From 6b0cb8d5b7b25e6cf40c02ca373c16edf8a63512 Mon Sep 17 00:00:00 2001 From: Dustin Kaiser <8209087+mrnicegyu11@users.noreply.github.com> Date: Wed, 14 Aug 2024 16:06:55 +0200 Subject: [PATCH] Revert traefik v3 (#742) Co-authored-by: Dustin Kaiser --- services/admin-panels/docker-compose.yml.j2 | 2 +- services/appmotion_gateway/docker-compose.yml | 4 +-- services/graylog/docker-compose.yml | 2 +- services/jaeger/docker-compose.yml | 2 +- services/minio/docker-compose.yaml.j2 | 2 +- services/monitoring/docker-compose.yml.j2 | 6 ++-- services/portainer/docker-compose.yml | 2 +- services/redis-commander/docker-compose.yml | 2 +- services/registry/docker-compose.yml | 2 +- .../simcore/docker-compose.deploy.aws.yml | 18 ++++++------ .../simcore/docker-compose.deploy.dalco.yml | 17 +++++------ .../simcore/docker-compose.deploy.local.yml | 17 +++++------ .../simcore/docker-compose.deploy.master.yml | 17 +++++------ services/simcore/docker-compose.yml | 26 ++++++++--------- services/traefik/docker-compose.aws.yml | 16 +++++------ services/traefik/docker-compose.dalco.yml | 16 +++++------ .../docker-compose.letsencrypt.http.yml | 14 +++++----- services/traefik/docker-compose.local.yml | 14 +++++----- services/traefik/docker-compose.master.yml | 18 ++++++------ services/traefik/docker-compose.public.yml | 14 +++++----- services/traefik/docker-compose.yml.j2 | 28 +++++++++---------- 21 files changed, 121 insertions(+), 118 deletions(-) diff --git a/services/admin-panels/docker-compose.yml.j2 b/services/admin-panels/docker-compose.yml.j2 index 9ada7f29..72a4588c 100644 --- a/services/admin-panels/docker-compose.yml.j2 +++ b/services/admin-panels/docker-compose.yml.j2 @@ -91,7 +91,7 @@ services: - traefik.http.routers.adminpanels.entrypoints=https - traefik.http.routers.adminpanels.priority=1 - traefik.http.routers.adminpanels.tls=true - - traefik.http.routers.adminpanels.middlewares=ops_whitelist_ips@swarm, ops_gzip@swarm + - traefik.http.routers.adminpanels.middlewares=ops_whitelist_ips@docker, ops_gzip@docker placement: constraints: - node.labels.ops==true diff --git a/services/appmotion_gateway/docker-compose.yml b/services/appmotion_gateway/docker-compose.yml index fa5fd9a3..1eb675b5 100644 --- a/services/appmotion_gateway/docker-compose.yml +++ b/services/appmotion_gateway/docker-compose.yml @@ -19,7 +19,7 @@ services: - traefik.http.routers.adminer_appmotion_gateway.entrypoints=https - traefik.http.routers.adminer_appmotion_gateway.tls=true - traefik.http.middlewares.adminer_appmotion_gateway_stripprefixregex.stripprefixregex.regex=^/adminer - - traefik.http.routers.adminer_appmotion_gateway.middlewares=ops_whitelist_ips@swarm, ops_gzip@swarm, adminer_appmotion_gateway_stripprefixregex + - traefik.http.routers.adminer_appmotion_gateway.middlewares=ops_whitelist_ips@docker, ops_gzip@docker, adminer_appmotion_gateway_stripprefixregex resources: reservations: memory: 16M @@ -80,7 +80,7 @@ services: - traefik.http.routers.appmotion_gateway.entrypoints=https - traefik.http.routers.appmotion_gateway.tls=true - traefik.http.services.appmotion_gateway.loadbalancer.server.port=80 - - traefik.http.routers.appmotion_gateway.middlewares=ops_ratelimit@swarm + - traefik.http.routers.appmotion_gateway.middlewares=ops_ratelimit@docker resources: limits: memory: 1G diff --git a/services/graylog/docker-compose.yml b/services/graylog/docker-compose.yml index 67df8c23..8cb409e2 100644 --- a/services/graylog/docker-compose.yml +++ b/services/graylog/docker-compose.yml @@ -95,7 +95,7 @@ services: - traefik.http.routers.graylog.tls=true - traefik.http.middlewares.graylog_replace_regex.replacepathregex.regex=^/graylog/?(.*)$$ - traefik.http.middlewares.graylog_replace_regex.replacepathregex.replacement=/$${1} - - traefik.http.routers.graylog.middlewares=ops_whitelist_ips@swarm, ops_gzip@swarm, graylog_replace_regex + - traefik.http.routers.graylog.middlewares=ops_whitelist_ips@docker, ops_gzip@docker, graylog_replace_regex volumes: mongo_data: diff --git a/services/jaeger/docker-compose.yml b/services/jaeger/docker-compose.yml index 26a7f84a..09ecf195 100644 --- a/services/jaeger/docker-compose.yml +++ b/services/jaeger/docker-compose.yml @@ -19,7 +19,7 @@ services: - traefik.http.routers.jaeger.rule=Host(`${MONITORING_DOMAIN}`) && PathPrefix(`/jaeger`) - traefik.http.routers.jaeger.entrypoints=https - traefik.http.routers.jaeger.tls=true - - traefik.http.routers.jaeger.middlewares=ops_whitelist_ips@swarm, ops_auth@swarm, ops_gzip@swarm + - traefik.http.routers.jaeger.middlewares=ops_whitelist_ips@docker, ops_auth@docker, ops_gzip@docker - prometheus-job=jaeger - prometheus-port=14269 resources: diff --git a/services/minio/docker-compose.yaml.j2 b/services/minio/docker-compose.yaml.j2 index 95c8b898..f7674401 100644 --- a/services/minio/docker-compose.yaml.j2 +++ b/services/minio/docker-compose.yaml.j2 @@ -46,7 +46,7 @@ services: - traefik.http.routers.minio.rule=Host(`${STORAGE_DOMAIN}`) - traefik.http.routers.minio.entrypoints=https - traefik.http.routers.minio.tls=true - - traefik.http.routers.minio.middlewares=ops_gzip@swarm + - traefik.http.routers.minio.middlewares=ops_gzip@docker command: > server {%- for i in range(num_minios|int) %} diff --git a/services/monitoring/docker-compose.yml.j2 b/services/monitoring/docker-compose.yml.j2 index 50d71dfa..59f83bd8 100644 --- a/services/monitoring/docker-compose.yml.j2 +++ b/services/monitoring/docker-compose.yml.j2 @@ -90,7 +90,7 @@ services: - traefik.http.routers.prometheuscatchall.entrypoints=https - traefik.http.routers.prometheuscatchall.tls=true - traefik.http.middlewares.prometheuscatchall_stripprefixregex.stripprefixregex.regex=^/prometheus - - traefik.http.routers.prometheuscatchall.middlewares=ops_whitelist_ips@swarm, ops_auth@swarm, ops_gzip@swarm, prometheuscatchall_stripprefixregex + - traefik.http.routers.prometheuscatchall.middlewares=ops_whitelist_ips@docker, ops_auth@docker, ops_gzip@docker, prometheuscatchall_stripprefixregex - prometheus-job=prometheuscatchall - prometheus-port=${MONITORING_PROMETHEUS_PORT} resources: @@ -136,7 +136,7 @@ services: - traefik.http.routers.prometheusfederation.entrypoints=https - traefik.http.routers.prometheusfederation.tls=true - traefik.http.middlewares.prometheusfederation_stripprefixregex.stripprefixregex.regex=^/prometheusfederation - - traefik.http.routers.prometheusfederation.middlewares=ops_whitelist_ips@swarm, ops_auth@swarm, ops_gzip@swarm, prometheusfederation_stripprefixregex + - traefik.http.routers.prometheusfederation.middlewares=ops_whitelist_ips@docker, ops_auth@docker, ops_gzip@docker, prometheusfederation_stripprefixregex - prometheus-job=prometheusfederation - prometheus-port=${MONITORING_PROMETHEUS_PORT} resources: @@ -271,7 +271,7 @@ services: - traefik.http.routers.grafana.tls=true - traefik.http.middlewares.grafana_replace_regex.replacepathregex.regex=^/grafana/?(.*)$$ - traefik.http.middlewares.grafana_replace_regex.replacepathregex.replacement=/$${1} - - traefik.http.routers.grafana.middlewares=ops_whitelist_ips@swarm, ops_gzip@swarm, grafana_replace_regex + - traefik.http.routers.grafana.middlewares=ops_whitelist_ips@docker, ops_gzip@docker, grafana_replace_regex resources: limits: memory: 256M diff --git a/services/portainer/docker-compose.yml b/services/portainer/docker-compose.yml index 8f51a424..4340de48 100644 --- a/services/portainer/docker-compose.yml +++ b/services/portainer/docker-compose.yml @@ -61,7 +61,7 @@ services: - traefik.http.routers.portainer.tls=true - traefik.http.middlewares.portainer_replace_regex.replacepathregex.regex=^/portainer/?(.*)$$ - traefik.http.middlewares.portainer_replace_regex.replacepathregex.replacement=/$${1} - - traefik.http.routers.portainer.middlewares=ops_whitelist_ips@swarm, ops_gzip@swarm, portainer_replace_regex + - traefik.http.routers.portainer.middlewares=ops_whitelist_ips@docker, ops_gzip@docker, portainer_replace_regex networks: agent_network: diff --git a/services/redis-commander/docker-compose.yml b/services/redis-commander/docker-compose.yml index b0a16b1d..a0a119d8 100644 --- a/services/redis-commander/docker-compose.yml +++ b/services/redis-commander/docker-compose.yml @@ -29,7 +29,7 @@ services: - traefik.http.routers.redis.entrypoints=https - traefik.http.routers.redis.tls=true - traefik.http.middlewares.redis_stripprefixregex.stripprefixregex.regex=^/redis - - traefik.http.routers.redis.middlewares=ops_auth@swarm, ops_gzip@swarm, ops_whitelist_ips@swarm + - traefik.http.routers.redis.middlewares=ops_auth@docker, ops_gzip@docker, ops_whitelist_ips@docker resources: limits: memory: 192M diff --git a/services/registry/docker-compose.yml b/services/registry/docker-compose.yml index 7f4092fc..ff1f6672 100644 --- a/services/registry/docker-compose.yml +++ b/services/registry/docker-compose.yml @@ -53,7 +53,7 @@ services: - traefik.http.routers.registry.entrypoints=https - traefik.http.routers.registry.tls=true - traefik.http.routers.registry.priority=10 - - traefik.http.routers.registry.middlewares=ops_gzip@swarm, ops_auth@swarm + - traefik.http.routers.registry.middlewares=ops_gzip@docker, ops_auth@docker - prometheus-job=registry - prometheus-port=5001 diff --git a/services/simcore/docker-compose.deploy.aws.yml b/services/simcore/docker-compose.deploy.aws.yml index 6c267944..946ca4fe 100644 --- a/services/simcore/docker-compose.deploy.aws.yml +++ b/services/simcore/docker-compose.deploy.aws.yml @@ -43,15 +43,17 @@ services: - "--entryPoints.simcore_api.forwardedHeaders.insecure" - "--entryPoints.traefik_monitor.address=:8080" - "--entryPoints.traefik_monitor.forwardedHeaders.insecure" - - "--providers.swarm.endpoint=unix:///var/run/docker.sock" - - "--providers.swarm.network=${SWARM_STACK_NAME}_default" # https://github.com/traefik/traefik/issues/7886 - - "--providers.swarm.refreshSeconds=1" - - "--providers.swarm.exposedByDefault=false" - - "--providers.swarm.constraints=Label(`io.simcore.zone`, `${TRAEFIK_SIMCORE_ZONE}`)" + - "--providers.docker.endpoint=unix:///var/run/docker.sock" + - "--providers.docker.network=${SWARM_STACK_NAME}_default" + - "--providers.docker.swarmMode=true" + # https://github.com/traefik/traefik/issues/7886 + - "--providers.docker.swarmModeRefreshSeconds=1" + - "--providers.docker.exposedByDefault=false" + - "--providers.docker.constraints=Label(`io.simcore.zone`, `${TRAEFIK_SIMCORE_ZONE}`)" - "--tracing=true" - - "--tracing.addinternals" - - "--tracing.otlp=true" - - "--tracing.otlp.http=true" + - "--tracing.jaeger=true" + - "--tracing.jaeger.samplingServerURL=http://jaeger:5778/sampling" + - "--tracing.jaeger.localAgentHostPort=jaeger:6831" deploy: resources: limits: diff --git a/services/simcore/docker-compose.deploy.dalco.yml b/services/simcore/docker-compose.deploy.dalco.yml index e1ac6cf5..c618b9ce 100644 --- a/services/simcore/docker-compose.deploy.dalco.yml +++ b/services/simcore/docker-compose.deploy.dalco.yml @@ -41,16 +41,17 @@ services: - "--entryPoints.simcore_api.forwardedHeaders.insecure" - "--entryPoints.traefik_monitor.address=:8080" - "--entryPoints.traefik_monitor.forwardedHeaders.insecure" - - "--providers.swarm.endpoint=unix:///var/run/docker.sock" - - "--providers.swarm.network=${SWARM_STACK_NAME}_default" + - "--providers.docker.endpoint=unix:///var/run/docker.sock" + - "--providers.docker.network=${SWARM_STACK_NAME}_default" + - "--providers.docker.swarmMode=true" # https://github.com/traefik/traefik/issues/7886 - - "--providers.swarm.refreshSeconds=1" - - "--providers.swarm.exposedByDefault=false" - - "--providers.swarm.constraints=Label(`io.simcore.zone`, `${TRAEFIK_SIMCORE_ZONE}`)" + - "--providers.docker.swarmModeRefreshSeconds=1" + - "--providers.docker.exposedByDefault=false" + - "--providers.docker.constraints=Label(`io.simcore.zone`, `${TRAEFIK_SIMCORE_ZONE}`)" - "--tracing=true" - - "--tracing.addinternals" - - "--tracing.otlp=true" - - "--tracing.otlp.http=true" + - "--tracing.jaeger=true" + - "--tracing.jaeger.samplingServerURL=http://jaeger:5778/sampling" + - "--tracing.jaeger.localAgentHostPort=jaeger:6831" deploy: resources: limits: diff --git a/services/simcore/docker-compose.deploy.local.yml b/services/simcore/docker-compose.deploy.local.yml index 40dea112..54c36642 100644 --- a/services/simcore/docker-compose.deploy.local.yml +++ b/services/simcore/docker-compose.deploy.local.yml @@ -94,16 +94,17 @@ services: - "--entryPoints.simcore_api.forwardedHeaders.insecure" - "--entryPoints.traefik_monitor.address=:8080" - "--entryPoints.traefik_monitor.forwardedHeaders.insecure" - - "--providers.swarm.endpoint=unix:///var/run/docker.sock" - - "--providers.swarm.network=${SWARM_STACK_NAME}_default" + - "--providers.docker.endpoint=unix:///var/run/docker.sock" + - "--providers.docker.network=${SWARM_STACK_NAME}_default" + - "--providers.docker.swarmMode=true" # https://github.com/traefik/traefik/issues/7886 - - "--providers.swarm.refreshSeconds=1" - - "--providers.swarm.exposedByDefault=false" - - "--providers.swarm.constraints=Label(`io.simcore.zone`, `${TRAEFIK_SIMCORE_ZONE}`)" + - "--providers.docker.swarmModeRefreshSeconds=1" + - "--providers.docker.exposedByDefault=false" + - "--providers.docker.constraints=Label(`io.simcore.zone`, `${TRAEFIK_SIMCORE_ZONE}`)" - "--tracing=true" - - "--tracing.addinternals" - - "--tracing.otlp=true" - - "--tracing.otlp.http=true" + - "--tracing.jaeger=true" + - "--tracing.jaeger.samplingServerURL=http://jaeger:5778/sampling" + - "--tracing.jaeger.localAgentHostPort=jaeger:6831" deploy: labels: # oSparc postgres diff --git a/services/simcore/docker-compose.deploy.master.yml b/services/simcore/docker-compose.deploy.master.yml index e9111e4e..e94c5426 100644 --- a/services/simcore/docker-compose.deploy.master.yml +++ b/services/simcore/docker-compose.deploy.master.yml @@ -36,16 +36,17 @@ services: - "--entryPoints.simcore_api.forwardedHeaders.insecure" - "--entryPoints.traefik_monitor.address=:8080" - "--entryPoints.traefik_monitor.forwardedHeaders.insecure" - - "--providers.swarm.endpoint=unix:///var/run/docker.sock" - - "--providers.swarm.network=${SWARM_STACK_NAME}_default" + - "--providers.docker.endpoint=unix:///var/run/docker.sock" + - "--providers.docker.network=${SWARM_STACK_NAME}_default" + - "--providers.docker.swarmMode=true" # https://github.com/traefik/traefik/issues/7886 - - "--providers.swarm.refreshSeconds=1" - - "--providers.swarm.exposedByDefault=false" - - "--providers.swarm.constraints=Label(`io.simcore.zone`, `${TRAEFIK_SIMCORE_ZONE}`)" + - "--providers.docker.swarmModeRefreshSeconds=1" + - "--providers.docker.exposedByDefault=false" + - "--providers.docker.constraints=Label(`io.simcore.zone`, `${TRAEFIK_SIMCORE_ZONE}`)" - "--tracing=true" - - "--tracing.addinternals" - - "--tracing.otlp=true" - - "--tracing.otlp.http=true" + - "--tracing.jaeger=true" + - "--tracing.jaeger.samplingServerURL=http://jaeger:5778/sampling" + - "--tracing.jaeger.localAgentHostPort=jaeger:6831" deploy: resources: limits: diff --git a/services/simcore/docker-compose.yml b/services/simcore/docker-compose.yml index c248a1de..059545e8 100644 --- a/services/simcore/docker-compose.yml +++ b/services/simcore/docker-compose.yml @@ -90,7 +90,7 @@ services: replicas: 2 labels: # NOTE: apiserver does not need sslheader since there is no socket.io - - traefik.http.routers.${SWARM_STACK_NAME}_api-server.middlewares=${SWARM_STACK_NAME}_gzip@swarm + - traefik.http.routers.${SWARM_STACK_NAME}_api-server.middlewares=${SWARM_STACK_NAME}_gzip@docker - traefik.http.routers.${SWARM_STACK_NAME}_apiserver_swagger.service=${SWARM_STACK_NAME}_api-server - traefik.http.routers.${SWARM_STACK_NAME}_apiserver_swagger.rule=PathPrefix(`/dev/`) - traefik.http.routers.${SWARM_STACK_NAME}_apiserver_swagger.entrypoints=simcore_api @@ -149,12 +149,12 @@ services: labels: # Handle freshping service and route it to the faster static webserver. - traefik.http.middlewares.${SWARM_STACK_NAME}_static_webserver_prefix.addprefix.prefix=/osparc - - traefik.http.routers.${SWARM_STACK_NAME}_static_webserver_freshping.rule=HeaderRegexp(`User-Agent`, `.*(FreshpingBot).*`) + - traefik.http.routers.${SWARM_STACK_NAME}_static_webserver_freshping.rule=HeadersRegexp(`User-Agent`, `.*(FreshpingBot).*`) - traefik.http.routers.${SWARM_STACK_NAME}_static_webserver_freshping.service=${SWARM_STACK_NAME}_static_webserver_freshping - traefik.http.services.${SWARM_STACK_NAME}_static_webserver_freshping.loadbalancer.server.port=8000 - traefik.http.routers.${SWARM_STACK_NAME}_static_webserver_freshping.entrypoints=http - traefik.http.routers.${SWARM_STACK_NAME}_static_webserver_freshping.priority=10 # High number means high priority - - traefik.http.routers.${SWARM_STACK_NAME}_static_webserver_freshping.middlewares=${SWARM_STACK_NAME}_gzip@swarm,${SWARM_STACK_NAME}_static_webserver_retry,${SWARM_STACK_NAME}_static_webserver_prefix + - traefik.http.routers.${SWARM_STACK_NAME}_static_webserver_freshping.middlewares=${SWARM_STACK_NAME}_gzip@docker,${SWARM_STACK_NAME}_static_webserver_retry,${SWARM_STACK_NAME}_static_webserver_prefix update_config: parallelism: 2 order: start-first @@ -224,9 +224,9 @@ services: # NOTE: traefik does not like - in the sslheader middleware, so we override it here # NOTE: in deploy mode with SSL they must be set to https! - traefik.http.middlewares.${SWARM_STACK_NAME_NO_HYPHEN}_sslheader.headers.customrequestheaders.X-Forwarded-Proto=https - - traefik.http.routers.${SWARM_STACK_NAME}_webserver.middlewares=${SWARM_STACK_NAME}_gzip@swarm, ${SWARM_STACK_NAME_NO_HYPHEN}_sslheader + - traefik.http.routers.${SWARM_STACK_NAME}_webserver.middlewares=${SWARM_STACK_NAME}_gzip@docker, ${SWARM_STACK_NAME_NO_HYPHEN}_sslheader - traefik.http.routers.${SWARM_STACK_NAME}_webserver_swagger.service=${SWARM_STACK_NAME}_webserver - - traefik.http.routers.${SWARM_STACK_NAME}_webserver_swagger.middlewares=${SWARM_STACK_NAME}_gzip@swarm, ${SWARM_STACK_NAME_NO_HYPHEN}_sslheader + - traefik.http.routers.