Træfik BOSH Release v1.16.0

Improvements

• Switch to using Jammy stemcells.

• Bump Træfik to the latest version 1.7.34.

• Bump the Consul release to v1.6.0 in the clustering.yml and clustering-compiled-release.yml ops files.

• Bump BPM to v1.2.19 in the traefik.yml deployment manifest.

• Improved Concourse pipelines, re-generated from Cloud Foundry community-maintained pipeline templates.

• For contributors, provide more documentation and share helper scripts for manual testing and version bumps.

Caveats

• Clustering mode is experimental: we've experienced situations where no Traefik node is able to acquire the Consul lock in order to access Let's Encrypt cetificates. In such situations, all HTTPS requests requiring a Let's Encrypt certificate are failing, which is pretty bad. We've observed that the Traefik timeout for acquiring Consul lock is too short. Consul does store the expected lock value written by Traefik, but a little too late. So when the value is available, Traefik already has failed at acquiring the lock, and has already started retrying, writing a new value. Traefik won't be able to read the new value back because Consul is still late. Lock acquiring will fail again. Traefik will be able to read this new value only during the next retry. All in all, with enough Let's Encrypt certificates stored (we haven't identified any precise threshold yet), we've observed an infinite loop while Traefik fails at acquiring the Consul lock.

Deployment

releases:
- name:    traefik
  version: 1.16.0
  url:     https://github.com/gstackio/traefik-boshrelease/releases/download/v1.16.0/traefik-1.16.0.tgz
  sha1:    896eaeed289b6ec5670029ed5f30e28ccb1b3d87

Træfik BOSH Release v1.15.0

Improvements

• Bump the Consul release to v1.5.0 in the clustering.yml and clustering-compiled-release.yml ops files.

• Demonstrate how to add a BOSH DNS alias for Træfik, and feed this into the generated TLS certificate alternative names.

• Mount persistent disk with BPM only when Let's Encrypt is enabled.

• Add NET_BIND_SERVICE capability in BPM only when Træfik needs to bind to some port number that is less than 1024.

Caveats

• Smoke tests require an access to the Internet.

• Clustering mode is experimental: we've experienced situations where no Traefik node is able to acquire the Consul lock in order to access Let's Encrypt cetificates. In such situations, all HTTPS requests requiring a Let's Encrypt certificate are failing, which is pretty bad. We've observed that the Traefik timeout for acquiring Consul lock is too short. Consul does store the expected lock value written by Traefik, but a little too late. So when the value is available, Traefik already has failed at acquiring the lock, and has already started retrying, writing a new value. Traefik won't be able to read the new value back because Consul is still late. Lock acquiring will fail again. Traefik will be able to read this new value only during the next retry. All in all, with enough Let's Encrypt certificates stored (we haven't identified any precise threshold yet), we've observed an infinite loop while Traefik fails at acquiring the Consul lock.

Deployment

releases:
- name:    traefik
  version: 1.15.0
  url:     https://github.com/gstackio/traefik-boshrelease/releases/download/v1.15.0/traefik-1.15.0.tgz
  sha1:    d504c6a5e52056e3d87117d7031c06e21658109e

Træfik BOSH Release v1.14.0

Improvements

• Bump Træfik to the latest version 1.7.26.

• Bump the Consul release to v1.4.0 in the clustering.yml and clustering-compiled-release.yml ops files.

• Bump BPM to v1.1.9 in the traefik.yml deployment manifest.

Caveats

• Smoke tests require an access to the Internet.

• Clustering mode is experimental: we've experienced situations where no Traefik node is able to acquire the Consul lock in order to access Let's Encrypt cetificates. In such situations, all HTTPS requests requiring a Let's Encrypt certificate are failing, which is pretty bad. We've observed that the Traefik timeout for acquiring Consul lock is too short. Consul does store the expected lock value written by Traefik, but a little too late. So when the value is available, Traefik already has failed at acquiring the lock, and has already started retrying, writing a new value. Traefik won't be able to read the new value back because Consul is still late. Lock acquiring will fail again. Traefik will be able to read this new value only during the next retry. All in all, with enough Let's Encrypt certificates stored (we haven't identified any precise threshold yet), we've observed an infinite loop while Traefik fails at acquiring the Consul lock.

Deployment

releases:
- name:    traefik
  version: 1.14.0
  url:     https://github.com/gstackio/traefik-boshrelease/releases/download/v1.14.0/traefik-1.14.0.tgz
  sha1:    ab38f5ed442b401788776fc6481a84dcb4fa0a33

Træfik BOSH Release v1.13.0

Improvements

• Bump Træfik to the latest version 1.7.24.

• Bump the Consul release to v1.3.0 in the clustering.yml ops file.

• Bump BPM to v1.1.8 in the traefik.yml deployment manifest.

Caveats

• Smoke tests require an access to the Internet.

