SHA256
1
0
forked from pool/traefik

Compare commits

...

8 Commits

Author SHA256 Message Date
Dominique Leuenberger
d8887da1c7 Accepting request 1219806 from devel:kubic
- Update from 3.1.6 to 3.2.0
- Important: please read the migration guide when migrating to version 3.2.0
- Version 3.2.0 changes
  - acme
      * Remove same email requirement for certresolvers (#11019 by Emrio)
      * Add support for custom CA certificates by certificate resolver (#10816 by ldez)
      * Add 30 day certificatesDuration step (#10970 by luker983)
  - docker
      * Support HTTP BasicAuth for docker and swarm endpoint (#10776 by 985492783)
  - k8s, k8s/gatewayapi
      * Add supported features to the Gateway API GatewayClass status (#11056 by rtribotte)
      * Update sigs.k8s.io/gateway-api to v1.2.0-rc1 (#11124 by rtribotte)
      * Add support for backend protocol selection in HTTP and GRPC routes (#11051 by rtribotte)
      * Improve Kubernetes GatewayAPI TCPRoute and TLSRoute support (#11042 by rtribotte)
      * Support HTTPRoute destination port matching (#11134 by kevinpollet)
      * Bump sigs.k8s.io/gateway-api to v1.2.0-rc2 (#11131 by kevinpollet)
      * Add support for Gateway API BackendTLSPolicies (#11009 by rtribotte)
      * Support NativeLB option in GatewayAPI provider (#11147 by rtribotte)
      * Support ResponseHeaderModifier filter (#10987 by kevinpollet)
      * Support GRPC routes (#10975 by kevinpollet)
      * Bump sigs.k8s.io/gateway-api to v1.2.0 (#11167 by rtribotte)
      * Ensuring Gateway API reflected Traefik resource name unicity (#11222 by rtribotte)
      * Preserve GRPCRoute filters order (#11199 by kevinpollet)
      * Support http and https appProtocol for Kubernetes Service (#11176 by WillDaSilva)
      * Avoid updating Accepted status for routes matching no Gateways (#11170 by rtribotte)
      * Do not update gateway status when not selected by a gateway class (#11169 by kevinpollet)
      * Document nativeLBByDefault annotation on Kubernetes Gateway provider (#11209 by mloiseleur)
  - k8s/crd, k8s
      * Detail CRD update with v3.2 in the migration guide (#11164 by mloiseleur)
  - k8s/gatewayapi
      * Add missing RBAC in the migration guide (#11189 by mloiseleur)
  - k8s
      * Fix instructions for downloading CRDs of Gateway API v1.2 (#11191 by mloiseleur)
  - metrics, otel
      * Allow setting service.name for OTLP metrics (#10917 by cmartell-at-ocp)
  - middleware
      * Record trace id and EntryPoint span id into access log (#10921 by weijiany)
      * Support LogUserHeader with forwardAuth middleware (#10833 by GaleHuang)
      * Add encodings option to the compression middleware (#10943 by wollomatic)
      * Add support for ipv6 subnet in ipStrategy (#9747 by michal-kralik)
  - nomad
      * Support for watching instead of polling Nomad (#10997 by deverton-godaddy)
  - server
      * Introduce a fast proxy mode to improve HTTP/1.1 performances with backends (#11122 by kevinpollet)
      * Configurable max request header size (#10995 by lucasrod16)
  - service
      * Add mirrorBody option to HTTP mirroring (#11032 by MatteoPaier)
      * Add an option to preserve server path (#11192 by mmatur)
      * Detect and drop broken conns in the fastproxy pool (#11212 by kevinpollet)
  - Merge branch v3.1 into v3.2 (#11219 by kevinpollet)
  - Merge branch v3.1 into master (#11153 by kevinpollet)
- Version 3.1.7 changes
  - k8s
    * Preserve HTTPRoute filters order (#11198 by kevinpollet)
  - Merge branch v2.11 into v3.1