${SWARM_STACK_NAME}_webserver_swagger.middlewares=${SWARM_STACK_NAME}_gzip@docker, ${SWARM_STACK_NAME_NO_HYPHEN}_sslheader - traefik.http.routers.${SWARM_STACK_NAME}_webserver_swagger.rule=hostregexp(`{host:.+}`) && PathPrefix(`/dev/`) - traefik.http.routers.${SWARM_STACK_NAME}_webserver_swagger.entrypoints=http - traefik.http.routers.${SWARM_STACK_NAME}_webserver_swagger.priority=2 @@ -500,7 +500,7 @@ services: - traefik.http.routers.${PREFIX_STACK_NAME}_dask_scheduler.tls=true - traefik.http.middlewares.${PREFIX_STACK_NAME}_dask_scheduler_replace_regex.replacepathregex.regex=^/${PREFIX_STACK_NAME}_dask/(.*)$$ - traefik.http.middlewares.${PREFIX_STACK_NAME}_dask_scheduler_replace_regex.replacepathregex.replacement=/$${1} - - traefik.http.routers.${PREFIX_STACK_NAME}_dask_scheduler.middlewares=${PREFIX_STACK_NAME}_dask_scheduler_replace_regex@swarm, ops_gzip@swarm, ops_auth@swarm + - traefik.http.routers.${PREFIX_STACK_NAME}_dask_scheduler.middlewares=${PREFIX_STACK_NAME}_dask_scheduler_replace_regex@docker, ops_gzip@docker, ops_auth@docker resources: limits: memory: 512M @@ -586,7 +586,7 @@ services: - traefik.http.routers.${PREFIX_STACK_NAME}_rabbit.tls=true - traefik.http.middlewares.${PREFIX_STACK_NAME}_rabbit_replace_regex.replacepathregex.regex=^/${PREFIX_STACK_NAME}_rabbit/(.*)$$ - traefik.http.middlewares.${PREFIX_STACK_NAME}_rabbit_replace_regex.replacepathregex.replacement=/$${1} - - traefik.http.routers.${PREFIX_STACK_NAME}_rabbit.middlewares=${PREFIX_STACK_NAME}_rabbit_replace_regex@swarm, ops_gzip@swarm + - traefik.http.routers.${PREFIX_STACK_NAME}_rabbit.middlewares=${PREFIX_STACK_NAME}_rabbit_replace_regex@docker, ops_gzip@docker update_config: parallelism: 2 order: start-first @@ -716,7 +716,7 @@ services: - traefik.http.services.${SWARM_STACK_NAME}_simcore_http.loadbalancer.server.port=80 - traefik.http.routers.${SWARM_STACK_NAME}_simcore_http.entrypoints=https - traefik.http.routers.${SWARM_STACK_NAME}_simcore_http.tls=true - - traefik.http.routers.${SWARM_STACK_NAME}_simcore_http.middlewares=ops_gzip@swarm, ops_sslheader@swarm, ops_ratelimit@swarm + - traefik.http.routers.${SWARM_STACK_NAME}_simcore_http.middlewares=ops_gzip@docker, ops_sslheader@docker, ops_ratelimit@docker - traefik.http.routers.${SWARM_STACK_NAME}_simcore_http.service=${SWARM_STACK_NAME}_simcore_http - traefik.http.routers.${SWARM_STACK_NAME}_simcore_http.rule=((${DEPLOYMENT_FQDNS_CAPTURE_TRAEFIK_RULE_CATCHALL}) && PathPrefix(`/`)) || ( (PathPrefix(`/dashboard`) || PathPrefix(`/api`) ) && Host(`traefikdashboard.${MACHINE_FQDN}`)) - traefik.http.routers.${SWARM_STACK_NAME}_simcore_http.priority=1 # Lowest possible priority, maintenance page takes priority "2" (higher, maintenance page has precedent) if it is up @@ -725,7 +725,7 @@ services: - traefik.http.routers.${SWARM_STACK_NAME}_simcore_api.entrypoints=https - traefik.http.services.${SWARM_STACK_NAME}_simcore_api.loadbalancer.server.port=10081 - traefik.http.routers.${SWARM_STACK_NAME}_simcore_api.tls=true - - traefik.http.routers.${SWARM_STACK_NAME}_simcore_api.middlewares=ops_gzip@swarm, ops_ratelimit@swarm + - traefik.http.routers.${SWARM_STACK_NAME}_simcore_api.middlewares=ops_gzip@docker, ops_ratelimit@docker - traefik.http.routers.${SWARM_STACK_NAME}_simcore_api.service=${SWARM_STACK_NAME}_simcore_api # oSparc non rate limited webAPI for testing - traefik.http.services.${SWARM_STACK_NAME}_testing_simcore_http.loadbalancer.server.port=80 @@ -733,14 +733,14 @@ services: - traefik.http.routers.${SWARM_STACK_NAME}_testing_simcore_http.rule=(${DEPLOYMENT_FQDNS_TESTING_CAPTURE_TRAEFIK_RULE}) - traefik.http.routers.${SWARM_STACK_NAME}_testing_simcore_http.entrypoints=https - traefik.http.routers.${SWARM_STACK_NAME}_testing_simcore_http.tls=true - - traefik.http.routers.${SWARM_STACK_NAME}_testing_simcore_http.middlewares=ops_gzip@swarm, ops_sslheader@swarm, ops_auth@swarm, ops_whitelist_ips@swarm + - traefik.http.routers.${SWARM_STACK_NAME}_testing_simcore_http.middlewares=ops_gzip@docker, ops_sslheader@docker, ops_auth@docker, ops_whitelist_ips@docker # oSparc non rate limited publicAPI for testing - traefik.http.services.${SWARM_STACK_NAME}_testing_simcore_api.loadbalancer.server.port=10081 - traefik.http.routers.${SWARM_STACK_NAME}_testing_simcore_api.service=${SWARM_STACK_NAME}_testing_simcore_api - traefik.http.routers.${SWARM_STACK_NAME}_testing_simcore_api.rule=(${DEPLOYMENT_API_DOMAIN_TESTING_CAPTURE_TRAEFIK_RULE}) - traefik.http.routers.