Update from 3.1.4 to 3.1.6, changes for 3.1.5. and 3.1.6

OBS-URL: https://build.opensuse.org/package/show/devel:kubic/traefik?expand=0&rev=53
This commit is contained in:
Alexandre Vicenzi 2024-10-16 07:04:50 +00:00 committed by Git OBS Bridge
commit f195877329
16 changed files with 1013 additions and 0 deletions

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
.osc

9
90-traefik.conf Normal file
View File

@ -0,0 +1,9 @@
#
# Increase the maximum UDP Buffer size to prevent dropping
# incoming packaets by the kernel
#
# https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes
#
net.core.rmem_max=7500000
net.core.wmem_max=7500000

8
_service Normal file
View File

@ -0,0 +1,8 @@
<services>
<service name="download_files" mode="manual">
</service>
<service name="go_modules" mode="manual">
<param name="archive">traefik*.src.tar.gz</param>
<param name="basename">./</param>
</service>
</services>

3
traefik-user.conf Normal file
View File

@ -0,0 +1,3 @@
#Type Name ID GECOS Home directory Shell
u traefik - "HTTP reverse proxy and load balancer" /etc/traefik -
m traefik traefik

View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:4c0ac5053256bcd8d71ab311bae8505f65d802e04f59c44867de2898539de6d7
size 11531116

View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:6e9fff2f62ea01592e2530f36a7db6bb14cabd5161543d7b01faf48366a0ada8
size 11531035

View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:266091d5c477afd8814bf0a94e07e79044f8e6092b71930b09cfa3046ef67b4e
size 11490625

View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:d8cada1d42e2fad4cbe15b75e8db21647b520ffd49dd09814cc1131c3fe02d00
size 11491439

View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:ef3c05ff29ff5fa57a14c220c1eff43b2441852d6f2b8f2cc92c7faf39656254
size 11498368

View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:88cd6b1f871894bcae5e2c9eb356b13aaea815368b9c68a0ff4a466b6a05d02f
size 11485716