OBS-URL: https://build.opensuse.org/request/show/1219806
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/traefik?expand=0&rev=24
2024-10-31 15:10:08 +00:00
Johannes Weberhofer
0a60eaddcd Update from 3.1.6 to 3.2.0
OBS-URL: https://build.opensuse.org/package/show/devel:kubic/traefik?expand=0&rev=55
2024-10-31 08:36:11 +00:00
Ana Guerrero
58704b0808 Accepting request 1208279 from devel:kubic
OBS-URL: https://build.opensuse.org/request/show/1208279
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/traefik?expand=0&rev=23
2024-10-16 21:48:11 +00:00
f195877329 Update from 3.1.4 to 3.1.6, changes for 3.1.5. and 3.1.6
OBS-URL: https://build.opensuse.org/package/show/devel:kubic/traefik?expand=0&rev=53
2024-10-16 07:04:50 +00:00
Ana Guerrero
febe664297 Accepting request 1202895 from devel:kubic
OBS-URL: https://build.opensuse.org/request/show/1202895
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/traefik?expand=0&rev=22
2024-09-24 15:34:36 +00:00
41a9bee7a4 Update to version 3.1.4, fix CVE-2024-45410, update specfile ldflags
OBS-URL: https://build.opensuse.org/package/show/devel:kubic/traefik?expand=0&rev=51
2024-09-24 10:23:23 +00:00
Ana Guerrero
52bb3c603c Accepting request 1200844 from devel:kubic
OBS-URL: https://build.opensuse.org/request/show/1200844
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/traefik?expand=0&rev=21
2024-09-18 13:26:56 +00:00
Johannes Weberhofer
5ec7c3afa7 - Moved /etc/traefik/acme.json to /var/lib/traefik/acme.json to allow traefik
running with "ProtectSystem=full" write access to the certificate store.
  The acme.json file will be automatically moved and the configuration will be
  updated accordingly.
- Added /usr/lib/sysctl.d/90-itraefik.conf to increase UDP Buffer sizes as explained
   at https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes

OBS-URL: https://build.opensuse.org/package/show/devel:kubic/traefik?expand=0&rev=49
2024-09-13 13:00:38 +00:00
7 changed files with 171 additions and 11 deletions

9
90-traefik.conf Normal file
View File

@ -0,0 +1,9 @@
#
# Increase the maximum UDP Buffer size to prevent dropping
# incoming packaets by the kernel
#
# https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes
#
net.core.rmem_max=7500000
net.core.wmem_max=7500000

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:d8cada1d42e2fad4cbe15b75e8db21647b520ffd49dd09814cc1131c3fe02d00
size 11491439

View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:2c9a788a6207350999a49cc086e456f1287233df3000a25e1147d7b935dc99f2
size 11548319