${SWARM_STACK_NAME}_testing_simcore_api.entrypoints=https - traefik.http.routers.${SWARM_STACK_NAME}_testing_simcore_api.tls=true - - traefik.http.routers.${SWARM_STACK_NAME}_testing_simcore_api.middlewares=ops_gzip@swarm, ops_sslheader@swarm, ops_auth@swarm, ops_whitelist_ips@swarm + - traefik.http.routers.${SWARM_STACK_NAME}_testing_simcore_api.middlewares=ops_gzip@docker, ops_sslheader@docker, ops_auth@docker, ops_whitelist_ips@docker update_config: parallelism: 2 order: start-first @@ -779,7 +779,7 @@ services: - traefik.http.routers.${SWARM_STACK_NAME}_traefik_api.rule=(PathPrefix(`/dashboard`) || PathPrefix(`/api`) ) && Host(`traefikdashboard.${MACHINE_FQDN}`) - traefik.http.routers.${SWARM_STACK_NAME}_traefik_api.entrypoints=http - traefik.http.routers.${SWARM_STACK_NAME}_traefik_api.priority=2 - - traefik.http.routers.${SWARM_STACK_NAME}_traefik_api.middlewares=${SWARM_STACK_NAME}_auth@swarm, ${SWARM_STACK_NAME}_whitelist_ips@swarm + - traefik.http.routers.${SWARM_STACK_NAME}_traefik_api.middlewares=${SWARM_STACK_NAME}_auth@docker, ${SWARM_STACK_NAME}_whitelist_ips@docker - traefik.http.services.${SWARM_STACK_NAME}_traefik_api.loadbalancer.server.port=8080 # Middlewares # basic authentication @@ -823,7 +823,7 @@ services: - traefik.http.routers.${SWARM_STACK_NAME}_whoami.rule=hostregexp(`{host:.+}`) && PathPrefix(`/whoami`) - traefik.http.routers.${SWARM_STACK_NAME}_whoami.entrypoints=http - traefik.http.routers.${SWARM_STACK_NAME}_whoami.priority=2 - - traefik.http.routers.${SWARM_STACK_NAME}_whoami.middlewares=${SWARM_STACK_NAME}_auth@swarm,${SWARM_STACK_NAME}_gzip@swarm + - traefik.http.routers.${SWARM_STACK_NAME}_whoami.middlewares=${SWARM_STACK_NAME}_auth@docker,${SWARM_STACK_NAME}_gzip@docker update_config: parallelism: 2 order: start-first diff --git a/services/traefik/docker-compose.aws.yml b/services/traefik/docker-compose.aws.yml index 3c06e45d..05152a69 100644 --- a/services/traefik/docker-compose.aws.yml +++ b/services/traefik/docker-compose.aws.yml @@ -5,7 +5,7 @@ services: - "--api=true" - "--api.dashboard=true" - "--log.level=${OPS_TRAEFIK_LOGLEVEL}" - - "--accesslog=false" + - "--accesslog=true" - "--metrics.prometheus=true" - "--metrics.prometheus.addEntryPointsLabels=true" - "--metrics.prometheus.addServicesLabels=true" @@ -20,14 +20,14 @@ services: - "--entryPoints.https.transport.respondingTimeouts.writeTimeout=21600s" #6h, for https://github.com/traefik/traefik/issues/10805 - "--entryPoints.https.transport.respondingTimeouts.readTimeout=21600s" #6h, for https://github.com/traefik/traefik/issues/10805 - "--entryPoints.smtp.address=:25" - - "--providers.swarm.endpoint=unix:///var/run/docker.sock" - - "--providers.swarm.exposedByDefault=false" - - "--core.defaultRuleSyntax=v2" + - "--providers.docker.endpoint=unix:///var/run/docker.sock" + - "--providers.docker.swarmMode=true" + - "--providers.docker.exposedByDefault=false" - "--tracing=true" - - "--tracing.addinternals" - - "--tracing.otlp=true" - - "--tracing.otlp.http=true" - - "--providers.swarm.constraints=!LabelRegex(`io.simcore.zone`, `.+`)" + - "--tracing.jaeger=true" + - "--tracing.jaeger.samplingServerURL=http://jaeger:5778/sampling" + - "--tracing.jaeger.localAgentHostPort=jaeger:6831" + - "--providers.docker.constraints=!LabelRegex(`io.simcore.zone`, `.+`)" - "--entryPoints.https.forwardedHeaders.insecure" - "--providers.file.directory=/etc/traefik/" - "--providers.file.watch=true" diff --git a/services/traefik/docker-compose.dalco.yml b/services/traefik/docker-compose.dalco.yml index 6105a68f..02bf6650 100644 --- a/services/traefik/docker-compose.dalco.yml +++ b/services/traefik/docker-compose.dalco.yml @@ -5,7 +5,7 @@ services: - "--api=true" - "--api.dashboard=true" - "--log.level=${OPS_TRAEFIK_LOGLEVEL}" - - '--accesslog=false' + # - '--accesslog=true' - "--metrics.prometheus=true" - "--metrics.prometheus.addEntryPointsLabels=true" - "--metrics.prometheus.addServicesLabels=true" @@ -22,14 +22,14 @@ services: - "--entryPoints.smtp.address=:25" - "--entryPoints.production_postgres.address=:5432" - "--entryPoints.staging_postgres.address=:5433" - - "--providers.swarm.endpoint=unix:///var/run/docker.sock" - - "--providers.swarm.exposedByDefault=false" - - "--core.defaultRuleSyntax=v2" + - "--providers.docker.endpoint=unix:///var/run/docker.sock" + - "--providers.docker.swarmMode=true" + - "--providers.docker.exposedByDefault=false" - "--tracing=true" - - "--tracing.addinternals" - - "--tracing.otlp=true" - - "--tracing.otlp.http=true" - - "--providers.swarm.constraints=!LabelRegex(`io.simcore.zone`, `.