sourceRange,omitempty" toml:"sourceRange,omitempty" yaml:"sourceRange,omitempty"` diff --git a/pkg/config/dynamic/zz_generated.deepcopy.go b/pkg/config/dynamic/zz_generated.deepcopy.go index 29251247e..ae5442a2e 100644 --- a/pkg/config/dynamic/zz_generated.deepcopy.go +++ b/pkg/config/dynamic/zz_generated.deepcopy.go @@ -4,7 +4,7 @@ /* The MIT License (MIT) -Copyright (c) 2016-2020 Containous SAS; 2020-2023 Traefik Labs +Copyright (c) 2016-2020 Containous SAS; 2020-2024 Traefik Labs Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/config/static/entrypoints.go b/pkg/config/static/entrypoints.go index 47976f68d..2c1187ac5 100644 --- a/pkg/config/static/entrypoints.go +++ b/pkg/config/static/entrypoints.go @@ -123,8 +123,10 @@ type EntryPoints map[string]*EntryPoint // EntryPointsTransport configures communication between clients and Traefik. type EntryPointsTransport struct { - LifeCycle *LifeCycle `description:"Timeouts influencing the server life cycle." json:"lifeCycle,omitempty" toml:"lifeCycle,omitempty" yaml:"lifeCycle,omitempty" export:"true"` - RespondingTimeouts *RespondingTimeouts `description:"Timeouts for incoming requests to the Traefik instance." json:"respondingTimeouts,omitempty" toml:"respondingTimeouts,omitempty" yaml:"respondingTimeouts,omitempty" export:"true"` + LifeCycle *LifeCycle `description:"Timeouts influencing the server life cycle." json:"lifeCycle,omitempty" toml:"lifeCycle,omitempty" yaml:"lifeCycle,omitempty" export:"true"` + RespondingTimeouts *RespondingTimeouts `description:"Timeouts for incoming requests to the Traefik instance." json:"respondingTimeouts,omitempty" toml:"respondingTimeouts,omitempty" yaml:"respondingTimeouts,omitempty" export:"true"` + KeepAliveMaxTime ptypes.Duration `description:"Maximum duration before closing a keep-alive connection." json:"keepAliveMaxTime,omitempty" toml:"keepAliveMaxTime,omitempty" yaml:"keepAliveMaxTime,omitempty" export:"true"` + KeepAliveMaxRequests int `description:"Maximum number of requests before closing a keep-alive connection." json:"keepAliveMaxRequests,omitempty" toml:"keepAliveMaxRequests,omitempty" yaml:"keepAliveMaxRequests,omitempty" export:"true"` } // SetDefaults sets the default values. diff --git a/pkg/config/static/static_config.go b/pkg/config/static/static_config.go index 49fa37569..01a28d7c0 100644 --- a/pkg/config/static/static_config.go +++ b/pkg/config/static/static_config.go @@ -96,7 +96,7 @@ type CertificateResolver struct { // Global holds the global configuration. type Global struct { CheckNewVersion bool `description:"Periodically check if a new version has been released." json:"checkNewVersion,omitempty" toml:"checkNewVersion,omitempty" yaml:"checkNewVersion,omitempty" label:"allowEmpty" file:"allowEmpty" export:"true"` - SendAnonymousUsage bool `description:"Periodically send anonymous usage statistics. If the option is not specified, it will be enabled by default." json:"sendAnonymousUsage,omitempty" toml:"sendAnonymousUsage,omitempty" yaml:"sendAnonymousUsage,omitempty" label:"allowEmpty" file:"allowEmpty" export:"true"` + SendAnonymousUsage bool `description:"Periodically send anonymous usage statistics. If the option is not specified, it will be disabled by default." json:"sendAnonymousUsage,omitempty" toml:"sendAnonymousUsage,omitempty" yaml:"sendAnonymousUsage,omitempty" label:"allowEmpty" file:"allowEmpty" export:"true"` } // ServersTransport options to configure communication between Traefik and the servers. diff --git a/pkg/provider/file/file.go b/pkg/provider/file/file.go index b0fed8ba0..7ba814c88 100644 --- a/pkg/provider/file/file.go +++ b/pkg/provider/file/file.go @@ -11,6 +11,7 @@ import ( "text/template" "github.com/Masterminds/sprig/v3" + "github.com/fsnotify/fsnotify" "github.com/rs/zerolog/log" "github.com/traefik/paerser/file" "github.com/traefik/traefik/v3/pkg/config/dynamic" @@ -18,7 +19,6 @@ import ( "github.com/traefik/traefik/v3/pkg/provider" "github.com/traefik/traefik/v3/pkg/safe" "github.com/traefik/traefik/v3/pkg/tls" - "gopkg.in/fsnotify.v1" ) const providerName = "file" diff --git a/pkg/provider/kubernetes/crd/generated/clientset/versioned/clientset.go b/pkg/provider/kubernetes/crd/generated/clientset/versioned/clientset.go index d7471727a..10fa5352f 100644 --- a/pkg/provider/kubernetes/crd/generated/clientset/versioned/clientset.go +++ b/pkg/provider/kubernetes/crd/generated/clientset/versioned/clientset.go @@ -1,7 +1,7 @@ /* The MIT License (MIT) -Copyright (c) 2016-2020 Containous SAS; 2020-2023 Traefik Labs +Copyright (c) 2016-2020 Containous SAS; 2020-2024 Traefik Labs Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/provider/kubernetes/crd/generated/clientset/versioned/fake/clientset_generated.go b/pkg/provider/kubernetes/crd/generated/clientset/versioned/fake/clientset_generated.go index ce55b25fb..deca4ddde 100644 --- a/pkg/provider/kubernetes/crd/generated/clientset/versioned/fake/clientset_generated.go +++ b/pkg/provider/kubernetes/crd/generated/clientset/versioned/fake/clientset_generated.go @@ -1,7 +1,7 @@ /* The MIT License (MIT) -Copyright (c) 2016-2020 Containous SAS; 2020-2023 Traefik Labs +Copyright (c) 2016-2020 Containous SAS; 2020-2024 Traefik Labs Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/provider/kubernetes/crd/generated/clientset/versioned/fake/doc.go b/pkg/provider/kubernetes/crd/generated/clientset/versioned/fake/doc.go index 081d07edb..ae4bdb20e 100644 --- a/pkg/provider/kubernetes/crd/generated/clientset/versioned/fake/doc.go +++ b/pkg/provider/kubernetes/crd/generated/clientset/versioned/fake/doc.go @@ -1,7 +1,7 @@ /* The MIT License (MIT) -Copyright (c) 2016-2020 Containous SAS; 2020-2023 Traefik Labs +Copyright (c) 2016-2020 Containous SAS; 2020-2024 Traefik Labs Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/provider/kubernetes/crd/generated/clientset/versioned/fake/register.go b/pkg/provider/kubernetes/crd/generated/clientset/versioned/fake/register.go index c25b16318..afa72ae48 100644 --- a/pkg/provider/kubernetes/crd/generated/clientset/versioned/fake/register.go +++ b/pkg/provider/kubernetes/crd/generated/clientset/versioned/fake/register.go @@ -1,7 +1,7 @@ /* The MIT License (MIT) -Copyright (c) 2016-2020 Containous SAS; 2020-2023 Traefik Labs +Copyright (c) 2016-2020 Containous SAS; 2020-2024 Traefik Labs Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/provider/kubernetes/crd/generated/clientset/versioned/scheme/doc.go b/pkg/provider/kubernetes/crd/generated/clientset/versioned/scheme/doc.go index 87af68273..ba3753967 100644 --- a/pkg/provider/kubernetes/crd/generated/clientset/versioned/scheme/doc.go +++ b/pkg/provider/kubernetes/crd/generated/clientset/versioned/scheme/doc.go @@ -1,7 +1,7 @@ /* The MIT License (MIT) -Copyright (c) 2016-2020 Containous SAS; 2020-2023 Traefik Labs +Copyright (c) 2016-2020 Containous SAS; 2020-2024 Traefik Labs Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/provider/kubernetes/crd/generated/clientset/versioned/scheme/register.go b/pkg/provider/kubernetes/crd/generated/clientset/versioned/scheme/register.go index cb048b154..4d0c0dff7 100644 --- a/pkg/provider/kubernetes/crd/generated/clientset/versioned/scheme/register.go +++ b/pkg/provider/kubernetes/crd/generated/clientset/versioned/scheme/register.go @@ -1,7 +1,7 @@ /* The MIT License (MIT) -Copyright (c) 2016-2020 Containous SAS; 2020-2023 Traefik Labs +Copyright (c) 2016-2020 Containous SAS; 2020-2024 Traefik Labs Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/doc.go b/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/doc.go index e39212eab..91c1c1d8a 100644 --- a/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/doc.go +++ b/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/doc.go @@ -1,7 +1,7 @@ /* The MIT License (MIT) -Copyright (c) 2016-2020 Containous SAS; 2020-2023 Traefik Labs +Copyright (c) 2016-2020 Containous SAS; 2020-2024 Traefik Labs Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/fake/doc.go b/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/fake/doc.go index 24ecc2be0..1964e2084 100644 --- a/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/fake/doc.go +++ b/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/fake/doc.go @@ -1,7 +1,7 @@ /* The MIT License (MIT) -Copyright (c) 2016-2020 Containous SAS; 2020-2023 Traefik Labs +Copyright (c) 2016-2020 Containous SAS; 2020-2024 Traefik Labs Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/fake/fake_ingressroute.go b/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/fake/fake_ingressroute.go index 1569c3368..09247d99d 100644 --- a/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/fake/fake_ingressroute.go +++ b/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/fake/fake_ingressroute.go @@ -1,7 +1,7 @@ /* The MIT License (MIT) -Copyright (c) 2016-2020 Containous SAS; 2020-2023 Traefik Labs +Copyright (c) 2016-2020 Containous SAS; 2020-2024 Traefik Labs Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/fake/fake_ingressroutetcp.go b/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/fake/fake_ingressroutetcp.go index 79e827f50..d8146c20a 100644 --- a/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/fake/fake_ingressroutetcp.go +++ b/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/fake/fake_ingressroutetcp.go @@ -1,7 +1,7 @@ /* The MIT License (MIT) -Copyright (c) 2016-2020 Containous SAS; 2020-2023 Traefik Labs +Copyright (c) 2016-2020 Containous SAS; 2020-2024 Traefik Labs Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/fake/fake_ingressrouteudp.go b/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/fake/fake_ingressrouteudp.go index 5a57678a4..a91576d54 100644 --- a/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/fake/fake_ingressrouteudp.go +++ b/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/fake/fake_ingressrouteudp.go @@ -1,7 +1,7 @@ /* The MIT License (MIT) -Copyright (c) 2016-2020 Containous SAS; 2020-2023 Traefik Labs +Copyright (c) 2016-2020 Containous SAS; 2020-2024 Traefik Labs Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/fake/fake_middleware.go b/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/fake/fake_middleware.go index 72f42d067..4150d8fe2 100644 --- a/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/fake/fake_middleware.go +++ b/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/fake/fake_middleware.go @@ -1,7 +1,7 @@ /* The MIT License (MIT) -Copyright (c) 2016-2020 Containous SAS; 2020-2023 Traefik Labs +Copyright (c) 2016-2020 Containous SAS; 2020-2024 Traefik Labs Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/fake/fake_middlewaretcp.go b/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/fake/fake_middlewaretcp.go index 65fe71f3e..83197b7d0 100644 --- a/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/fake/fake_middlewaretcp.go +++ b/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/fake/fake_middlewaretcp.go @@ -1,7 +1,7 @@ /* The MIT License (MIT) -Copyright (c) 2016-2020 Containous SAS; 2020-2023 Traefik Labs +Copyright (c) 2016-2020 Containous SAS; 2020-2024 Traefik Labs Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/fake/fake_serverstransport.go b/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/fake/fake_serverstransport.go index f74c45368..3f3c187bd 100644 --- a/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/fake/fake_serverstransport.go +++ b/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/fake/fake_serverstransport.go @@ -1,7 +1,7 @@ /* The MIT License (MIT) -Copyright (c) 2016-2020 Containous SAS; 2020-2023 Traefik Labs +Copyright (c) 2016-2020 Containous SAS; 2020-2024 Traefik Labs Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/fake/fake_serverstransporttcp.go b/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/fake/fake_serverstransporttcp.go index 3e19f3004..644e04403 100644 --- a/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/fake/fake_serverstransporttcp.go +++ b/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/fake/fake_serverstransporttcp.go @@ -1,7 +1,7 @@ /* The MIT License (MIT) -Copyright (c) 2016-2020 Containous SAS; 2020-2023 Traefik Labs +Copyright (c) 2016-2020 Containous SAS; 2020-2024 Traefik Labs Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/fake/fake_tlsoption.go b/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/fake/fake_tlsoption.go index 194730ebe..d1fb2d073 100644 --- a/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/fake/fake_tlsoption.go +++ b/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/fake/fake_tlsoption.go @@ -1,7 +1,7 @@ /* The MIT License (MIT) -Copyright (c) 2016-2020 Containous SAS; 2020-2023 Traefik Labs +Copyright (c) 2016-2020 Containous SAS; 2020-2024 Traefik Labs Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/fake/fake_tlsstore.go b/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/fake/fake_tlsstore.go index 6329f965b..15f78c74e 100644 --- a/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/fake/fake_tlsstore.go +++ b/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/fake/fake_tlsstore.go @@ -1,7 +1,7 @@ /* The MIT License (MIT) -Copyright (c) 2016-2020 Containous SAS; 2020-2023 Traefik Labs +Copyright (c) 2016-2020 Containous SAS; 2020-2024 Traefik Labs Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/fake/fake_traefikio_client.go b/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/fake/fake_traefikio_client.go index 6e6ca7d86..0b7af0e83 100644 --- a/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/fake/fake_traefikio_client.go +++ b/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/fake/fake_traefikio_client.go @@ -1,7 +1,7 @@ /* The MIT License (MIT) -Copyright (c) 2016-2020 Containous SAS; 2020-2023 Traefik Labs +Copyright (c) 2016-2020 Containous SAS; 2020-2024 Traefik Labs Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/fake/fake_traefikservice.go b/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/fake/fake_traefikservice.go index 51753dbdf..2996ad872 100644 --- a/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/fake/fake_traefikservice.go +++ b/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/fake/fake_traefikservice.go @@ -1,7 +1,7 @@ /* The MIT License (MIT) -Copyright (c) 2016-2020 Containous SAS; 2020-2023 Traefik Labs +Copyright (c) 2016-2020 Containous SAS; 2020-2024 Traefik Labs Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/generated_expansion.go b/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/generated_expansion.go