View File

@ -1,3 +1,118 @@
-------------------------------------------------------------------
Thu Oct 31 01:26:24 UTC 2024 - Eric Torres <eric.torres@its-et.me>
- Update from 3.1.6 to 3.2.0
- Important: please read the migration guide when migrating to version 3.2.0
- Version 3.2.0 changes
- acme
* Remove same email requirement for certresolvers (#11019 by Emrio)
* Add support for custom CA certificates by certificate resolver (#10816 by ldez)
* Add 30 day certificatesDuration step (#10970 by luker983)
- docker
* Support HTTP BasicAuth for docker and swarm endpoint (#10776 by 985492783)
- k8s, k8s/gatewayapi
* Add supported features to the Gateway API GatewayClass status (#11056 by rtribotte)
* Update sigs.k8s.io/gateway-api to v1.2.0-rc1 (#11124 by rtribotte)
* Add support for backend protocol selection in HTTP and GRPC routes (#11051 by rtribotte)
* Improve Kubernetes GatewayAPI TCPRoute and TLSRoute support (#11042 by rtribotte)
* Support HTTPRoute destination port matching (#11134 by kevinpollet)
* Bump sigs.k8s.io/gateway-api to v1.2.0-rc2 (#11131 by kevinpollet)
* Add support for Gateway API BackendTLSPolicies (#11009 by rtribotte)
* Support NativeLB option in GatewayAPI provider (#11147 by rtribotte)
* Support ResponseHeaderModifier filter (#10987 by kevinpollet)
* Support GRPC routes (#10975 by kevinpollet)
* Bump sigs.k8s.io/gateway-api to v1.2.0 (#11167 by rtribotte)
* Ensuring Gateway API reflected Traefik resource name unicity (#11222 by rtribotte)
* Preserve GRPCRoute filters order (#11199 by kevinpollet)
* Support http and https appProtocol for Kubernetes Service (#11176 by WillDaSilva)
* Avoid updating Accepted status for routes matching no Gateways (#11170 by rtribotte)
* Do not update gateway status when not selected by a gateway class (#11169 by kevinpollet)
* Document nativeLBByDefault annotation on Kubernetes Gateway provider (#11209 by mloiseleur)
- k8s/crd, k8s
* Detail CRD update with v3.2 in the migration guide (#11164 by mloiseleur)
- k8s/gatewayapi
* Add missing RBAC in the migration guide (#11189 by mloiseleur)
- k8s
* Fix instructions for downloading CRDs of Gateway API v1.2 (#11191 by mloiseleur)
- metrics, otel
* Allow setting service.name for OTLP metrics (#10917 by cmartell-at-ocp)
- middleware
* Record trace id and EntryPoint span id into access log (#10921 by weijiany)
* Support LogUserHeader with forwardAuth middleware (#10833 by GaleHuang)
* Add encodings option to the compression middleware (#10943 by wollomatic)
* Add support for ipv6 subnet in ipStrategy (#9747 by michal-kralik)
- nomad
* Support for watching instead of polling Nomad (#10997 by deverton-godaddy)
- server
* Introduce a fast proxy mode to improve HTTP/1.1 performances with backends (#11122 by kevinpollet)
* Configurable max request header size (#10995 by lucasrod16)
- service
* Add mirrorBody option to HTTP mirroring (#11032 by MatteoPaier)
* Add an option to preserve server path (#11192 by mmatur)
* Detect and drop broken conns in the fastproxy pool (#11212 by kevinpollet)
- Merge branch v3.1 into v3.2 (#11219 by kevinpollet)
- Merge branch v3.1 into master (#11153 by kevinpollet)
- Version 3.1.7 changes
- k8s
* Preserve HTTPRoute filters order (#11198 by kevinpollet)
- Merge branch v2.11 into v3.1
-------------------------------------------------------------------
Wed Oct 16 03:46:25 UTC 2024 - Eric Torres <eric.torres@its-et.me>
- Update from 3.1.4 to 3.1.6
- Version 3.1.6 changes
- middleware
* Reuse compression writers (#11168 by michelheusschen)
* Use correct default weight in Accept-Encoding (#11084 by michelheusschen)
- plugins
* Close wasm middleware to prevent memory leak (#11151 by ttys3)
- Version 3.1.5 changes
- k8s, ingress
* Disable IngressClass lookup when disableClusterScopeResources is enabled (#11111 by jnoordsij)
- server
* Rework condition to not log on timeout (#11132 by rtribotte)
- Merge branch v2.11 into v3.1
-------------------------------------------------------------------
Tue Sep 24 00:25:39 UTC 2024 - Eric Torres <eric.torres@its-et.me>
- Update to version 3.1.4
- Fixes CVE-2024-45410, boo#1230842
- k8s, ingress, rules, crd
* Allow configuring rule syntax with Kubernetes Ingress annotation
* Re-allow empty configuration for Kubernetes Ingress provider
* Remove mentions about APIVersion traefik.io/v1
* Update quick-start-with-kubernetes.md to include required permissions
- middlewares, metrics
* Wrap capture for services used by pieces of middleware
* Mention missing metrics removal in the migration guide
* Guess Datadog socket type when prefix is unix
- plugins
* Removes goexport dependency and adds _initialize
- tracing
* Fix tracing documentation
* OTLP doc + potential panic
- Update ldflags to point to correct traefik version (v3 instead of v2)
-------------------------------------------------------------------
Thu Sep 12 14:50:28 UTC 2024 - Johannes Weberhofer <jweberhofer@weberhofer.at>
- Moved /etc/traefik/acme.json to /var/lib/traefik/acme.json to allow traefik
running with "ProtectSystem=full" write access to the certificate store.
The acme.json file will be automatically moved and the configuration will be
updated accordingly.
- Added /usr/lib/sysctl.d/90-itraefik.conf to increase UDP Buffer sizes as explained
at https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes
-------------------------------------------------------------------
Wed Aug 7 08:03:10 UTC 2024 - Johannes Weberhofer <jweberhofer@weberhofer.at>

