From be81ce244edf41c84c665585f8c75f74cf154cf2 Mon Sep 17 00:00:00 2001 From: Kevin Crawley Date: Wed, 14 Apr 2021 05:20:03 -0500 Subject: [PATCH 1/3] Error span on 5xx only --- docs/content/migration/v2.md | 8 +++++++- pkg/tracing/tracing.go | 2 +- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/docs/content/migration/v2.md b/docs/content/migration/v2.md index 84e161c93..d75e6e5c1 100644 --- a/docs/content/migration/v2.md +++ b/docs/content/migration/v2.md @@ -348,7 +348,7 @@ It is therefore necessary to update [RBAC](../reference/dynamic-configuration/ku ### Non-ASCII Domain Names -In `v2.4.8` we introduced a new check on domain names used in HTTP router rule `Host` and `HostRegexp` expressions, +In `v2.4.8`, we introduced a new check on domain names used in HTTP router rule `Host` and `HostRegexp` expressions, and in TCP router rule `HostSNI` expression. This check ensures that provided domain names don't contain non-ASCII characters. If not, an error is raised, and the associated router will be shown as invalid in the dashboard. @@ -358,3 +358,9 @@ It doesn't change the support for non-ASCII domain names in routers rules, which In order to use non-ASCII domain names in a router's rule, one should use the Punycode form of the domain name. For more information, please read the [HTTP routers rule](../routing/routers/index.md#rule) part or [TCP router rules](../routing/routers/index.md#rule_1) part of the documentation. + +## v2.4.8 to v2.4.9 + +### Tracing Span + +In `v2.4.9`, we changed span error to log only server errors (>= 500). diff --git a/pkg/tracing/tracing.go b/pkg/tracing/tracing.go index 02fab9c5d..498a26348 100644 --- a/pkg/tracing/tracing.go +++ b/pkg/tracing/tracing.go @@ -117,7 +117,7 @@ func LogRequest(span opentracing.Span, r *http.Request) { func LogResponseCode(span opentracing.Span, code int) { if span != nil { ext.HTTPStatusCode.Set(span, uint16(code)) - if code >= 400 { + if code >= http.StatusInternalServerError { ext.Error.Set(span, true) } } From 5814ba532246fdc9c3d1629af2da967944543b0b Mon Sep 17 00:00:00 2001 From: Martin Vizvary <44974124+martinvizvary@users.noreply.github.com> Date: Thu, 15 Apr 2021 18:16:04 +0200 Subject: [PATCH 2/3] Kubernetes ingress provider to search via all endpoints --- ...-port-invalid-for-one-service_endpoint.yml | 21 +++++++++++++++ ...h-port-invalid-for-one-service_ingress.yml | 15 +++++++++++ ...h-port-invalid-for-one-service_service.yml | 20 ++++++++++++++ pkg/provider/kubernetes/ingress/kubernetes.go | 6 ++++- .../kubernetes/ingress/kubernetes_test.go | 27 +++++++++++++++++++ 5 files changed, 88 insertions(+), 1 deletion(-) create mode 100644 pkg/provider/kubernetes/ingress/fixtures/Ingress-with-port-invalid-for-one-service_endpoint.yml create mode 100644 pkg/provider/kubernetes/ingress/fixtures/Ingress-with-port-invalid-for-one-service_ingress.yml create mode 100644 pkg/provider/kubernetes/ingress/fixtures/Ingress-with-port-invalid-for-one-service_service.yml diff --git a/pkg/provider/kubernetes/ingress/fixtures/Ingress-with-port-invalid-for-one-service_endpoint.yml b/pkg/provider/kubernetes/ingress/fixtures/Ingress-with-port-invalid-for-one-service_endpoint.yml new file mode 100644 index 000000000..dfe20f52d --- /dev/null +++ b/pkg/provider/kubernetes/ingress/fixtures/Ingress-with-port-invalid-for-one-service_endpoint.yml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Endpoints +metadata: + name: service1 + namespace: testing +subsets: + - addresses: + - ip: 10.0.0.1 + nodeName: admin.whoami.service1 + ports: + - name: http-admin + port: 8079 + protocol: TCP + - addresses: + - ip: 10.0.0.1 + nodeName: whoami.service1 +# targetRef: + ports: + - name: http + port: 8080 + protocol: TCP diff --git a/pkg/provider/kubernetes/ingress/fixtures/Ingress-with-port-invalid-for-one-service_ingress.yml b/pkg/provider/kubernetes/ingress/fixtures/Ingress-with-port-invalid-for-one-service_ingress.yml new file mode 100644 index 000000000..12c508feb --- /dev/null +++ b/pkg/provider/kubernetes/ingress/fixtures/Ingress-with-port-invalid-for-one-service_ingress.yml @@ -0,0 +1,15 @@ +kind: Ingress +apiVersion: networking.k8s.io/v1beta1 +metadata: + name: "" + namespace: testing + +spec: + rules: + - host: traefik.port + http: + paths: + - path: /port + backend: + serviceName: service1 + servicePort: 8080 diff --git a/pkg/provider/kubernetes/ingress/fixtures/Ingress-with-port-invalid-for-one-service_service.yml b/pkg/provider/kubernetes/ingress/fixtures/Ingress-with-port-invalid-for-one-service_service.yml new file mode 100644 index 000000000..d83acc42f --- /dev/null +++ b/pkg/provider/kubernetes/ingress/fixtures/Ingress-with-port-invalid-for-one-service_service.yml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Service +metadata: + name: service1 + namespace: testing + +spec: + ports: + - name: http + port: 8080 + protocol: TCP + targetPort: http-api + - name: http-admin + port: 8079 + protocol: TCP + targetPort: http-admin + selector: + app: foo + sessionAffinity: None + type: ClusterIP diff --git a/pkg/provider/kubernetes/ingress/kubernetes.go b/pkg/provider/kubernetes/ingress/kubernetes.go index 4c6e82e6d..d6b2ed225 100644 --- a/pkg/provider/kubernetes/ingress/kubernetes.go +++ b/pkg/provider/kubernetes/ingress/kubernetes.go @@ -539,7 +539,7 @@ func loadService(client Client, namespace string, backend networkingv1beta1.Ingr } if port == 0 { - return nil, errors.New("cannot define a port") + continue } protocol := getProtocol(portSpec, portName, svcConfig) @@ -553,6 +553,10 @@ func loadService(client Client, namespace string, backend networkingv1beta1.Ingr } } + if len(svc.LoadBalancer.Servers) == 0 { + return nil, errors.New("no valid subset found") + } + return svc, nil } diff --git a/pkg/provider/kubernetes/ingress/kubernetes_test.go b/pkg/provider/kubernetes/ingress/kubernetes_test.go index 16b7b3a61..fe8b15230 100644 --- a/pkg/provider/kubernetes/ingress/kubernetes_test.go +++ b/pkg/provider/kubernetes/ingress/kubernetes_test.go @@ -729,6 +729,33 @@ func TestLoadConfigurationFromIngresses(t *testing.T) { }, }, }, + { + desc: "Ingress with port invalid for one service", + expected: &dynamic.Configuration{ + TCP: &dynamic.TCPConfiguration{}, + HTTP: &dynamic.HTTPConfiguration{ + Middlewares: map[string]*dynamic.Middleware{}, + Routers: map[string]*dynamic.Router{ + "testing-traefik-port-port": { + Rule: "Host(`traefik.port`) && PathPrefix(`/port`)", + Service: "testing-service1-8080", + }, + }, + Services: map[string]*dynamic.Service{ + "testing-service1-8080": { + LoadBalancer: &dynamic.ServersLoadBalancer{ + PassHostHeader: Bool(true), + Servers: []dynamic.Server{ + { + URL: "http://10.0.0.1:8080", + }, + }, + }, + }, + }, + }, + }, + }, { desc: "Ingress with IPv6 endpoints", expected: &dynamic.Configuration{ From e096bf6b627a3d673c26b39823b8e38d3b249127 Mon Sep 17 00:00:00 2001 From: Tom Moulard Date: Wed, 21 Apr 2021 10:28:03 +0200 Subject: [PATCH 3/3] fix: k8s gateway api link Co-authored-by: Jean-Baptiste Doumenjou <925513+jbdoumenjou@users.noreply.github.com> --- docs/content/providers/kubernetes-gateway.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/content/providers/kubernetes-gateway.md b/docs/content/providers/kubernetes-gateway.md index 7835ad24d..7c5c37d08 100644 --- a/docs/content/providers/kubernetes-gateway.md +++ b/docs/content/providers/kubernetes-gateway.md @@ -71,7 +71,7 @@ This provider is proposed as an experimental feature and partially supports the --8<-- "content/reference/dynamic-configuration/kubernetes-gateway-rbac.yml" ``` -The Kubernetes Gateway API project provides several [guides](https://gateway-api.sigs.k8s.io/guides/) on how to use the APIs. +The Kubernetes Gateway API project provides several guides on how to use the APIs. These guides can help you to go further than the example above. The [getting started guide](https://gateway-api.sigs.k8s.io/guides/getting-started/) details how to install the CRDs from their repository.