605
traefik.changes Normal file
View File

@ -0,0 +1,605 @@
-------------------------------------------------------------------
Wed Oct 16 03:46:25 UTC 2024 - Eric Torres <eric.torres@its-et.me>
- Update from 3.1.4 to 3.1.6
- Version 3.1.6 changes
- middleware
* Reuse compression writers (#11168 by michelheusschen)
* Use correct default weight in Accept-Encoding (#11084 by michelheusschen)
- plugins
* Close wasm middleware to prevent memory leak (#11151 by ttys3)
- Version 3.1.5 changes
- k8s, ingress
* Disable IngressClass lookup when disableClusterScopeResources is enabled (#11111 by jnoordsij)
- server
* Rework condition to not log on timeout (#11132 by rtribotte)
- Merge branch v2.11 into v3.1
-------------------------------------------------------------------
Tue Sep 24 00:25:39 UTC 2024 - Eric Torres <eric.torres@its-et.me>
- Update to version 3.1.4
- Fixes CVE-2024-45410, boo#1230842
- k8s, ingress, rules, crd
* Allow configuring rule syntax with Kubernetes Ingress annotation
* Re-allow empty configuration for Kubernetes Ingress provider
* Remove mentions about APIVersion traefik.io/v1
* Update quick-start-with-kubernetes.md to include required permissions
- middlewares, metrics
* Wrap capture for services used by pieces of middleware
* Mention missing metrics removal in the migration guide
* Guess Datadog socket type when prefix is unix
- plugins
* Removes goexport dependency and adds _initialize
- tracing
* Fix tracing documentation
* OTLP doc + potential panic
- Update ldflags to point to correct traefik version (v3 instead of v2)
-------------------------------------------------------------------
Thu Sep 12 14:50:28 UTC 2024 - Johannes Weberhofer <jweberhofer@weberhofer.at>
- Moved /etc/traefik/acme.json to /var/lib/traefik/acme.json to allow traefik
running with "ProtectSystem=full" write access to the certificate store.
The acme.json file will be automatically moved and the configuration will be
updated accordingly.
- Added /usr/lib/sysctl.d/90-itraefik.conf to increase UDP Buffer sizes as explained
at https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes
-------------------------------------------------------------------
Wed Aug 7 08:03:10 UTC 2024 - Johannes Weberhofer <jweberhofer@weberhofer.at>
- Fixed service-file: set working directory, so that the /etc/traefik/acme.json
file can be written in /etc/traefik/acme.json
- Update to version 3.1.1
- Bug fixes:
* grpc: Bump google.golang.org/grpc to v1.64.1
* k8s/gatewayapi: Do not update route status when nothing changed
* metrics
- Fix grafana dashboard to work with scrape interval greater than 15s
- Update open connections gauge with connections count
- Use ServiceName in traefik_service_server_up metric
* docker: Update to github.com/docker/docker v27.1.1
* webui: Upgrade webui dependencies - fixes boo#1224308 and CVE-2024-4068
-------------------------------------------------------------------
Wed Jul 31 16:47:51 UTC 2024 - Johannes Weberhofer <jweberhofer@weberhofer.at>
- Run traefik as traefik user, fixes boo#1227226
- Added ACME confiuration template
- Update to version 3.1.1
- Bug fixes:
* k8s/gatewayapi
- Do not update route status when nothing changed
* metrics
- Fix grafana dashboard to work with scrape interval greater than 15s
- Update open connections gauge with connections count
- Use ServiceName in traefik_service_server_up metric
- Updates
- Fix for CVE-2024-6104, boo#1227059
-------------------------------------------------------------------
Mon Jul 15 17:22:18 UTC 2024 - Johannes Weberhofer <jweberhofer@weberhofer.at>
Important: Please read the migration guide
https://doc.traefik.io/traefik/v3.1/migration/v3/#v30-to-v31
- Update to version 3.1.0
- enhancements:
* k8s/crd,k8s
- Support HealthCheck for ExternalName services
* k8s/ingress,k8s/crd,k8s
- Allow to use internal Node IPs for NodePort services
- Change log level from Warning to Info when ExternalName services
is enabled
* k8s/ingress,k8s/crd,k8s,k8s/gatewayapi
- Migrate to EndpointSlices API
* k8s,k8s/gatewayapi
- Bump Gateway API to v1.1.0
- Compute HTTPRoute priorities
- Fix route attachments to gateways
- KubernetesGateway provider is no longer experimental
- Set Gateway HTTPRoute status
- Support HTTPRoute method and query param matching
- Support HTTPURLRewrite filter
- Support invalid HTTPRoute status
- Support ReferenceGrant for HTTPRoute backends
- Support RegularExpression for path matching
* middleware
- Add support for Zstandard to the compression middleware
* middleware,k8s,k8s/gatewayapi
- Improve HTTPRoute Redirect Filter with port and scheme
- Support HTTPRoute redirect port and scheme
* middleware
- Support Content-Security-Policy-Report-Only in the headers middleware
* plugins
- Add logs for plugins load
- Enhance wasm plugins
* server
- Support systemd socket-activation
- Bug fixes:
* healthcheck,k8s/crd,k8s
- Fix Healthcheck default value for ExternalName services
* k8s,k8s/gatewayapi
- Do not disable Gateway API provider if not enabled in experimental
- Retry on Gateway API resource status update
* middleware,metrics,tracing
- Upgrade to OpenTelemetry Semantic Conventions v1.26.0
* otel
- Bump opentelemetry-go to v1.28
* plugins
- Fix build only linux and darwin support wazergo
-------------------------------------------------------------------
Thu Jul 4 08:50:50 UTC 2024 - Johannes Weberhofer <jweberhofer@weberhofer.at>
- Update to version 3.0.4