+`)" + - "--tracing.jaeger=true" + - "--tracing.jaeger.samplingServerURL=http://jaeger:5778/sampling" + - "--tracing.jaeger.localAgentHostPort=jaeger:6831" + - "--providers.docker.constraints=!LabelRegex(`io.simcore.zone`, `.+`)" - "--entryPoints.https.forwardedHeaders.insecure" - "--providers.file.directory=/etc/traefik/" - "--providers.file.watch=true" diff --git a/services/traefik/docker-compose.letsencrypt.http.yml b/services/traefik/docker-compose.letsencrypt.http.yml index b580a1f9..e1472c11 100644 --- a/services/traefik/docker-compose.letsencrypt.http.yml +++ b/services/traefik/docker-compose.letsencrypt.http.yml @@ -16,14 +16,14 @@ services: - "--entryPoints.http.transport.respondingTimeouts.writeTimeout=21600s" #6h, for https://github.com/traefik/traefik/issues/10805 - "--entryPoints.http.transport.respondingTimeouts.readTimeout=21600s" #6h, for https://github.com/traefik/traefik/issues/10805 - "--entryPoints.https.address=:443" - - "--providers.swarm.endpoint=unix:///var/run/docker.sock" - - "--providers.swarm.exposedByDefault=false" - - "--providers.swarm.constraints=!LabelRegex(`io.simcore.zone`, `.+`)" - - "--core.defaultRuleSyntax=v2" + - "--providers.docker.endpoint=unix:///var/run/docker.sock" + - "--providers.docker.swarmMode=true" + - "--providers.docker.exposedByDefault=false" + - "--providers.docker.constraints=!LabelRegex(`io.simcore.zone`, `.+`)" - "--tracing=true" - - "--tracing.addinternals" - - "--tracing.otlp=true" - - "--tracing.otlp.http=true" + - "--tracing.jaeger=true" + - "--tracing.jaeger.samplingServerURL=http://jaeger:5778/sampling" + - "--tracing.jaeger.localAgentHostPort=jaeger:6831" - "--certificatesresolvers.lehttpchallenge.acme.httpchallenge=true" - "--certificatesresolvers.lehttpchallenge.acme.httpchallenge.entrypoint=http" - "--certificatesresolvers.lehttpchallenge.acme.email=${OSPARC_DEVOPS_MAIL_ADRESS}" diff --git a/services/traefik/docker-compose.local.yml b/services/traefik/docker-compose.local.yml index bbf011f0..4b70739b 100644 --- a/services/traefik/docker-compose.local.yml +++ b/services/traefik/docker-compose.local.yml @@ -26,14 +26,14 @@ services: - "--entryPoints.https.transport.respondingTimeouts.writeTimeout=21600s" #6h, for https://github.com/traefik/traefik/issues/10805 - "--entryPoints.https.transport.respondingTimeouts.readTimeout=21600s" #6h, for https://github.com/traefik/traefik/issues/10805 - "--entryPoints.master_postgres.address=:5432" - - "--providers.swarm.endpoint=unix:///var/run/docker.sock" - - "--providers.swarm.exposedByDefault=false" - - "--providers.swarm.constraints=!LabelRegex(`io.simcore.zone`, `${TRAEFIK_SIMCORE_ZONE}`)" - - "--core.defaultRuleSyntax=v2" + - "--providers.docker.endpoint=unix:///var/run/docker.sock" + - "--providers.docker.swarmMode=true" + - "--providers.docker.exposedByDefault=false" + - "--providers.docker.constraints=!LabelRegex(`io.simcore.zone`, `${TRAEFIK_SIMCORE_ZONE}`)" - "--tracing=true" - - "--tracing.addinternals" - - "--tracing.otlp=true" - - "--tracing.otlp.http=true" + - "--tracing.jaeger=true" + - "--tracing.jaeger.samplingServerURL=http://jaeger:5778/sampling" + - "--tracing.jaeger.localAgentHostPort=jaeger:6831" - "--providers.file.directory=/etc/traefik/" - "--providers.file.watch=true" networks: diff --git a/services/traefik/docker-compose.master.yml b/services/traefik/docker-compose.master.yml index 4ecd4de9..aa032ba9 100644 --- a/services/traefik/docker-compose.master.yml +++ b/services/traefik/docker-compose.master.yml @@ -5,7 +5,7 @@ services: - '--api=true' - '--api.dashboard=true' - '--log.level=${OPS_TRAEFIK_LOGLEVEL}' - - '--accesslog=false' + # - '--accesslog=true' - '--metrics.prometheus=true' - '--metrics.prometheus.addEntryPointsLabels=true' - '--metrics.prometheus.addServicesLabels=true' @@ -21,14 +21,14 @@ services: - "--entryPoints.https.transport.respondingTimeouts.readTimeout=21600s" #6h, for https://github.com/traefik/traefik/issues/10805 - '--entryPoints.master_postgres.address=:5432' - '--entryPoints.smtp.address=:25' - - '--providers.swarm.endpoint=unix:///var/run/docker.sock' - - '--providers.swarm.exposedByDefault=false' - - "--core.defaultRuleSyntax=v2" - - "--tracing=true" - - "--tracing.addinternals" - - "--tracing.otlp=true" - - "--tracing.otlp.http=true" - - '--providers.swarm.constraints=!LabelRegex(`io.simcore.zone`, `.