index 0fbf0a82f..37a6da2d4 100644 --- a/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/generated_expansion.go +++ b/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/generated_expansion.go @@ -1,7 +1,7 @@ /* The MIT License (MIT) -Copyright (c) 2016-2020 Containous SAS; 2020-2023 Traefik Labs +Copyright (c) 2016-2020 Containous SAS; 2020-2024 Traefik Labs Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/ingressroute.go b/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/ingressroute.go index 6ec921760..0f91dac03 100644 --- a/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/ingressroute.go +++ b/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/ingressroute.go @@ -1,7 +1,7 @@ /* The MIT License (MIT) -Copyright (c) 2016-2020 Containous SAS; 2020-2023 Traefik Labs +Copyright (c) 2016-2020 Containous SAS; 2020-2024 Traefik Labs Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/ingressroutetcp.go b/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/ingressroutetcp.go index 93caa16aa..88d0af505 100644 --- a/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/ingressroutetcp.go +++ b/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/ingressroutetcp.go @@ -1,7 +1,7 @@ /* The MIT License (MIT) -Copyright (c) 2016-2020 Containous SAS; 2020-2023 Traefik Labs +Copyright (c) 2016-2020 Containous SAS; 2020-2024 Traefik Labs Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/ingressrouteudp.go b/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/ingressrouteudp.go index 74dab24ac..8ce614347 100644 --- a/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/ingressrouteudp.go +++ b/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/ingressrouteudp.go @@ -1,7 +1,7 @@ /* The MIT License (MIT) -Copyright (c) 2016-2020 Containous SAS; 2020-2023 Traefik Labs +Copyright (c) 2016-2020 Containous SAS; 2020-2024 Traefik Labs Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/middleware.go b/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/middleware.go index 615f8d200..a4b1333a7 100644 --- a/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/middleware.go +++ b/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/middleware.go @@ -1,7 +1,7 @@ /* The MIT License (MIT) -Copyright (c) 2016-2020 Containous SAS; 2020-2023 Traefik Labs +Copyright (c) 2016-2020 Containous SAS; 2020-2024 Traefik Labs Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/middlewaretcp.go b/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/middlewaretcp.go index ca4c596f9..39bf46e4a 100644 --- a/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/middlewaretcp.go +++ b/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/middlewaretcp.go @@ -1,7 +1,7 @@ /* The MIT License (MIT) -Copyright (c) 2016-2020 Containous SAS; 2020-2023 Traefik Labs +Copyright (c) 2016-2020 Containous SAS; 2020-2024 Traefik Labs Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/serverstransport.go b/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/serverstransport.go index cc1b467fa..e38d19c00 100644 --- a/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/serverstransport.go +++ b/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/serverstransport.go @@ -1,7 +1,7 @@ /* The MIT License (MIT) -Copyright (c) 2016-2020 Containous SAS; 2020-2023 Traefik Labs +Copyright (c) 2016-2020 Containous SAS; 2020-2024 Traefik Labs Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/serverstransporttcp.go b/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/serverstransporttcp.go index ba1c1bd07..ba36b32bb 100644 --- a/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/serverstransporttcp.go +++ b/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/serverstransporttcp.go @@ -1,7 +1,7 @@ /* The MIT License (MIT) -Copyright (c) 2016-2020 Containous SAS; 2020-2023 Traefik Labs +Copyright (c) 2016-2020 Containous SAS; 2020-2024 Traefik Labs Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/tlsoption.go b/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/tlsoption.go index 24ba147f1..c5b5f7c15 100644 --- a/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/tlsoption.go +++ b/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/tlsoption.go @@ -1,7 +1,7 @@ /* The MIT License (MIT) -Copyright (c) 2016-2020 Containous SAS; 2020-2023 Traefik Labs +Copyright (c) 2016-2020 Containous SAS; 2020-2024 Traefik Labs Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/tlsstore.go b/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/tlsstore.go index 1f66fb482..f67d3b487 100644 --- a/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/tlsstore.go +++ b/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/tlsstore.go @@ -1,7 +1,7 @@ /* The MIT License (MIT) -Copyright (c) 2016-2020 Containous SAS; 2020-2023 Traefik Labs +Copyright (c) 2016-2020 Containous SAS; 2020-2024 Traefik Labs Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/traefikio_client.go b/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/traefikio_client.go index faa31b016..94f7b189a 100644 --- a/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/traefikio_client.go +++ b/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/traefikio_client.go @@ -1,7 +1,7 @@ /* The MIT License (MIT) -Copyright (c) 2016-2020 Containous SAS; 2020-2023 Traefik Labs +Copyright (c) 2016-2020 Containous SAS; 2020-2024 Traefik Labs Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/traefikservice.go b/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/traefikservice.go index e83889472..a10b7b9db 100644 --- a/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/traefikservice.go +++ b/pkg/provider/kubernetes/crd/generated/clientset/versioned/typed/traefikio/v1alpha1/traefikservice.go @@ -1,7 +1,7 @@ /* The MIT License (MIT) -Copyright (c) 2016-2020 Containous SAS; 2020-2023 Traefik Labs +Copyright (c) 2016-2020 Containous SAS; 2020-2024 Traefik Labs Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/provider/kubernetes/crd/generated/informers/externalversions/factory.go b/pkg/provider/kubernetes/crd/generated/informers/externalversions/factory.go index 5856ba838..56302b197 100644 --- a/pkg/provider/kubernetes/crd/generated/informers/externalversions/factory.go +++ b/pkg/provider/kubernetes/crd/generated/informers/externalversions/factory.go @@ -1,7 +1,7 @@ /* The MIT License (MIT) -Copyright (c) 2016-2020 Containous SAS; 2020-2023 Traefik Labs +Copyright (c) 2016-2020 Containous SAS; 2020-2024 Traefik Labs Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/provider/kubernetes/crd/generated/informers/externalversions/generic.go b/pkg/provider/kubernetes/crd/generated/informers/externalversions/generic.go index 93ba25251..1739b5ab4 100644 --- a/pkg/provider/kubernetes/crd/generated/informers/externalversions/generic.go +++ b/pkg/provider/kubernetes/crd/generated/informers/externalversions/generic.go @@ -1,7 +1,7 @@ /* The MIT License (MIT) -Copyright (c) 2016-2020 Containous SAS; 2020-2023 Traefik Labs +Copyright (c) 2016-2020 Containous SAS; 2020-2024 Traefik Labs Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/provider/kubernetes/crd/generated/informers/externalversions/internalinterfaces/factory_interfaces.go