* Bug fixes:
- Fix for CVE-2024-39321 bsc#1227515
- [ecs] Fix ECS config for OIDC + IRSA (gh#traefik/traefik#10814 by mmatur)
- [http3] Disable QUIC 0-RTT (gh#traefik/traefik#10867 by mmatur)
- [middleware,server] Remove interface names from IPv6 (gh#traefik/traefik#10813 by JeroenED)
-------------------------------------------------------------------
Wed Jun 19 15:45:49 UTC 2024 - Johannes Weberhofer <jweberhofer@weberhofer.at>
- Update to version 3.0.3
* Updated libraries
- Update to version 3.0.2
* Bug fixes:
[logs] Bump OTel dependencies (#10763 by DrFaust92)
[logs] Append to log file if it exists (#10756 by lbenguigui)
[metrics] Fix service name label_replace in Grafana (#10758 by xdavidwu)
[middleware] Forward the correct status code when compression is disabled within the Brotli handler (#10780 by rtribotte)
[middleware] Support Accept-Encoding header weights with Compress middleware (#10777 by ldez)
-------------------------------------------------------------------
Wed May 29 08:20:42 UTC 2024 - Johannes Weberhofer <jweberhofer@weberhofer.at>
- Fix in traefik.yml configuration file
-------------------------------------------------------------------
Thu May 23 15:02:13 UTC 2024 - Johannes Weberhofer <jweberhofer@weberhofer.at>
- Update to version 3.0.1
* CVEs:
* CVE-2024-24788 (bsc#1224018): A malformed DNS message in response to a
query can cause the Lookup functions to get stuck in an infinite loop.
* Bug fixes:
* [k8s/ingress] Fix rule syntax version for all internal routers
(gh#traefik/traefik#10689 by HalloTschuess)
* [metrics,tracing] Allow empty configuration for OpenTelemetry metrics
and tracing (gh#traefik/traefik#10729 by rtribotte)
* [provider,tls] Bump tscert dependency to 28a91b69a046
(gh#traefik/traefik#10668 by kevinpollet)
* [rules,tcp] Fix the rule syntax mechanism for TCP
(gh#traefik/traefik#10680 by lbenguigui)
* [tls,server] Remove deadlines when handling PostgreSQL connections
(gh#traefik/traefik#10675 by rtribotte)
* [webui] Add support for IP White list
(gh#traefik/traefik#10740 by davidbaptista)
- Packaging:
* Use Traefik's src.tar.gz files containing a pre-built frontend to simplify the packaging process
* Fixes bsc#1224308 and bsc#1224384
- Removed allow-node-21.patch and prepare-sources.sh script
-------------------------------------------------------------------
Mon May 6 12:59:25 UTC 2024 - Johannes Weberhofer <jweberhofer@weberhofer.at>
- Moved configuraton from .toml to .yml config
- Update to version 3.0.0
* Announcment: https://traefik.io/blog/announcing-traefik-proxy-v3-rc/
* added support for popular, emerging technologies—WebAssembly (Wasm),
OpenTelemetry, and Kubernetes Gateway API
* revamped some key parts of the routing rules
* added support for some leading edge technologies like HTTP/3, SPIFFE, and Tailscale
* Migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/
* Details: https://github.com/traefik/traefik/releases/tag/v3.0.0
-------------------------------------------------------------------
Fri May 3 15:14:17 UTC 2024 - Johannes Weberhofer <jweberhofer@weberhofer.at>
- Added allow-node-21.patch to allow building with nodejs21, too
- Removed traefik-fix-int-overflow-with-go-generate-10452.patch
- Update to version 2.11.2
* Important
* Read the migration guide at https://doc.traefik.io/traefik/migration/v2/#v2112
* CVEs:
* GHSA-7f4j-64p6-5h5v (related to CVE-2023-45288)
* CVE-2024-28869 (bsc#1222825)
* Bug fixes:
* [server] Revert LingeringTimeout and change default value for ReadTimeout
* [server] Set default ReadTimeout value to 60s
- Update to version 2.11.1:
* Bug fixes:
* [acme,tls] Enforce handling of ACME-TLS/1 challenges
* [acme] Update go-acme/lego to v4.16.1
* [acme] Close created file in ACME local store CheckFile func
* [docker,http3] Update to quic-go v0.42.0 and docker/cli v24.0.9
* [docker,marathon,rancher,ecs,tls,nomad] Allow to configure TLSStore default generated certificate with labels
* [ecs] Adjust ECS network interface detection logi
* [logs,tls] Fix log when default TLSStore and TLSOptions are defined multiple times
* [middleware] Allow empty replacement with ReplacePathRegex middleware
* [plugins] Update Yaegi to v0.16.1
* [provider,rules] Don't allow routers higher than internal ones
* [rules] Reserve priority range for internal router
* [server,tcp] Introduce Lingering Timeout
* [tcp] Enforce failure for TCP HostSNI with hostname
* [tracing] Bump Elastic APM to v2.4.8
* [webui] Fix dashboard exposition through a router
* [webui] Display IPAllowlist middleware configuration in dashboard
* [webui] Make text more readable in dark mode
* [webui] Migrate to Quasar 2.x and Vue.js 3.x
* [webui] Add a horizontal scroll for the mobile view
-------------------------------------------------------------------
Wed Mar 6 11:13:51 UTC 2024 - Johannes Weberhofer <jweberhofer@weberhofer.at>
- Remove node_modules.sums left over by obs-service-node_modules
-------------------------------------------------------------------
Tue Mar 5 10:54:13 UTC 2024 - Johannes Weberhofer <jweberhofer@weberhofer.at>
- configuration changes:
* Enhanced default configuration file, including configs for http3 support.
* Docker configuration has been disabled per default, file provider has been enabled.
The directory for the file provider has been set to /etc/traefik/conf.d
* Prepared directories for logging in /var/log/traefik