• Clustering mode is experimental: we've experienced situations where no Traefik node is able to acquire the Consul lock in order to access Let's Encrypt cetificates. In such situations, all HTTPS requests requiring a Let's Encrypt certificate are failing, which is pretty bad. We've observed that the Traefik timeout for acquiring Consul lock is too short. Consul does store the expected lock value written by Traefik, but a little too late. So when the value is available, Traefik already has failed at acquiring the lock, and has already started retrying, writing a new value. Traefik won't be able to read the new value back because Consul is still late. Lock acquiring will fail again. Traefik will be able to read this new value only during the next retry. All in all, with enough Let's Encrypt certificates stored (we haven't identified any precise threshold yet), we've observed an infinite loop while Traefik fails at acquiring the Consul lock.

Deployment

releases:
- name:    traefik
  version: 1.13.0
  url:     https://github.com/gstackio/traefik-boshrelease/releases/download/v1.13.0/traefik-1.13.0.tgz
  sha1:    dd654f62c28f5fd2588fed6902fb344167699b41

Træfik BOSH Release v1.12.0

Improvements

• Bump Træfik to the latest version 1.7.21.

• Bump the Consul release to v1.2.0 in the clustering.yml ops file.

• Bump BPM to v1.1.7 in the traefik.yml deployment manifest.

• Fix the broken DNS healthcheck script.

Breaking changes

• In the default deployment manifest, the Traefik Certificate Authority has been renamed from traefikCA to traefik_ca and its Common Name (CN) from traefikCA to Traefik CA. This might have an impact on existing deployments relying on the default manifests, as the CA is to be re-generated with a new CN, and thus all dependant certificates are also to be re-generated so that they refer to this new CN.

Caveats

• Smoke tests require an access to the Internet.

Deployment

releases:
- name:    traefik
  version: 1.12.0
  url:     https://github.com/gstackio/traefik-boshrelease/releases/download/v1.12.0/traefik-1.12.0.tgz
  sha1:    f57f40af3bf072c7574540be205249a8cbc5e5d9

Træfik BOSH Release v1.11.0

Improvements

• Bump Træfik to the latest version 1.7.20.
• Bump Consul to v1.1.0 in the clustering.yml ops file.

Caveats

• Smoke tests require an access to the Internet.

Deployment

releases:
- name:    traefik
  version: 1.11.0
  url:     https://github.com/gstackio/traefik-boshrelease/releases/download/v1.11.0/traefik-1.11.0.tgz
  sha1:    9090d5a3b3a3c3554249b84a2e2d4af70d13c479

Træfik BOSH Release v1.10.0

Improvements

• Add support for Traefik clustering, leveraging the modern gk-consul BOSH Release.
• Add native support for BOSH DNS health checks using Træfik /ping endpoint. Now BOSH DNS queries properly return healthy instances.
• Bump BPM to v1.1.5 in the standard deployment manifest.
• Bumped stemcell family to v621.x for compiled releases.

Caveats

• Smoke tests require an access to the Internet.

Deployment

releases:
- name:    traefik
  version: 1.10.0
  url:     https://github.com/gstackio/traefik-boshrelease/releases/download/v1.10.0/traefik-1.10.0.tgz
  sha1:    fd0189847fabd8050202a9fd387ee86c1823fcbc

Træfik BOSH Release v1.9.0

Improvements

• Bump Træfik to the latest version 1.7.19
• Have the smoke tests fail when running them with traefik.rest.enabled set to false, as they depend in the REST backend to be opted-in.
• Bump BPM to v1.1.3 in the standard deployment manifest.
• Bump stemcell family to v456.x, and create Træfik compiled releases based the latest stemcell from this family.

Breaking Changes

• The traefik-deployment.yml manifest name is standardized to traefik.yml

Caveats

• Smoke tests require an access to the Internet.

Deployment

releases:
- name:    traefik
  version: 1.9.0
  url:     https://github.com/gstackio/traefik-boshrelease/releases/download/v1.9.0/traefik-1.9.0.tgz
  sha1:    5ea2c9430b805763aec73d4d8980af5b7ed77337

Træfik BOSH Release v1.8.0

Improvements

• Bump Træfik to the latest version 1.7.18

Caveats

• Smoke tests require an access to the Internet.

Deployment

releases:
- name:    traefik
  version: 1.8.0
  url:     https://github.com/gstackio/traefik-boshrelease/releases/download/v1.8.0/traefik-1.8.0.tgz
  sha1:    925b96a4129a43623730ff3da79b9e76d9361fe4

Træfik BOSH Release v1.7.0

Improvements

• Bump Træfik to the latest version 1.7.14
• Add a new traefik.api.digest_auth.realm property to customize the realm used for API Digest Auth.
• Have the smoke tests fail when running them with traefik.api.enabled set to false, as they depend in the API to be enabled.

Caveats

• Smoke tests require an access to the Internet.

Deployment

releases:
- name:    traefik
  version: 1.7.0
  url:     https://github.com/gstackio/traefik-boshrelease/releases/download/v1.7.0/traefik-1.7.0.tgz
  sha1:    86fd75ba7270c4668a37d0475ae73f2b6a4242db