b/pkg/provider/kubernetes/crd/generated/informers/externalversions/internalinterfaces/factory_interfaces.go index 6af7a12d8..60400b890 100644 --- a/pkg/provider/kubernetes/crd/generated/informers/externalversions/internalinterfaces/factory_interfaces.go +++ b/pkg/provider/kubernetes/crd/generated/informers/externalversions/internalinterfaces/factory_interfaces.go @@ -1,7 +1,7 @@ /* The MIT License (MIT) -Copyright (c) 2016-2020 Containous SAS; 2020-2023 Traefik Labs +Copyright (c) 2016-2020 Containous SAS; 2020-2024 Traefik Labs Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/provider/kubernetes/crd/generated/informers/externalversions/traefikio/interface.go b/pkg/provider/kubernetes/crd/generated/informers/externalversions/traefikio/interface.go index 22009c56e..b38008a94 100644 --- a/pkg/provider/kubernetes/crd/generated/informers/externalversions/traefikio/interface.go +++ b/pkg/provider/kubernetes/crd/generated/informers/externalversions/traefikio/interface.go @@ -1,7 +1,7 @@ /* The MIT License (MIT) -Copyright (c) 2016-2020 Containous SAS; 2020-2023 Traefik Labs +Copyright (c) 2016-2020 Containous SAS; 2020-2024 Traefik Labs Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/provider/kubernetes/crd/generated/informers/externalversions/traefikio/v1alpha1/ingressroute.go b/pkg/provider/kubernetes/crd/generated/informers/externalversions/traefikio/v1alpha1/ingressroute.go index c2293518f..273659939 100644 --- a/pkg/provider/kubernetes/crd/generated/informers/externalversions/traefikio/v1alpha1/ingressroute.go +++ b/pkg/provider/kubernetes/crd/generated/informers/externalversions/traefikio/v1alpha1/ingressroute.go @@ -1,7 +1,7 @@ /* The MIT License (MIT) -Copyright (c) 2016-2020 Containous SAS; 2020-2023 Traefik Labs +Copyright (c) 2016-2020 Containous SAS; 2020-2024 Traefik Labs Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/provider/kubernetes/crd/generated/informers/externalversions/traefikio/v1alpha1/ingressroutetcp.go b/pkg/provider/kubernetes/crd/generated/informers/externalversions/traefikio/v1alpha1/ingressroutetcp.go index 0ed00501a..f891af0cb 100644 --- a/pkg/provider/kubernetes/crd/generated/informers/externalversions/traefikio/v1alpha1/ingressroutetcp.go +++ b/pkg/provider/kubernetes/crd/generated/informers/externalversions/traefikio/v1alpha1/ingressroutetcp.go @@ -1,7 +1,7 @@ /* The MIT License (MIT) -Copyright (c) 2016-2020 Containous SAS; 2020-2023 Traefik Labs +Copyright (c) 2016-2020 Containous SAS; 2020-2024 Traefik Labs Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/provider/kubernetes/crd/generated/informers/externalversions/traefikio/v1alpha1/ingressrouteudp.go b/pkg/provider/kubernetes/crd/generated/informers/externalversions/traefikio/v1alpha1/ingressrouteudp.go index 68787c969..c5d5258fc 100644 --- a/pkg/provider/kubernetes/crd/generated/informers/externalversions/traefikio/v1alpha1/ingressrouteudp.go +++ b/pkg/provider/kubernetes/crd/generated/informers/externalversions/traefikio/v1alpha1/ingressrouteudp.go @@ -1,7 +1,7 @@ /* The MIT License (MIT) -Copyright (c) 2016-2020 Containous SAS; 2020-2023 Traefik Labs +Copyright (c) 2016-2020 Containous SAS; 2020-2024 Traefik Labs Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/provider/kubernetes/crd/generated/informers/externalversions/traefikio/v1alpha1/interface.go b/pkg/provider/kubernetes/crd/generated/informers/externalversions/traefikio/v1alpha1/interface.go index a611e3c78..ae821c598 100644 --- a/pkg/provider/kubernetes/crd/generated/informers/externalversions/traefikio/v1alpha1/interface.go +++ b/pkg/provider/kubernetes/crd/generated/informers/externalversions/traefikio/v1alpha1/interface.go @@ -1,7 +1,7 @@ /* The MIT License (MIT) -Copyright (c) 2016-2020 Containous SAS; 2020-2023 Traefik Labs +Copyright (c) 2016-2020 Containous SAS; 2020-2024 Traefik Labs Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/provider/kubernetes/crd/generated/informers/externalversions/traefikio/v1alpha1/middleware.go b/pkg/provider/kubernetes/crd/generated/informers/externalversions/traefikio/v1alpha1/middleware.go index 9a00c146b..c889244b6 100644 --- a/pkg/provider/kubernetes/crd/generated/informers/externalversions/traefikio/v1alpha1/middleware.go +++ b/pkg/provider/kubernetes/crd/generated/informers/externalversions/traefikio/v1alpha1/middleware.go @@ -1,7 +1,7 @@ /* The MIT License (MIT) -Copyright (c) 2016-2020 Containous SAS; 2020-2023 Traefik Labs +Copyright (c) 2016-2020 Containous SAS; 2020-2024 Traefik Labs Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/provider/kubernetes/crd/generated/informers/externalversions/traefikio/v1alpha1/middlewaretcp.go b/pkg/provider/kubernetes/crd/generated/informers/externalversions/traefikio/v1alpha1/middlewaretcp.go index 8b547fc45..4fa7f41aa 100644 --- a/pkg/provider/kubernetes/crd/generated/informers/externalversions/traefikio/v1alpha1/middlewaretcp.go +++ b/pkg/provider/kubernetes/crd/generated/informers/externalversions/traefikio/v1alpha1/middlewaretcp.go @@ -1,7 +1,7 @@ /* The MIT License (MIT) -Copyright (c) 2016-2020 Containous SAS; 2020-2023 Traefik Labs +Copyright (c) 2016-2020 Containous SAS; 2020-2024 Traefik Labs Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/provider/kubernetes/crd/generated/informers/externalversions/traefikio/v1alpha1/serverstransport.go b/pkg/provider/kubernetes/crd/generated/informers/externalversions/traefikio/v1alpha1/serverstransport.go index cd76b4457..9ed0ab1b2 100644 --- a/pkg/provider/kubernetes/crd/generated/informers/externalversions/traefikio/v1alpha1/serverstransport.go +++ b/pkg/provider/kubernetes/crd/generated/informers/externalversions/traefikio/v1alpha1/serverstransport.go @@ -1,7 +1,7 @@ /* The MIT License (MIT) -Copyright (c) 2016-2020 Containous SAS; 2020-2023 Traefik Labs +Copyright (c) 2016-2020 Containous SAS; 2020-2024 Traefik Labs Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/provider/kubernetes/crd/generated/informers/externalversions/traefikio/v1alpha1/serverstransporttcp.go b/pkg/provider/kubernetes/crd/generated/informers/externalversions/traefikio/v1alpha1/serverstransporttcp.go index 467e2fad1..0c3461ae5 100644 --- a/pkg/provider/kubernetes/crd/generated/informers/externalversions/traefikio/v1alpha1/serverstransporttcp.go +++ b/pkg/provider/kubernetes/crd/generated/informers/externalversions/traefikio/v1alpha1/serverstransporttcp.go @@ -1,7 +1,7 @@ /* The MIT License (MIT) -Copyright (c) 2016-2020 Containous SAS; 2020-2023 Traefik Labs +Copyright (c) 2016-2020 Containous SAS; 2020-2024 Traefik Labs Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/provider/kubernetes/crd/generated/informers/externalversions/traefikio/v1alpha1/tlsoption.go b/pkg/provider/kubernetes/crd/generated/informers/externalversions/traefikio/v1alpha1/tlsoption.go index 34336133b..c93a8f924 100644 --- a/pkg/provider/kubernetes/crd/generated/informers/externalversions/traefikio/v1alpha1/tlsoption.go +++ b/pkg/provider/kubernetes/crd/generated/informers/externalversions/traefikio/v1alpha1/tlsoption.go @@ -1,7 +1,7 @@ /* The MIT License (MIT) -Copyright (c) 2016-2020 Containous SAS; 2020-2023 Traefik Labs +Copyright (c) 2016-2020 Containous SAS; 2020-2024 Traefik