View File

@ -23,7 +23,7 @@
%define buildmode pie
%endif
Name: traefik
Version: 3.1.2
Version: 3.2.0
Release: 0
Summary: The Cloud Native Application Proxy
License: MIT
@ -36,6 +36,7 @@ Source1: vendor.tar.gz
Source2: %{name}.service
Source3: %{name}.yml
Source4: %{name}-user.conf
Source5: 90-%{name}.conf
BuildRequires: go-bindata
BuildRequires: golang-packaging
BuildRequires: systemd-rpm-macros
@ -72,9 +73,9 @@ build_date=$(date -u -d @${SOURCE_DATE_EPOCH:-$(date +%%s)} +"%%Y%%m%%d")
CGO_ENABLED=1 GOGC=off go build \
-buildmode=%{buildmode} \
-mod=vendor \
-ldflags "-X github.com/traefik/traefik/v2/pkg/version.Version=%{version} \
-X github.com/traefik/traefik/v2/pkg/version.Codename='' \
-X github.com/traefik/traefik/v2/pkg/version.BuildDate=${build_date}" \
-ldflags "-X github.com/traefik/traefik/v3/pkg/version.Version=%{version} \
-X github.com/traefik/traefik/v3/pkg/version.Codename='' \
-X github.com/traefik/traefik/v3/pkg/version.BuildDate=${build_date}" \
-installsuffix nocgo \
-o traefik \
./cmd/traefik
@ -94,6 +95,13 @@ ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}
install -D -p -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/%{name}/%{name}.yml
mkdir -p %{buildroot}%{_sysconfdir}/%{name}/conf.d
# install configuration to increase UDP buffer sizes
install -D -p -m 0644 %{SOURCE5} %{buildroot}%{_prefix}/lib/sysctl.d/90-%{name}.conf
# acme storage
install -d -m 0700 %{buildroot}%{_localstatedir}/lib/%{name}
touch %{buildroot}%{_localstatedir}/lib/%{name}/acme.json
# logging
mkdir -p %{buildroot}%{_localstatedir}/log/%{name}
@ -106,6 +114,30 @@ mkdir -p %{buildroot}%{_localstatedir}/log/%{name}
# fix ownership for config and logging directory
chown -R traefik: %{_sysconfdir}/%{name} %{_localstatedir}/log/%{name}
# try to move acme.json file from old directory to new
if [ -e "%{_sysconfdir}/%{name}/acme.json" ] ; then
if [ -s "%{_sysconfdir}/%{name}/acme.json" ] ; then
if [ -s "%{_localstatedir}/lib/%{name}/acme.json" ] ; then
# if not-empty acme.json files exists on old and new location, write warning
echo "A non-empty acme.json file exists in:" 1>&2
echo "%{_sysconfdir}/%{name} and %{_localstatedir}/lib/%{name}" 1>&2
echo "Please clean up this situation and place the correct file in %{_localstatedir}/lib/%{name}" 1>&2
else
# if not-empty acme.json exists on old location and no file or empty file exists on new location
# move it to the new location
mv "%{_sysconfdir}/%{name}/acme.json" "%{_localstatedir}/lib/%{name}/acme.json"
sed -i -e 's|%{_sysconfdir}/traefik/acme.json|%{_localstatedir}/lib/traefik/acme.json|' %{_sysconfdir}/%{name}/%{name}.yml
fi
else
# remove empty acme.json file from old location
rm "%{_sysconfdir}/%{name}/acme.json"
sed -i -e 's|%{_sysconfdir}/traefik/acme.json|%{_localstatedir}/lib/traefik/acme.json|' %{_sysconfdir}/%{name}/%{name}.yml
fi
fi
# fix ownership for acme file
chown -R traefik: %{_localstatedir}/lib/%{name}/*
%preun
%service_del_preun %{name}.service
@ -121,11 +153,15 @@ chown -R traefik: %{_sysconfdir}/%{name} %{_localstatedir}/log/%{name}
%{_unitdir}/%{name}.service
%{_sbindir}/rc%{name}
%{_prefix}/lib/sysctl.d/90-%{name}.conf
%defattr(0660, traefik, traefik, 0750)
%defattr(0600, traefik, traefik, 0700)
%dir %{_sysconfdir}/%{name}
%dir %{_sysconfdir}/%{name}/conf.d
%dir %{_localstatedir}/lib/%{name}
%config(noreplace) %{_localstatedir}/lib/%{name}/acme.json
%config(noreplace) %{_sysconfdir}/%{name}/%{name}.yml
%dir %{_localstatedir}/log/%{name}

View File

@ -147,7 +147,7 @@ providers:
# letsencryptResolver:
# acme:
# email: your@email
# storage: /etc/traefik/acme.json
# storage: /var/lib/traefik/acme.json
# httpChallenge:
# entryPoint: web

View File

@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:3e0427bab18e00c659433a0650bb27731acc18f54308005fb8fb2d8181230d41
size 23188316
oid sha256:3a9271d3f426621abe70a24e3f849eb41c061d2dbb5ac9dee0191f1f2132ab87
size 25222816