* Enhanced default configuration file, including configs for http3 support. Settings
are disabled per default.
- packaging general:
* Use standard source-download feature, modified _service file and removed _servicedata
* packagers can invoke `prepare-sources.sh` to doenload sources and prepare go-packages
as well as node_modules for the built process.
- frontend packaging:
* The frontend will now be packaged on OBS to have reproduceable builds.
- Go packaging:
* Added upstream patch traefik-fix-int-overflow-with-go-generate-10452.patch to
allow packaging on 32bit architectures gh#traefik/traefik#10451
* Enabled CGO because there is no cross compilation needed in OSB (we build
packages for every distribution/architecture seperately). PIE can not be used
with CGO enabled for most architectures and is reported as failure sinc go 1.22.
See https://github.com/golang/go/issues/64875
* Don't use pie-buildmode for ppc64 and s390x architectures
- Update to version 2.11.0:
* Enhancements:
* [middleware] Deprecate IPWhiteList middleware in favor of IPAllowList
* [redis] Add Redis Sentinel support
* [server] Add KeepAliveMaxTime and KeepAliveMaxRequests features to entrypoints
* [sticky-session] Hash WRR sticky cookies
* Bug fixes:
* [acme] Update go-acme/lego to v4.15.0
* [authentication] Fix NTLM and Kerberos
* [file] Fix file watcher
* [file] Update github.com/fsnotify/fsnotify to v1.7.0
* [http3] Update quic-go to v0.40.1
* [middleware,tcp] Add missing TCP IPAllowList middleware constructor
* [nomad] Update the Nomad API dependency to v1.7.2
* [server] Fix ReadHeaderTimeout for PROXY protocol
* [webui] Fixes the Header Button
* [webui] Fix URL encode resource's id before calling API endpoints
-------------------------------------------------------------------
Wed Feb 21 14:21:09 UTC 2024 - Johannes Weberhofer <jweberhofer@weberhofer.at>
- Fixed packaging of UI
-------------------------------------------------------------------
Fri Dec 08 12:51:12 UTC 2023 - alexandre.vicenzi@suse.com
- Update to version 2.10.7:
* CVEs:
* CVE-2023-45283 (boo#1216943)
* CVE-2023-45284 (boo#1216944)
* CVE-2023-47124 (boo#1217806)
* CVE-2023-47633 (boo#1217807)
* CVE-2023-47106 (boo#1217804)
* GHSA-7v4p-328v-8v5g, CVE-2023-39325 (boo#1216109)
* Bug fixes:
* [accesslogs] Fix preflight response status in access logs
* [accesslogs] Move origin fields capture to service level
* [acme] Do not check for wildcard domains for non DNS challenge
* [acme] Remove backoff for http challenge (CVE-2023-47124)
* [acme] Update go-acme/lego to v4.14.0
* [consul,consulcatalog] Update github.com/hashicorp/consul/api
* [http3] Update quic-go to v0.39.1
* [k8s/crd] Fix multiple subsets endpoint
* [k8s/ingress,k8s/crd,k8s,hub] Clean code related to Hub
* [k8s/ingress,k8s] fix: avoid panic on resource backends
* [kv] Ignore ErrKeyNotFound error for the KV provider
* [logs] Fixed datadog logs json format issue
* [metrics] Enable Prometheus provider cleanup when only the router's metrics level is activated
* [middleware,authentication] Adjust forward auth to avoid connection leak
* [middleware,server] Improve CNAME flattening to avoid unnecessary error logging
* [middleware,tracing,plugins] fix: traceability of the middleware plugins
* [middleware] Allow X-Forwarded-For delete operation
* [middleware] Encode query semicolons
* [middleware] Fix stripPrefix middleware is not applied to retried attempts
* [middleware] Missing trailer with custom errors middleware
* [middleware] Support informational headers in middlewares redefining the response writer
* [plugins] Improve error messages related to plugins
* [provider] Refuse recursive requests (CVE-2023-47633)
* [server] Deny request with fragment in URL path (CVE-2023-47106)
* [server] Update x/net and grpc/grpc-go
* [tracing] Remove deprecated code usage for datadog tracer
* [tracing] Update DataDog tracing dependency to v1.50.1
* [webui] Add missing accessControlAllowOriginListRegex to middleware view
* Fix false positive in url anonymization
* Misc:
* [webui] Updates the Hub tooltip content using a web component and adds an option to disable Hub button
- Update Go version (CVE-2023-45283, CVE-2023-45284, CVE-2023-39325)
-------------------------------------------------------------------
Mon Jun 12 17:26:46 UTC 2023 - alexandre.vicenzi@suse.com
- Update to version 2.10.1:
* CVEs
* CVE-2022-41724 (bsc#1208271)
* CVE-2023-24534 (bsc#1210127)
* CVE-2023-29013 (bsc#1210505)
* Enhancements
* [docker] Expose ContainerName in Docker provider
* [hub] Remove hub configuration out of experimental
* [k8s/crd] Introduce traefik.io API Group CRDs
* [k8s/ingress,k8s/crd,k8s] Native Kubernetes service load-balancing
* [middleware,metrics] Add prometheus metric requests_total with headers
* [nomad] Support multiple namespaces in the Nomad Provider
* [tracing] Add support to send DataDog traces via Unix Socket
* [webui] Display period setting of the RateLimit middleware in the webui
* [webui] Modify the Hub Button
* Bug fixes
* [docker] Expose ContainerName in Docker provider
* [docker] Only warn about missing docker network when network_mode is not host or container
* [ecs] Prevent panicking when a container has no network interfaces
* [file] Make file provider more resilient wrt first configuration
* [hub] hub: get out of experimental.
* [k8s/crd] Introduce traefik.io API Group CRDs
* [k8s/ingress,k8s/crd,k8s] Native Kubernetes service load-balancing