Labs Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/provider/kubernetes/crd/generated/informers/externalversions/traefikio/v1alpha1/tlsstore.go b/pkg/provider/kubernetes/crd/generated/informers/externalversions/traefikio/v1alpha1/tlsstore.go index 56314fa20..8817b5b0c 100644 --- a/pkg/provider/kubernetes/crd/generated/informers/externalversions/traefikio/v1alpha1/tlsstore.go +++ b/pkg/provider/kubernetes/crd/generated/informers/externalversions/traefikio/v1alpha1/tlsstore.go @@ -1,7 +1,7 @@ /* The MIT License (MIT) -Copyright (c) 2016-2020 Containous SAS; 2020-2023 Traefik Labs +Copyright (c) 2016-2020 Containous SAS; 2020-2024 Traefik Labs Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/provider/kubernetes/crd/generated/informers/externalversions/traefikio/v1alpha1/traefikservice.go b/pkg/provider/kubernetes/crd/generated/informers/externalversions/traefikio/v1alpha1/traefikservice.go index 59dd21c71..d80ff4b05 100644 --- a/pkg/provider/kubernetes/crd/generated/informers/externalversions/traefikio/v1alpha1/traefikservice.go +++ b/pkg/provider/kubernetes/crd/generated/informers/externalversions/traefikio/v1alpha1/traefikservice.go @@ -1,7 +1,7 @@ /* The MIT License (MIT) -Copyright (c) 2016-2020 Containous SAS; 2020-2023 Traefik Labs +Copyright (c) 2016-2020 Containous SAS; 2020-2024 Traefik Labs Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/provider/kubernetes/crd/generated/listers/traefikio/v1alpha1/expansion_generated.go b/pkg/provider/kubernetes/crd/generated/listers/traefikio/v1alpha1/expansion_generated.go index a8df13373..fe402a3c5 100644 --- a/pkg/provider/kubernetes/crd/generated/listers/traefikio/v1alpha1/expansion_generated.go +++ b/pkg/provider/kubernetes/crd/generated/listers/traefikio/v1alpha1/expansion_generated.go @@ -1,7 +1,7 @@ /* The MIT License (MIT) -Copyright (c) 2016-2020 Containous SAS; 2020-2023 Traefik Labs +Copyright (c) 2016-2020 Containous SAS; 2020-2024 Traefik Labs Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/provider/kubernetes/crd/generated/listers/traefikio/v1alpha1/ingressroute.go b/pkg/provider/kubernetes/crd/generated/listers/traefikio/v1alpha1/ingressroute.go index dbbcd28fe..9ef8d2234 100644 --- a/pkg/provider/kubernetes/crd/generated/listers/traefikio/v1alpha1/ingressroute.go +++ b/pkg/provider/kubernetes/crd/generated/listers/traefikio/v1alpha1/ingressroute.go @@ -1,7 +1,7 @@ /* The MIT License (MIT) -Copyright (c) 2016-2020 Containous SAS; 2020-2023 Traefik Labs +Copyright (c) 2016-2020 Containous SAS; 2020-2024 Traefik Labs Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/provider/kubernetes/crd/generated/listers/traefikio/v1alpha1/ingressroutetcp.go b/pkg/provider/kubernetes/crd/generated/listers/traefikio/v1alpha1/ingressroutetcp.go index 63ffc06b1..399830bd4 100644 --- a/pkg/provider/kubernetes/crd/generated/listers/traefikio/v1alpha1/ingressroutetcp.go +++ b/pkg/provider/kubernetes/crd/generated/listers/traefikio/v1alpha1/ingressroutetcp.go @@ -1,7 +1,7 @@ /* The MIT License (MIT) -Copyright (c) 2016-2020 Containous SAS; 2020-2023 Traefik Labs +Copyright (c) 2016-2020 Containous SAS; 2020-2024 Traefik Labs Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/provider/kubernetes/crd/generated/listers/traefikio/v1alpha1/ingressrouteudp.go b/pkg/provider/kubernetes/crd/generated/listers/traefikio/v1alpha1/ingressrouteudp.go index 7156f8bf9..6e4c5ce6c 100644 --- a/pkg/provider/kubernetes/crd/generated/listers/traefikio/v1alpha1/ingressrouteudp.go +++ b/pkg/provider/kubernetes/crd/generated/listers/traefikio/v1alpha1/ingressrouteudp.go @@ -1,7 +1,7 @@ /* The MIT License (MIT) -Copyright (c) 2016-2020 Containous SAS; 2020-2023 Traefik Labs +Copyright (c) 2016-2020 Containous SAS; 2020-2024 Traefik Labs Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/provider/kubernetes/crd/generated/listers/traefikio/v1alpha1/middleware.go b/pkg/provider/kubernetes/crd/generated/listers/traefikio/v1alpha1/middleware.go index c69ef6bea..ead5dfca0 100644 --- a/pkg/provider/kubernetes/crd/generated/listers/traefikio/v1alpha1/middleware.go +++ b/pkg/provider/kubernetes/crd/generated/listers/traefikio/v1alpha1/middleware.go @@ -1,7 +1,7 @@ /* The MIT License (MIT) -Copyright (c) 2016-2020 Containous SAS; 2020-2023 Traefik Labs +Copyright (c) 2016-2020 Containous SAS; 2020-2024 Traefik Labs Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/provider/kubernetes/crd/generated/listers/traefikio/v1alpha1/middlewaretcp.go b/pkg/provider/kubernetes/crd/generated/listers/traefikio/v1alpha1/middlewaretcp.go index 388537233..d7e6fbc27 100644 --- a/pkg/provider/kubernetes/crd/generated/listers/traefikio/v1alpha1/middlewaretcp.go +++ b/pkg/provider/kubernetes/crd/generated/listers/traefikio/v1alpha1/middlewaretcp.go @@ -1,7 +1,7 @@ /* The MIT License (MIT) -Copyright (c) 2016-2020 Containous SAS; 2020-2023 Traefik Labs +Copyright (c) 2016-2020 Containous SAS; 2020-2024 Traefik Labs Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/provider/kubernetes/crd/generated/listers/traefikio/v1alpha1/serverstransport.go b/pkg/provider/kubernetes/crd/generated/listers/traefikio/v1alpha1/serverstransport.go index 2532091fa..35b5a5010 100644 --- a/pkg/provider/kubernetes/crd/generated/listers/traefikio/v1alpha1/serverstransport.go +++ b/pkg/provider/kubernetes/crd/generated/listers/traefikio/v1alpha1/serverstransport.go @@ -1,7 +1,7 @@ /* The MIT License (MIT) -Copyright (c) 2016-2020 Containous SAS; 2020-2023 Traefik Labs +Copyright (c) 2016-2020 Containous SAS; 2020-2024 Traefik Labs Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/provider/kubernetes/crd/generated/listers/traefikio/v1alpha1/serverstransporttcp.go b/pkg/provider/kubernetes/crd/generated/listers/traefikio/v1alpha1/serverstransporttcp.go index 2b2354e1a..70ba73041 100644 --- a/pkg/provider/kubernetes/crd/generated/listers/traefikio/v1alpha1/serverstransporttcp.go +++ b/pkg/provider/kubernetes/crd/generated/listers/traefikio/v1alpha1/serverstransporttcp.go @@ -1,7 +1,7 @@ /* The MIT License (MIT) -Copyright (c) 2016-2020 Containous SAS; 2020-2023 Traefik Labs +Copyright (c) 2016-2020 Containous SAS; 2020-2024 Traefik Labs Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/provider/kubernetes/crd/generated/listers/traefikio/v1alpha1/tlsoption.go b/pkg/provider/kubernetes/crd/generated/listers/traefikio/v1alpha1/tlsoption.go index 520c95da1..60dd53d8d 100644 --- a/pkg/provider/kubernetes/crd/generated/listers/traefikio/v1alpha1/tlsoption.go +++ b/pkg/provider/kubernetes/crd/generated/listers/traefikio/v1alpha1/tlsoption.go @@ -1,7 +1,7 @@ /* The MIT License (MIT) -Copyright (c) 2016-2020 Containous SAS; 2020-2023 Traefik Labs +Copyright (c) 2016-2020 Containous SAS; 2020-2024 Traefik Labs Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/provider/kubernetes/crd/generated/listers/traefikio/v1alpha1/tlsstore.go b/pkg/provider/kubernetes/crd/generated/listers/traefikio/v1alpha1/tlsstore.go index 9687ba492..b3cfa733c 100644 --- a/pkg/provider/kubernetes/crd/generated/listers/traefikio/v1alpha1/tlsstore.go +++ b/pkg/provider/kubernetes/crd/generated/listers/traefikio/v1alpha1/tlsstore.go @@ -1,7 +1,7 @@ /* The MIT License (MIT) -Copyright (c) 2016-2020 Containous SAS; 2020-2023 Traefik Labs +Copyright (c) 2016-2020 Containous SAS; 2020-2024 Traefik