+`)' + - '--providers.docker.endpoint=unix:///var/run/docker.sock' + - '--providers.docker.swarmMode=true' + - '--providers.docker.exposedByDefault=false' + - '--tracing=true' + - '--tracing.jaeger=true' + - '--tracing.jaeger.samplingServerURL=http://jaeger:5778/sampling' + - '--tracing.jaeger.localAgentHostPort=jaeger:6831' + - '--providers.docker.constraints=!LabelRegex(`io.simcore.zone`, `.+`)' - '--entryPoints.https.forwardedHeaders.insecure' - '--providers.file.directory=/etc/traefik/' - '--providers.file.watch=true' diff --git a/services/traefik/docker-compose.public.yml b/services/traefik/docker-compose.public.yml index 16335402..4f06737c 100644 --- a/services/traefik/docker-compose.public.yml +++ b/services/traefik/docker-compose.public.yml @@ -22,14 +22,14 @@ services: - "--entryPoints.https.transport.respondingTimeouts.writeTimeout=21600s" #6h, for https://github.com/traefik/traefik/issues/10805 - "--entryPoints.https.transport.respondingTimeouts.readTimeout=21600s" #6h, for https://github.com/traefik/traefik/issues/10805 - "--entryPoints.smtp.address=:25" - - "--providers.swarm.endpoint=unix:///var/run/docker.sock" - - "--providers.swarm.exposedByDefault=false" - - "--core.defaultRuleSyntax=v2" + - "--providers.docker.endpoint=unix:///var/run/docker.sock" + - "--providers.docker.swarmMode=true" + - "--providers.docker.exposedByDefault=false" - "--tracing=true" - - "--tracing.addinternals" - - "--tracing.otlp=true" - - "--tracing.otlp.http=true" - - "--providers.swarm.constraints=!LabelRegex(`io.simcore.zone`, `.+`)" + - "--tracing.jaeger=true" + - "--tracing.jaeger.samplingServerURL=http://jaeger:5778/sampling" + - "--tracing.jaeger.localAgentHostPort=jaeger:6831" + - "--providers.docker.constraints=!LabelRegex(`io.simcore.zone`, `.+`)" - "--entryPoints.https.forwardedHeaders.insecure" - "--providers.file.directory=/etc/traefik/" - "--providers.file.watch=true" diff --git a/services/traefik/docker-compose.yml.j2 b/services/traefik/docker-compose.yml.j2 index b6f6e120..4d11f722 100644 --- a/services/traefik/docker-compose.yml.j2 +++ b/services/traefik/docker-compose.yml.j2 @@ -2,7 +2,7 @@ version: "3.7" services: traefik: - image: "traefik:v3.1.2@sha256:ec1a82940b8e00eaeef33fb4113aa1d1573b2ebb6440e10c023743fe96f08475" + image: traefik:v2.10.4 init: true command: - "--api=true" @@ -21,18 +21,16 @@ services: - '--entryPoints.postgres.address=:5432' - '--entryPoints.postgres2.address=:5433' - "--entryPoints.https.address=:443" - - "--entryPoints.https.transport.respondingTimeouts.idleTimeout=21600s" #6h, for https://github.com/traefik/traefik/issues/10805 - - "--entryPoints.https.transport.respondingTimeouts.writeTimeout=21600s" #6h, for https://github.com/traefik/traefik/issues/10805 - - "--entryPoints.https.transport.respondingTimeouts.readTimeout=21600s" #6h, for https://github.com/traefik/traefik/issues/10805 - - "--providers.swarm.endpoint=unix:///var/run/docker.sock" - - "--providers.swarm.exposedByDefault=false" + - "--providers.docker.endpoint=unix:///var/run/docker.sock" + - "--providers.docker.swarmMode=true" + - "--providers.docker.exposedByDefault=false" # so that internal services are not picked up - - "--providers.swarm.constraints=!LabelRegex(`io.simcore.zone`, `${TRAEFIK_SIMCORE_ZONE}`)" - - "--core.defaultRuleSyntax=v2" + - "--providers.docker.constraints=!LabelRegex(`io.simcore.zone`, `${TRAEFIK_SIMCORE_ZONE}`)" - "--tracing=true" - - "--tracing.addinternals" - - "--tracing.otlp=true" - - "--tracing.otlp.http=true" + - "--tracing.jaeger=true" + - "--tracing.jaeger.samplingServerURL=http://jaeger:5778/sampling" + - "--tracing.jaeger.localAgentHostPort=jaeger:6831" + ports: - target: 80 published: 80 @@ -119,8 +117,8 @@ services: (PathPrefix(`/dashboard`) || PathPrefix(`/api`)) - traefik.http.routers.api.entrypoints=https - traefik.http.routers.api.tls=true - - traefik.http.routers.api.middlewares=ops_whitelist_ips@swarm, - ops_auth@swarm, ops_gzip@swarm + - traefik.http.routers.api.middlewares=ops_whitelist_ips@docker, + ops_auth@docker, ops_gzip@docker - traefik.http.services.api.loadbalancer.server.port=8080 # prometheus labels - prometheus-job=traefik_ops @@ -152,8 +150,8 @@ services: PathPrefix(`/whoami`) - traefik.http.routers.whoami.entrypoints=https - traefik.http.routers.whoami.tls=true - - traefik.http.routers.whoami.middlewares=ops_whitelist_ips@swarm, - ops_auth@swarm, ops_gzip@swarm + - traefik.http.routers.whoami.middlewares=ops_whitelist_ips@docker, + ops_auth@docker, ops_gzip@docker resources: limits: memory: 50M