* [logs] Differentiate UDP stream and TCP connection in logs
* [metrics] Include user-defined default cert for traefik_tls_certs_not_after metric
* [middleware,metrics] Add prometheus metric requests_total with headers
* [middleware] Prevent from no rate limiting when average is zero
* [middleware] Prevents superfluous WriteHeader call in the error middleware
* [middleware] Sanitize X-Forwarded-Proto header in RedirectScheme middleware
* [nomad] Fix default configuration settings for Nomad Provider
* [nomad] Fix Nomad client TLS defaults
* [nomad] Support multiple namespaces in the Nomad Provider
* [plugins] Improve DeepCopy of PluginConf
* [server] Remove User-Agent header removal from ReverseProxy director func
* [tls,tcp] Adds the support for IPv6 in the TCP HostSNI matcher
* [tracing] Add support to send DataDog traces via Unix Socket
* [server] Update golang.org/x/net to v0.7.0 (CVE-2022-41724)
- Update Go version (CVE-2023-24534, CVE-2023-29013)
-------------------------------------------------------------------
Tue Jan 17 09:48:46 UTC 2023 - alexandre.vicenzi@suse.com
- Update to version 2.9.6:
* CVEs
* CVE-2022-23469
* CVE-2022-46153
* CVE-2022-41717
* Bug fixes
* [acme] Update go-acme/lego to v4.9.1
* [k8s/crd] Support of allowEmptyServices in TraefikService
* [logs] Remove logs of the request
* [plugins] Increase the timeout on plugin download
* [server] Update golang.org/x/net (CVE-2022-41717, bsc#1207208)
* [tls] Handle broken TLS conf better
* [tracing] Update DataDog tracing dependency to v1.43.1
* [webui] Add missing serialNumber passTLSClientCert option to middleware panel
-------------------------------------------------------------------
Mon Nov 28 12:10:58 UTC 2022 - alexandre.vicenzi@suse.com
- Update to version 2.9.5:
* Enhancements
* [acme,tls] ACME Default Certificate
* [consul,etcd,zk,kv,redis] Update valkeyrie to v1.0.0
* [consulcatalog,nomad] Support Nomad canary deployment
* [consulcatalog] Move consulcatalog provider to only use health apis
* [docker] Add support for reaching containers using host networking on Podman
* [docker] Use IPv6 address
* [docker] Add allowEmptyServices for Docker provider
* [ecs] Add support for ECS Anywhere
* [healthcheck] Add a method option to the service Health Check
* [http3] Upgrade quic-go to v0.28.0
* [http] Start polling HTTP provider at the beginning
* [k8s/crd,plugins] Load plugin configuration field value from Kubernetes Secret
* [logs,tcp] Quiet down TCP RST packet error on read operation
* [metrics] Add traffic size metrics
* [middleware,pilot] Remove Pilot support
* [rules,tcp] Support ALPN for TCP + TLS routers
* [tcp,service,udp] Make the loadbalancers servers order random
* [tls] Change default TLS options for more security
* [tracing] Add Datadog GlobalTags support
* Bug fixes
* [logs,middleware] Create a new capture instance for each incoming request
* [acme] Update go-acme/lego to v4.9.0
* [kv,redis] Fix Redis configuration type
* [logs,middleware,metrics] Handle capture on redefined http.responseWriters
* [middleware,k8s] Remove raw cert escape in PassTLSClientCert middleware
* [plugins] Update Yaegi to v0.14.3
* Remove side effect on default transport tests
* [acme] Fix ACME panic
* [server] Update golang.org/x/net to latest version
* [consulcatalog] Fix UDP loadbalancer tags not being used with Consul Catalog
* [docker,rancher,ecs,provider] Simplify AddServer algorithm
* [plugins] Allow empty plugin configuration
* [rules] Fix query parameter matching with equal
* [server] Optimize websocket headers handling
* [plugins] Update Yaegi to v0.14.2
* [server] Fix IPv6 addr with square brackets
* [webui,api] Display default TLS options in the dashboard
-------------------------------------------------------------------
Wed Sep 07 10:11:41 UTC 2022 - alexandre.vicenzi@suse.com
- Update to version 2.8.4:
* Enhancements
* [consul,consulcatalog] Support multiple namespaces for Consul and ConsulCatalog providers
* [logs] Add destination address to debug log
* [middleware,provider,tls] Deprecate caOptional option in client TLS configuration
* [middleware] Support URL replacement in errors middleware
* [middleware] Allow config of additional CircuitBreaker params
* [provider] Implement Traefik provider for Nomad orchestrator
* [server] Allow HTTP/2 max concurrent stream configuration
* [tls,k8s/crd] Support certificates configuration in TLSStore CRD
* [webui,pilot,hub] Add Traefik Hub button and deprecate Pilot
* [webui,plugins] Reach the catalog of plugins from the Traefik dashboard
* Bug fixes
* [docker,docker/swarm] Fix Docker provider mem leak on operation retries
* [middleware] Fix retry middleware on panic
* [plugins] Allow Traefik starting even if plugin service is unavailable
* [marathon] Add missing context in backoff for Marathon
* [k8s/ingress,k8s] Place namespace before name in router key for Ingress
* [logs,middleware,tracing] Remove request dump from IPWhitelist debug log and tracing message
* [metrics] Control allocation and copy of labelNamesValues type
* [metrics] Fix service up gauge for Prometheus metrics
* [yaml] Add missing inline tag for YAML serialization
* [middleware,metrics] Improve performances when Prometheus metrics are enabled
* [middleware] Support forwarded websocket protocol in RedirectScheme
* [nomad] Use configured token in the Nomad client
* [metrics] Ensure Datadog client is cleanly stopped