Labs Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/provider/kubernetes/crd/generated/listers/traefikio/v1alpha1/traefikservice.go b/pkg/provider/kubernetes/crd/generated/listers/traefikio/v1alpha1/traefikservice.go index cb4331c10..7c45e05d5 100644 --- a/pkg/provider/kubernetes/crd/generated/listers/traefikio/v1alpha1/traefikservice.go +++ b/pkg/provider/kubernetes/crd/generated/listers/traefikio/v1alpha1/traefikservice.go @@ -1,7 +1,7 @@ /* The MIT License (MIT) -Copyright (c) 2016-2020 Containous SAS; 2020-2023 Traefik Labs +Copyright (c) 2016-2020 Containous SAS; 2020-2024 Traefik Labs Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/provider/kubernetes/crd/traefikio/v1alpha1/zz_generated.deepcopy.go b/pkg/provider/kubernetes/crd/traefikio/v1alpha1/zz_generated.deepcopy.go index e8f75cda6..200969b3d 100644 --- a/pkg/provider/kubernetes/crd/traefikio/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/provider/kubernetes/crd/traefikio/v1alpha1/zz_generated.deepcopy.go @@ -4,7 +4,7 @@ /* The MIT License (MIT) -Copyright (c) 2016-2020 Containous SAS; 2020-2023 Traefik Labs +Copyright (c) 2016-2020 Containous SAS; 2020-2024 Traefik Labs Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/provider/kv/redis/redis.go b/pkg/provider/kv/redis/redis.go index ddd7178cb..874a6b1a1 100644 --- a/pkg/provider/kv/redis/redis.go +++ b/pkg/provider/kv/redis/redis.go @@ -2,6 +2,7 @@ package redis import ( "context" + "errors" "fmt" "github.com/kvtools/redis" @@ -20,6 +21,20 @@ type Provider struct { Username string `description:"Username for authentication." json:"username,omitempty" toml:"username,omitempty" yaml:"username,omitempty" loggable:"false"` Password string `description:"Password for authentication." json:"password,omitempty" toml:"password,omitempty" yaml:"password,omitempty" loggable:"false"` DB int `description:"Database to be selected after connecting to the server." json:"db,omitempty" toml:"db,omitempty" yaml:"db,omitempty"` + Sentinel *Sentinel `description:"Enable Sentinel support." json:"sentinel,omitempty" toml:"sentinel,omitempty" yaml:"sentinel,omitempty"` +} + +// Sentinel holds the Redis Sentinel configuration. +type Sentinel struct { + MasterName string `description:"Name of the master." json:"masterName,omitempty" toml:"masterName,omitempty" yaml:"masterName,omitempty" export:"true"` + Username string `description:"Username for Sentinel authentication." json:"username,omitempty" toml:"username,omitempty" yaml:"username,omitempty" export:"true"` + Password string `description:"Password for Sentinel authentication." json:"password,omitempty" toml:"password,omitempty" yaml:"password,omitempty" export:"true"` + + LatencyStrategy bool `description:"Defines whether to route commands to the closest master or replica nodes (mutually exclusive with RandomStrategy and ReplicaStrategy)." json:"latencyStrategy,omitempty" toml:"latencyStrategy,omitempty" yaml:"latencyStrategy,omitempty" export:"true"` + RandomStrategy bool `description:"Defines whether to route commands randomly to master or replica nodes (mutually exclusive with LatencyStrategy and ReplicaStrategy)." json:"randomStrategy,omitempty" toml:"randomStrategy,omitempty" yaml:"randomStrategy,omitempty" export:"true"` + ReplicaStrategy bool `description:"Defines whether to route all commands to replica nodes (mutually exclusive with LatencyStrategy and RandomStrategy)." json:"replicaStrategy,omitempty" toml:"replicaStrategy,omitempty" yaml:"replicaStrategy,omitempty" export:"true"` + + UseDisconnectedReplicas bool `description:"Use replicas disconnected with master when cannot get connected replicas." json:"useDisconnectedReplicas,omitempty" toml:"useDisconnectedReplicas,omitempty" yaml:"useDisconnectedReplicas,omitempty" export:"true"` } // SetDefaults sets the default values. @@ -44,5 +59,26 @@ func (p *Provider) Init() error { } } + if p.Sentinel != nil { + switch { + case p.Sentinel.LatencyStrategy && !(p.Sentinel.RandomStrategy || p.Sentinel.ReplicaStrategy): + case p.Sentinel.RandomStrategy && !(p.Sentinel.LatencyStrategy || p.Sentinel.ReplicaStrategy): + case p.Sentinel.ReplicaStrategy && !(p.Sentinel.RandomStrategy || p.Sentinel.LatencyStrategy): + return errors.New("latencyStrategy, randomStrategy and replicaStrategy options are mutually exclusive, please use only one of those options") + } + + clusterClient := p.Sentinel.LatencyStrategy || p.Sentinel.RandomStrategy + config.Sentinel = &redis.Sentinel{ + MasterName: p.Sentinel.MasterName, + Username: p.Sentinel.Username, + Password: p.Sentinel.Password, + ClusterClient: clusterClient, + RouteByLatency: p.Sentinel.LatencyStrategy, + RouteRandomly: p.Sentinel.RandomStrategy, + ReplicaOnly: p.Sentinel.ReplicaStrategy, + UseDisconnectedReplicas: p.Sentinel.UseDisconnectedReplicas, + } + } + return p.Provider.Init(redis.StoreName, "redis", config) } diff --git a/pkg/server/keep_alive_middleware.go b/pkg/server/keep_alive_middleware.go new file mode 100644 index 000000000..cccdb6d70 --- /dev/null +++ b/pkg/server/keep_alive_middleware.go @@ -0,0 +1,29 @@ +package server + +import ( + "net/http" + "time" + + "github.com/rs/zerolog/log" + ptypes "github.com/traefik/paerser/types" +) + +func newKeepAliveMiddleware(next http.Handler, maxRequests int, maxTime ptypes.Duration) http.Handler { + return http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) { + state, ok := req.Context().Value(connStateKey).(*connState) + if ok { + state.HTTPRequestCount++ + if maxRequests > 0 && state.HTTPRequestCount >= maxRequests { + log.Debug().Msg("Close because of too many requests") + state.KeepAliveState = "Close because of too many requests" + rw.Header().Set("Connection", "close") + } + if maxTime > 0 && time.Now().After(state.Start.Add(time.Duration(maxTime))) { + log.Debug().Msg("Close because of too long connection") + state.KeepAliveState = "Close because of too long connection" + rw.Header().Set("Connection", "close") + } + } + next.ServeHTTP(rw, req) + }) +} diff --git a/pkg/server/server_entrypoint_tcp.go b/pkg/server/server_entrypoint_tcp.go index 9f3a9bfc7..e4d2892a8 100644 --- a/pkg/server/server_entrypoint_tcp.go +++ b/pkg/server/server_entrypoint_tcp.go @@ -3,6 +3,7 @@ package server import ( "context" "errors" + "expvar" "fmt" stdlog "log" "net" @@ -36,6 +37,25 @@ import ( "golang.org/x/net/http2/h2c" ) +type key string + +const ( + connStateKey key = "connState" + debugConnectionEnv string = "DEBUG_CONNECTION" +) + +var ( + clientConnectionStates = map[string]*connState{} + clientConnectionStatesMu = sync.RWMutex{} +) + +type connState struct { + State string + KeepAliveState string + Start time.Time + HTTPRequestCount int +} + type httpForwarder struct { net.Listener connChan chan net.Conn @@ -70,6 +90,11 @@ type TCPEntryPoints map[string]*TCPEntryPoint // NewTCPEntryPoints creates a new TCPEntryPoints. func NewTCPEntryPoints(entryPointsConfig static.EntryPoints, hostResolverConfig *types.HostResolverConfig, metricsRegistry metrics.Registry) (TCPEntryPoints, error) { + if os.Getenv(debugConnectionEnv) != "" { + expvar.Publish("clientConnectionStates", expvar.Func(func() any { + return clientConnectionStates + })) + } serverEntryPointsTCP := make(TCPEntryPoints) for entryPointName, config := range entryPointsConfig { protocol, err := config.GetProtocol() @@ -399,7 +424,12 @@ func (ln tcpKeepAliveListener) Accept() (net.Conn, error) { } func buildProxyProtocolListener(ctx context.Context, entryPoint *static.EntryPoint, listener net.Listener) (net.Listener, error) { - proxyListener := &proxyproto.Listener{Listener: listener} + timeout := entryPoint.Transport.RespondingTimeouts.ReadTimeout + // proxyproto use 200ms if ReadHeaderTimeout is set to 0 and not no timeout + if timeout == 0 { + timeout = -1 + } + proxyListener := &proxyproto.Listener{Listener: listener, ReadHeaderTimeout: time.Duration(timeout)} if entryPoint.ProxyProtocol.Insecure { log.Ctx(ctx).Info().Msg("Enabling ProxyProtocol without trusted IPs: Insecure") @@ -568,6 +598,11 @@ func createHTTPServer(ctx context.Context, ln net.Listener, configuration *stati }) } + debugConnection := os.Getenv(debugConnectionEnv) != "" + if debugConnection || (configuration.Transport != nil && (configuration.Transport.KeepAliveMaxTime > 0 || configuration.Transport.KeepAliveMaxRequests > 0)) { + handler = newKeepAliveMiddleware(handler, configuration.Transport.KeepAliveMaxRequests, configuration.Transport.KeepAliveMaxTime) + } + serverHTTP := &http.Server{ Handler: handler, ErrorLog: stdlog.New(logs.NoLevel(log.Logger, zerolog.DebugLevel), "", 0), @@ -575,6 +610,27 @@ func createHTTPServer(ctx context.Context, ln net.Listener, configuration *stati WriteTimeout: time.Duration(configuration.Transport.RespondingTimeouts.WriteTimeout), IdleTimeout: time.Duration(configuration.Transport.RespondingTimeouts.IdleTimeout), } + if debugConnection || (configuration.Transport != nil && (configuration.Transport.KeepAliveMaxTime > 0 || configuration.Transport.KeepAliveMaxRequests > 0)) { + serverHTTP.ConnContext = func(ctx context.Context, c net.Conn) context.Context { + cState := &connState{Start: time.Now()} + if debugConnection { + clientConnectionStatesMu.Lock() + clientConnectionStates[getConnKey(c)] = cState + clientConnectionStatesMu.Unlock() + } + return context.WithValue(ctx, connStateKey, cState) + } + + if debugConnection { + serverHTTP.ConnState = func(c net.Conn, state http.ConnState) { + clientConnectionStatesMu.Lock() + if clientConnectionStates[getConnKey(c)] != nil { + clientConnectionStates[getConnKey(c)].State = state.String() + } + clientConnectionStatesMu.Unlock() + } + } + } // ConfigureServer configures HTTP/2 with the MaxConcurrentStreams option for the given server. // Also keeping behavior the same as @@ -604,6 +660,10 @@ func createHTTPServer(ctx context.Context, ln net.Listener, configuration *stati }, nil } +func getConnKey(conn net.Conn) string { + return fmt.Sprintf("%s => %s", conn.RemoteAddr(), conn.LocalAddr()) +} + func newTrackedConnection(conn tcp.WriteCloser, tracker *connectionTracker) *trackedConnection { tracker.AddConnection(conn) return &trackedConnection{ diff --git a/pkg/server/server_entrypoint_tcp_test.go b/pkg/server/server_entrypoint_tcp_test.go index 3567ca47f..d050803f3 100644 --- a/pkg/server/server_entrypoint_tcp_test.go +++ b/pkg/server/server_entrypoint_tcp_test.go @@ -230,3 +230,91 @@ func TestReadTimeoutWithFirstByte(t *testing.T) { t.Error("Timeout while read") } } + +func TestKeepAliveMaxRequests(t *testing.T) { + epConfig := &static.EntryPointsTransport{} + epConfig.SetDefaults() + epConfig.KeepAliveMaxRequests = 3 + + entryPoint, err := NewTCPEntryPoint(context.Background(), &static.EntryPoint{ + Address: ":0", + Transport: epConfig, + ForwardedHeaders: &static.ForwardedHeaders{}, + HTTP2: &static.HTTP2Config{}, + }, nil, nil) + require.NoError(t, err) + + router := &tcprouter.Router{} + router.SetHTTPHandler(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) { + rw.WriteHeader(http.StatusOK) + })) + + conn, err := startEntrypoint(entryPoint, router) + require.NoError(t, err) + + http.DefaultClient.Transport = &http.Transport{ + DialContext: func(ctx context.Context, network, addr string) (net.Conn, error) { + return conn, nil + }, + } + + resp, err := http.Get("http://" + entryPoint.listener.Addr().String()) + require.NoError(t, err) + require.False(t, resp.Close) + err = resp.Body.Close() + require.NoError(t, err) + + resp, err = http.Get("http://" + entryPoint.listener.Addr().String()) + require.NoError(t, err) + require.False(t, resp.Close) + err = resp.Body.Close() + require.NoError(t, err) + + resp, err = http.Get("http://" + entryPoint.listener.Addr().String()) + require.NoError(t, err) + require.True(t, resp.Close) + err = resp.Body.Close() + require.NoError(t, err) +} + +func TestKeepAliveMaxTime(t *testing.T) { + epConfig := &static.EntryPointsTransport{} + epConfig.SetDefaults() + epConfig.KeepAliveMaxTime = ptypes.Duration(time.Millisecond) + + entryPoint, err := NewTCPEntryPoint(context.Background(), &static.EntryPoint{ + Address: ":0", + Transport: epConfig, + ForwardedHeaders: &static.ForwardedHeaders{}, + HTTP2: &static.HTTP2Config{}, + }, nil, nil) + require.NoError(t, err) + + router := &tcprouter.Router{} + router.SetHTTPHandler(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) { + rw.WriteHeader(http.StatusOK) + })) + + conn, err := startEntrypoint(entryPoint, router) + require.NoError(t, err) + + http.DefaultClient.Transport = &http.Transport{ + DialContext: func(ctx context.Context, network, addr string) (net.Conn, error) { + return conn, nil + }, + } + + resp, err := http.Get("http://" + entryPoint.listener.Addr().String()) + require.NoError(t, err) + require.False(t, resp.Close) + err = resp.Body.Close() + require.NoError(t, err) + + time.Sleep(time.Millisecond) + + resp, err = http.Get("http://" + entryPoint.listener.Addr().String()) + require.NoError(t, err) + require.True(t, resp.Close) + err = resp.Body.Close() + require.NoError(t, err) +} diff --git a/pkg/server/service/loadbalancer/wrr/wrr.go b/pkg/server/service/loadbalancer/wrr/wrr.go index f3a38b4c9..343c525d2 100644 --- a/pkg/server/service/loadbalancer/wrr/wrr.go +++ b/pkg/server/service/loadbalancer/wrr/wrr.go @@ -4,6 +4,8 @@ import ( "container/heap" "context" "errors" + "fmt" + "hash/fnv" "net/http" "sync" @@ -47,7 +49,9 @@ type Balancer struct { stickyCookie *stickyCookie wantsHealthCheck bool - mutex sync.RWMutex + handlersMu sync.RWMutex + // References all the handlers by name and also by the hashed value of the name. + handlerMap map[string]*namedHandler handlers []*namedHandler curDeadline float64 // status is a record of which child services of the Balancer are healthy, keyed @@ -64,6 +68,7 @@ type Balancer struct { func New(sticky *dynamic.Sticky, wantHealthCheck bool) *Balancer { balancer := &Balancer{ status: make(map[string]struct{}), + handlerMap: make(map[string]*namedHandler), wantsHealthCheck: wantHealthCheck, } if sticky != nil && sticky.Cookie != nil { @@ -74,6 +79,7 @@ func New(sticky *dynamic.Sticky, wantHealthCheck bool) *Balancer { sameSite: sticky.Cookie.SameSite, } } + return balancer } @@ -111,8 +117,8 @@ func (b *Balancer) Pop() interface{} { // SetStatus sets on the balancer that its given child is now of the given // status. balancerName is only needed for logging purposes. func (b *Balancer) SetStatus(ctx context.Context, childName string, up bool) { - b.mutex.Lock() - defer