* [healthcheck,service] Do not make multiple requests to the same URL for balancer healthcheck
* [healthcheck,service] Add log when missing path in health check
* [k8s/gatewayapi] Allow multiple listeners on same port in Gateway API provider
* [middleware] RedirectScheme redirects based on X-Forwarded-Proto header
* [rules] Fix HostRegexp and Query muxers
* [logs] Fix invalid placeholder in log message
-------------------------------------------------------------------
Tue Jun 07 08:27:42 UTC 2022 - alexandre.vicenzi@suse.com
- Update to version 2.7.0:
* Enhancements
* [consulcatalog] Watch for Consul events to rebuild the dynamic configuration
* [healthcheck] Add Failover service
* [http3] Configure advertised port using h3 server option
* [hub] Add Traefik Hub Integration
* [k8s/crd,k8s] Allow empty services in Kubernetes CRD
* [metrics] Support InfluxDB v2 metrics backend
* [plugins] Remove Pilot token setup constraint to use plugins
* [provider] Refactor configuration reload/throttling
* [rules,tcp] Add HostSNIRegexp rule matcher for TCP
* [tcp] Add muxer for TCP Routers
* [webui,pilot] Add Traefik Hub access and remove Pilot access
* [webui] Add a link to service on router detail view
* Bug fixes
* [hub] Skip Provide when TLS is nil
* [tcp] Fix TCP-TLS/HTTPS routing precedence
* [webui,hub] Use dedicated entrypoint for the tunnels
* [logs,k8s/crd] Fix log statement for ExternalName misconfig
* [tcp,service] Fix initial tcp lookup when address is not available
* [tls] Fix panic when getting certificates with non-existing store
* [acme] Fix RenewInterval computation in ACME provider
* [ecs,logs] Remove duplicate error logs
* [ecs] Filter out ECS anywhere instance IDs
* [middleware] Re-add missing writeheader call in flush
* [middleware] Fix bug for when custom page is large enough
* [middleware] Fix regexp handling in redirect middleware
* [plugins] Fix slice parsing for plugins
* [tls] Return TLS unrecognized_name error when no certificate is available
* [acme] Add domain to HTTP challenge errors
* [metrics] Fix metrics bucket key high cardinality
* [middleware,tls] Use CNAME for SNI check on host header
* [middleware,tracing] Rename Datadog span tags
* [tls] Apply the same approach as the rules system on the TLS configuration choice
-------------------------------------------------------------------
Fri Feb 04 13:37:58 UTC 2022 - alexandre.vicenzi@suse.com
- Update to version 2.6.0:
* Updated Kubernetes Gateway API provider
* Consul Enterprise support
* Consul Connect support
* Inflight request middleware for TCP routers
* HTTP/3 support (experimental)
* Added support for loading plugins directly from the filesystem (Local Plugins)
* Added ability to create Provider Plugins
* Added TCP Middleware
* Kubernetes 1.22 API changes
* Dropped support for Ingress API versions extensions/v1beta1
* Updated Traefik Proxy CRDs to use API apiextensions.k8s.io/v1
-------------------------------------------------------------------
Wed Jul 28 15:46:39 UTC 2021 - alexandre.vicenzi@suse.com
- Update to version 2.4.12:
* Get Kubernetes server version early
* Don't remove ingress config on API call failure
* Ratelimiter: use correct ttlSeconds value, and always call Set
* Check if defaultcertificate is defined in store
* Disable ExternalName Services by default on Kubernetes providers
* Fix: malformed Kubernetes resource names and references in tests
* Disable Cross-Namespace by default for IngressRoute provider
* Accesslog: support multiple values for a given header
* Ignore http 1.0 request host missing errors
* Headers Middleware: support http.CloseNotifier interface
* Detect certificates content modifications
* Update go-acme/lego to v4.4.0
* Fix: ACME preferred chain.
* Remove error when HTTProutes is empty
* Fix incorrect behaviour with multi-port endpoint subsets
* Kubernetes ingress provider to search via all endpoints
* Fix plugin unzip call on windows
* Update Yaegi to v0.9.17
* Bump paerser to v0.1.4
* Create buffered signals channel
* Fix: use defaultEntryPoints when no entryPoint is defined in a TCPRouter
* Use a dynamic buffer to handle client Hello SNI detection
* Error span on 5xx only
-------------------------------------------------------------------
Wed May 19 09:06:54 UTC 2021 - Bernhard Wiedemann <bwiedemann@suse.com>
- Allow to override build date with SOURCE_DATE_EPOCH
in order to make builds reproducible (boo#1047218)
-------------------------------------------------------------------
Thu Apr 29 10:07:36 UTC 2021 - alexandre.vicenzi@suse.com
- Update to version 2.4.8:
* Prepare release v2.4.8
* Raise errors for non-ASCII domain names in a router's rules
* Adding an option to (de)activate Pilot integration into the Traefik dashboard
* Doc: improve basic auth middleware httpasswd example
* Add missing `traefik.` prefix across sample config
* Fix travis docker image pulling for docs
* updating docs to remove a no longer needed note
* Update to gateway-api v0.2.0
* server: updating go-proxyproto with security bugfix from upstream
* Update go-acme/lego to v4.3.1
-------------------------------------------------------------------
Thu Jan 10 14:50:22 UTC 2019 - pgeorgiadis@suse.com
- Initial package release to version 1.7.7:
* Check for watched namespace before getting kubernetes objects
* Allow empty path with App-root annotation
* kubernetes: sort and uniq TLS secrets
* Skip TLS section with no secret in Kubernetes ingress

22
traefik.service Normal file
View File

@ -0,0 +1,22 @@
[Unit]
Description=Traefik
Documentation=https://doc.traefik.io/traefik/
After=network.target network-online.target
Requires=network-online.target
AssertFileIsExecutable=/usr/bin/traefik
AssertPathExists=/etc/traefik/traefik.yml
[Service]
Type=notify
ExecStart=/usr/bin/traefik --configFile=/etc/traefik/traefik.yml
User=traefik
WorkingDirectory=~
Restart=always
WatchdogSec=1s
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE
KillMode=mixed
[Install]
WantedBy=multi-user.target

168
traefik.spec Normal file
View File

@ -0,0 +1,168 @@
#
# spec file for package traefik
#
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%define project github.com/traefik/traefik
%ifarch ppc64 s390x
%define buildmode default
%else
%define buildmode pie
%endif
Name: traefik
Version: 3.1.6
Release: 0
Summary: The Cloud Native Application Proxy
License: MIT
Group: Productivity/Networking/Web/Proxy
URL: https://traefik.io/
# set the desired version in the spec-file
# download the source files and create the vendor tarball with "osc service mr"
Source0: https://github.com/traefik/traefik/releases/download/v%{version}/%{name}-v%{version}.src.tar.gz
Source1: vendor.tar.gz
Source2: %{name}.service
Source3: %{name}.yml
Source4: %{name}-user.conf
Source5: 90-%{name}.conf
BuildRequires: go-bindata
BuildRequires: golang-packaging
BuildRequires: systemd-rpm-macros
BuildRequires: sysuser-tools
BuildRequires: (golang(API) >= 1.22)
Recommends: podman
Conflicts: traefik2
Provides: group(%{name})
Provides: user(%{name})
%sysusers_requires
%{?systemd_requires}
%{go_provides}
%description
Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer
that makes deploying microservices easy. Traefik integrates with your existing
infrastructure components (Docker, Swarm mode, Kubernetes, Marathon, Consul,
Etcd, Rancher, Amazon ECS) and configures itself automatically and dynamically.
Pointing Traefik at your orchestrator should be the only configuration step you need.
%prep
%setup -q -c %{name}-%{version} -b0 -a1
%autopatch -p1
%build
%sysusers_generate_pre %{SOURCE4} %{name} %{name}-user.conf
%{goprep} %{project}
# see script/generate
go generate
build_date=$(date -u -d @${SOURCE_DATE_EPOCH:-$(date +%%s)} +"%%Y%%m%%d")
# see script/binary
CGO_ENABLED=1 GOGC=off go build \
-buildmode=%{buildmode} \
-mod=vendor \
-ldflags "-X github.com/traefik/traefik/v3/pkg/version.Version=%{version} \
-X github.com/traefik/traefik/v3/pkg/version.Codename='' \
-X github.com/traefik/traefik/v3/pkg/version.BuildDate=${build_date}" \
-installsuffix nocgo \
-o traefik \
./cmd/traefik
%install
# system user
install -D -m 0644 %{SOURCE4} %{buildroot}%{_sysusersdir}/%{name}-user.conf
install -d %{buildroot}/%{_sbindir}
install -D -p -m 0755 %{name} %{buildroot}%{_bindir}/%{name}
# service
install -D -p -m 0644 %{SOURCE2} %{buildroot}%{_unitdir}/%{name}.service
ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}
# configuration
install -D -p -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/%{name}/%{name}.yml
mkdir -p %{buildroot}%{_sysconfdir}/%{name}/conf.d
# install configuration to increase UDP buffer sizes
install -D -p -m 0644 %{SOURCE5} %{buildroot}%{_prefix}/lib/sysctl.d/90-%{name}.conf
# acme storage
install -d -m 0700 %{buildroot}%{_localstatedir}/lib/%{name}
touch %{buildroot}%{_localstatedir}/lib/%{name}/acme.json
# logging
mkdir -p %{buildroot}%{_localstatedir}/log/%{name}
%pre -f %{name}.pre
%service_add_pre %{name}.service
%post
%service_add_post %{name}.service
%{fillup_only -n %{name}}
# fix ownership for config and logging directory
chown -R traefik: %{_sysconfdir}/%{name} %{_localstatedir}/log/%{name}
# try to move acme.json file from old directory to new
if [ -e "%{_sysconfdir}/%{name}/acme.json" ] ; then
if [ -s "%{_sysconfdir}/%{name}/acme.json" ] ; then
if [ -s "%{_localstatedir}/lib/%{name}/acme.json" ] ; then
# if not-empty acme.json files exists on old and new location, write warning
echo "A non-empty acme.json file exists in:" 1>&2
echo "%{_sysconfdir}/%{name} and %{_localstatedir}/lib/%{name}" 1>&2
echo "Please clean up this situation and place the correct file in %{_localstatedir}/lib/%{name}" 1>&2
else
# if not-empty acme.json exists on old location and no file or empty file exists on new location
# move it to the new location
mv "%{_sysconfdir}/%{name}/acme.json" "%{_localstatedir}/lib/%{name}/acme.json"
sed -i -e 's|%{_sysconfdir}/traefik/acme.json|%{_localstatedir}/lib/traefik/acme.json|' %{_sysconfdir}/%{name}/%{name}.yml
fi
else
# remove empty acme.json file from old location
rm "%{_sysconfdir}/%{name}/acme.json"
sed -i -e 's|%{_sysconfdir}/traefik/acme.json|%{_localstatedir}/lib/traefik/acme.json|' %{_sysconfdir}/%{name}/%{name}.yml
fi
fi
# fix ownership for acme file
chown -R traefik: %{_localstatedir}/lib/%{name}/*
%preun
%service_del_preun %{name}.service
%postun
%service_del_postun %{name}.service
%files
%{_sysusersdir}/%{name}-user.conf
%license LICENSE.md
%doc README.md SECURITY.md CONTRIBUTING.md
%{_bindir}/%{name}
%{_unitdir}/%{name}.service
%{_sbindir}/rc%{name}
%{_prefix}/lib/sysctl.d/90-%{name}.conf
%defattr(0600, traefik, traefik, 0700)
%dir %{_sysconfdir}/%{name}
%dir %{_sysconfdir}/%{name}/conf.d
%dir %{_localstatedir}/lib/%{name}
%config(noreplace) %{_localstatedir}/lib/%{name}/acme.json
%config(noreplace) %{_sysconfdir}/%{name}/%{name}.yml
%dir %{_localstatedir}/log/%{name}
%changelog