b.mutex.Unlock() + b.handlersMu.Lock() + defer b.handlersMu.Unlock() upBefore := len(b.status) > 0 @@ -163,8 +169,8 @@ func (b *Balancer) RegisterStatusUpdater(fn func(up bool)) error { var errNoAvailableServer = errors.New("no available server") func (b *Balancer) nextServer() (*namedHandler, error) { - b.mutex.Lock() - defer b.mutex.Unlock() + b.handlersMu.Lock() + defer b.handlersMu.Unlock() if len(b.handlers) == 0 || len(b.status) == 0 { return nil, errNoAvailableServer @@ -198,22 +204,18 @@ func (b *Balancer) ServeHTTP(w http.ResponseWriter, req *http.Request) { } if err == nil && cookie != nil { - for _, handler := range b.handlers { - if handler.name != cookie.Value { - continue - } + b.handlersMu.RLock() + handler, ok := b.handlerMap[cookie.Value] + b.handlersMu.RUnlock() - b.mutex.RLock() - _, ok := b.status[handler.name] - b.mutex.RUnlock() - if !ok { - // because we already are in the only iteration that matches the cookie, so none - // of the following iterations are going to be a match for the cookie anyway. - break + if ok && handler != nil { + b.handlersMu.RLock() + _, isHealthy := b.status[handler.name] + b.handlersMu.RUnlock() + if isHealthy { + handler.ServeHTTP(w, req) + return } - - handler.ServeHTTP(w, req) - return } } } @@ -231,7 +233,7 @@ func (b *Balancer) ServeHTTP(w http.ResponseWriter, req *http.Request) { if b.stickyCookie != nil { cookie := &http.Cookie{ Name: b.stickyCookie.name, - Value: server.name, + Value: hash(server.name), Path: "/", HttpOnly: b.stickyCookie.httpOnly, Secure: b.stickyCookie.secure, @@ -257,9 +259,19 @@ func (b *Balancer) Add(name string, handler http.Handler, weight *int) { h := &namedHandler{Handler: handler, name: name, weight: float64(w)} - b.mutex.Lock() + b.handlersMu.Lock() h.deadline = b.curDeadline + 1/h.weight heap.Push(b, h) b.status[name] = struct{}{} - b.mutex.Unlock() + b.handlerMap[name] = h + b.handlerMap[hash(name)] = h + b.handlersMu.Unlock() +} + +func hash(input string) string { + hasher := fnv.New64() + // We purposely ignore the error because the implementation always returns nil. + _, _ = hasher.Write([]byte(input)) + + return fmt.Sprintf("%x", hasher.Sum64()) } diff --git a/pkg/server/service/loadbalancer/wrr/wrr_test.go b/pkg/server/service/loadbalancer/wrr/wrr_test.go index c6cb5aee7..2392ad84b 100644 --- a/pkg/server/service/loadbalancer/wrr/wrr_test.go +++ b/pkg/server/service/loadbalancer/wrr/wrr_test.go @@ -247,6 +247,8 @@ func TestSticky(t *testing.T) { req := httptest.NewRequest(http.MethodGet, "/", nil) for i := 0; i < 3; i++ { for _, cookie := range recorder.Result().Cookies() { + assert.NotContains(t, "test=first", cookie.Value) + assert.NotContains(t, "test=second", cookie.Value) req.AddCookie(cookie) } recorder.ResponseRecorder = httptest.NewRecorder() @@ -261,6 +263,35 @@ func TestSticky(t *testing.T) { assert.Equal(t, http.SameSiteNoneMode, recorder.cookies["test"].SameSite) } +func TestSticky_FallBack(t *testing.T) { + balancer := New(&dynamic.Sticky{ + Cookie: &dynamic.Cookie{Name: "test"}, + }, false) + + balancer.Add("first", http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) { + rw.Header().Set("server", "first") + rw.WriteHeader(http.StatusOK) + }), Int(1)) + + balancer.Add("second", http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) { + rw.Header().Set("server", "second") + rw.WriteHeader(http.StatusOK) + }), Int(2)) + + recorder := &responseRecorder{ResponseRecorder: httptest.NewRecorder(), save: map[string]int{}} + + req := httptest.NewRequest(http.MethodGet, "/", nil) + req.AddCookie(&http.Cookie{Name: "test", Value: "second"}) + for i := 0; i < 3; i++ { + recorder.ResponseRecorder = httptest.NewRecorder() + + balancer.ServeHTTP(recorder, req) + } + + assert.Equal(t, 0, recorder.save["first"]) + assert.Equal(t, 3, recorder.save["second"]) +} + // TestBalancerBias makes sure that the WRR algorithm spreads elements evenly right from the start, // and that it does not "over-favor" the high-weighted ones with a biased start-up regime. func TestBalancerBias(t *testing.T) { diff --git a/pkg/tls/zz_generated.deepcopy.go b/pkg/tls/zz_generated.deepcopy.go index 6523c97b1..63d18bcb5 100644 --- a/pkg/tls/zz_generated.deepcopy.go +++ b/pkg/tls/zz_generated.deepcopy.go @@ -4,7 +4,7 @@ /* The MIT License (MIT) -Copyright (c) 2016-2020 Containous SAS; 2020-2023 Traefik Labs +Copyright (c) 2016-2020 Containous SAS; 2020-2024 Traefik Labs Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/types/zz_generated.deepcopy.go b/pkg/types/zz_generated.deepcopy.go index 8c55ace87..f2853fdfc 100644 --- a/pkg/types/zz_generated.deepcopy.go +++ b/pkg/types/zz_generated.deepcopy.go @@ -4,7 +4,7 @@ /* The MIT License (MIT) -Copyright (c) 2016-2020 Containous SAS; 2020-2023 Traefik Labs +Copyright (c) 2016-2020 Containous SAS; 2020-2024 Traefik Labs Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/script/gcg/traefik-bugfix.toml b/script/gcg/traefik-bugfix.toml index fb6f9ccde..2ee1b473a 100644 --- a/script/gcg/traefik-bugfix.toml +++ b/script/gcg/traefik-bugfix.toml @@ -4,11 +4,11 @@ RepositoryName = "traefik" OutputType = "file" FileName = "traefik_changelog.md" -# example new bugfix v2.10.6 -CurrentRef = "v2.10" -PreviousRef = "v2.10.5" -BaseBranch = "v2.10" -FutureCurrentRefName = "v2.10.6" +# example new bugfix v2.11.1 +CurrentRef = "v2.11" +PreviousRef = "v2.11.0" +BaseBranch = "v2.11" +FutureCurrentRefName = "v2.11.1" ThresholdPreviousRef = 10 ThresholdCurrentRef = 10 diff --git a/script/gcg/traefik-final-release-part1.toml b/script/gcg/traefik-final-release-part1.toml index ee2bd3017..2e73738fb 100644 --- a/script/gcg/traefik-final-release-part1.toml +++ b/script/gcg/traefik-final-release-part1.toml @@ -4,11 +4,11 @@ RepositoryName = "traefik" OutputType = "file" FileName = "traefik_changelog.md" -# example final release of v2.10.0 -CurrentRef = "v2.10" -PreviousRef = "v2.10.0-rc1" -BaseBranch = "v2.10" -FutureCurrentRefName = "v2.10.0" +# example final release of v2.11.0 +CurrentRef = "v2.11" +PreviousRef = "v2.11.0-rc1" +BaseBranch = "v2.11" +FutureCurrentRefName = "v2.11.0" ThresholdPreviousRef = 10 ThresholdCurrentRef = 10 diff --git a/script/gcg/traefik-final-release-part2.toml b/script/gcg/traefik-final-release-part2.toml index 9f3abf827..bfd11e0f1 100644 --- a/script/gcg/traefik-final-release-part2.toml +++ b/script/gcg/traefik-final-release-part2.toml @@ -4,11 +4,11 @@ RepositoryName = "traefik" OutputType = "file" FileName = "traefik_changelog.md" -# example final release of v2.10.0 -CurrentRef = "v2.10.0-rc1" -PreviousRef = "v2.9.0-rc1" +# example final release of v2.11.0 +CurrentRef = "v2.11.0-rc1" +PreviousRef = "v2.10.0-rc1" BaseBranch = "master" -FutureCurrentRefName = "v2.10.0-rc1" +FutureCurrentRefName = "v2.11.0-rc1" ThresholdPreviousRef = 10 ThresholdCurrentRef = 10 diff --git a/script/gcg/traefik-rc-first.toml b/script/gcg/traefik-rc-first.toml index c7c2eab61..805c90500 100644 --- a/script/gcg/traefik-rc-first.toml +++ b/script/gcg/traefik-rc-first.toml @@ -6,7 +6,7 @@ FileName = "traefik_changelog.md" # example RC1 of v3.0.0-beta1 CurrentRef = "master" -PreviousRef = "v2.9.0-rc1" +PreviousRef = "v2.11.0-rc1" BaseBranch = "master" FutureCurrentRefName = "v3.0.0-beta1"