153
traefik.yml Normal file
View File

@ -0,0 +1,153 @@
# ------------------------------------------------------------------------
# Configuration for Traefik v3
# ------------------------------------------------------------------------
# ------------------------------------------------------------------------
# Global configuration
# ------------------------------------------------------------------------
global:
checkNewVersion: false
sendAnonymousUsage: false
# ------------------------------------------------------------------------
# TLS specific configuration
# ------------------------------------------------------------------------
#tls:
# options:
# default:
# sniStrict: true
# ------------------------------------------------------------------------
# Entrypoints configuration
# https://doc.traefik.io/traefik/routing/entrypoints/
# ------------------------------------------------------------------------
entryPoints:
web:
address: ":80"
# ------------------------------------------------------------------------
# Redirect all requests incoming from http to https
# websecure/https must be enabled to be use this configuration
# https://doc.traefik.io/traefik/routing/entrypoints/#redirection
# ------------------------------------------------------------------------
#http:
# redirections:
# entryPoint:
# to: websecure
# scheme: https
# ------------------------------------------------------------------------
# Enable the https endpoint at port 443
# ------------------------------------------------------------------------
#websecure:
# address: :443
# ------------------------------------------------------------------------
# Enable the http3 and advertize it at UDP port 443
# ------------------------------------------------------------------------
#http3: {}
# ------------------------------------------------------------------------
# Traefik logs configuration
# Enabled if uncommented
# https://doc.traefik.io/traefik/observability/logs/
# ------------------------------------------------------------------------
log:
# Set traefik's log-level
# Default: ERROR
#level: DEBUG
# ------------------------------------------------------------------------
# Traefik access-log destination and format
# uncomment to enable
# https://doc.traefik.io/traefik/observability/logs/
# ------------------------------------------------------------------------
#accessLog:
# ------------------------------------------------------------------------
# Set the filepath for the traefik log-file.
# Default: os.Stdout
#filePath: /var/log/traefik/traefik.log
# ------------------------------------------------------------------------
# Write logs in the 'common' or 'json' format.
# Default: common
#format: json
# ------------------------------------------------------------------------
# API and dashboard configuration.
# Uncomment to enable
# https://doc.traefik.io/traefik/operations/api/
# ------------------------------------------------------------------------
api:
# ------------------------------------------------------------------------
# Enable the API in insecure mode
# Default: false
insecure: false
# ------------------------------------------------------------------------
# Enable the dashboard
# Default: true
dashboard: true
# ------------------------------------------------------------------------
# Ping configuration
# https://doc.traefik.io/traefik/operations/ping/
# --------------------------------------------------------------------------
ping:
# --------------------------------------------------------------------------
# Name of the related entry point
# Default: "traefik"
entryPoint: traefik
# --------------------------------------------------------------------------
# Provider configuration
# --------------------------------------------------------------------------
providers:
# ------------------------------------------------------------------------
# Docker configuration provider
# Default: disabled
# https://doc.traefik.io/traefik/providers/docker/
# ------------------------------------------------------------------------
#docker:
# ----------------------------------------------------------------------
# Docker server endpoint. Can be a tcp or a unix socket endpoint.
# Default: "unix:///var/run/docker.sock"
#endpoint: tcp://10.10.10.10:2375
# ----------------------------------------------------------------------
# defaultRule: Host(`{{ normalize .Name }}.docker.localhost`)
# ----------------------------------------------------------------------
# Expose containers by default in traefik
# Default: true
#exposedByDefault: false
# ------------------------------------------------------------------------
# File configuration provider
# Default: disabled
# https://doc.traefik.io/traefik/providers/docker/
# ------------------------------------------------------------------------
file:
# ----------------------------------------------------------------------
# Defines the path to the directory that contains the configuration files.
# Default: unset
directory: /etc/traefik/conf.d
# ----------------------------------------------------------------------
# Set the watch option to true to allow Traefik to automatically
# watch for file changes
# Default: false
watch: true
# --------------------------------------------------------------------------
# ACME Certificate Resolvers configuration
# Default: not configured
# https://doc.traefik.io/traefik/https/acme/
# --------------------------------------------------------------------------
#certificatesResolvers:
# letsencryptResolver:
# acme:
# email: your@email
# storage: /var/lib/traefik/acme.json
# httpChallenge:
# entryPoint: web

3
vendor.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:06b2c014c6d8bed9f899abc19b72d8e862a41bebd64633ae39ea46a3d8115823
size 23228454