Merge branch v3.2 into v3.3

2024-12-20 15:55:24 +01:00 · 2024-12-20 15:55:24 +01:00 · a1099bf8d0
commit a1099bf8d0
parent d9f58f94a2 596aadfe68
12 changed files with 121 additions and 53 deletions
--- a/pkg/provider/kubernetes/crd/fixtures/tcp/with_tls_service.yml
+++ b/pkg/provider/kubernetes/crd/fixtures/tcp/with_tls_service.yml
@ -0,0 +1,16 @@
+apiVersion: traefik.io/v1alpha1
+kind: IngressRouteTCP
+metadata:
+  name: test.route
+  namespace: default
+
+spec:
+  entryPoints:
+    - foo
+
+  routes:
+    - match: HostSNI(`foo.com`)
+      services:
+        - name: whoamitcp
+          port: 8000
+          tls: true
--- a/pkg/provider/kubernetes/crd/kubernetes_tcp.go
+++ b/pkg/provider/kubernetes/crd/kubernetes_tcp.go
@ -257,6 +257,7 @@ func (p *Provider) loadTCPServers(client Client, namespace string, svc traefikv1
 				if addr.Type == corev1.NodeInternalIP {
 					servers = append(servers, dynamic.TCPServer{
 						Address: net.JoinHostPort(addr.Address, strconv.Itoa(int(svcPort.NodePort))),
+						TLS:     svc.TLS,
 					})
 				}
 			}
@ -272,6 +273,7 @@ func (p *Provider) loadTCPServers(client Client, namespace string, svc traefikv1
 	if service.Spec.Type == corev1.ServiceTypeExternalName {
 		servers = append(servers, dynamic.TCPServer{
 			Address: net.JoinHostPort(service.Spec.ExternalName, strconv.Itoa(int(svcPort.Port))),
+			TLS:     svc.TLS,
 		})
 	} else {
 		nativeLB := p.NativeLBByDefault
@ -284,7 +286,7 @@ func (p *Provider) loadTCPServers(client Client, namespace string, svc traefikv1
 				return nil, fmt.Errorf("getting native Kubernetes Service address: %w", err)
 			}

-			return []dynamic.TCPServer{{Address: address}}, nil
+			return []dynamic.TCPServer{{Address: address, TLS: svc.TLS}}, nil
 		}

 		endpointSlices, err := client.GetEndpointSlicesForService(namespace, svc.Name)
@ -318,6 +320,7 @@ func (p *Provider) loadTCPServers(client Client, namespace string, svc traefikv1
 					addresses[address] = struct{}{}
 					servers = append(servers, dynamic.TCPServer{
 						Address: net.JoinHostPort(address, strconv.Itoa(int(port))),
+						TLS:     svc.TLS,
 					})
 				}
 			}
--- a/pkg/provider/kubernetes/crd/kubernetes_test.go
+++ b/pkg/provider/kubernetes/crd/kubernetes_test.go
@ -111,6 +111,50 @@ func TestLoadIngressRouteTCPs(t *testing.T) {
 				TLS: &dynamic.TLSConfiguration{},
 			},
 		},
+		{
+			desc:  "Simple Ingress Route, with foo entrypoint, tls encryption to service",
+			paths: []string{"tcp/services.yml", "tcp/with_tls_service.yml"},
+			expected: &dynamic.Configuration{
+				UDP: &dynamic.UDPConfiguration{
+					Routers:  map[string]*dynamic.UDPRouter{},
+					Services: map[string]*dynamic.UDPService{},
+				},
+				HTTP: &dynamic.HTTPConfiguration{
+					Routers:           map[string]*dynamic.Router{},
+					Middlewares:       map[string]*dynamic.Middleware{},
+					Services:          map[string]*dynamic.Service{},
+					ServersTransports: map[string]*dynamic.ServersTransport{},
+				},
+				TCP: &dynamic.TCPConfiguration{
+					Routers: map[string]*dynamic.TCPRouter{
+						"default-test.route-fdd3e9338e47a45efefc": {
+							EntryPoints: []string{"foo"},
+							Service:     "default-test.route-fdd3e9338e47a45efefc",
+							Rule:        "HostSNI(`foo.com`)",
+						},
+					},
+					Middlewares: map[string]*dynamic.TCPMiddleware{},
+					Services: map[string]*dynamic.TCPService{
+						"default-test.route-fdd3e9338e47a45efefc": {
+							LoadBalancer: &dynamic.TCPServersLoadBalancer{
+								Servers: []dynamic.TCPServer{
+									{
+										Address: "10.10.0.1:8000",
+										TLS:     true,
+									},
+									{
+										Address: "10.10.0.2:8000",
+										TLS:     true,
+									},
+								},
+							},
+						},
+					},
+					ServersTransports: map[string]*dynamic.TCPServersTransport{},
+				},
+				TLS: &dynamic.TLSConfiguration{},
+			},
+		},
 		{
 			desc:  "Simple Ingress Route, with foo entrypoint and middleware",
 			paths: []string{"tcp/services.yml", "tcp/with_middleware.yml"},
--- a/pkg/proxy/httputil/proxy.go
+++ b/pkg/proxy/httputil/proxy.go
@ -4,6 +4,7 @@ import (
 	"context"
 	"errors"
 	"io"
+	stdlog "log"
 	"net"
 	"net/http"
 	"net/http/httputil"
@ -11,7 +12,9 @@ import (
 	"strings"
 	"time"

+	"github.com/rs/zerolog"
 	"github.com/rs/zerolog/log"
+	"github.com/traefik/traefik/v3/pkg/logs"
 	"golang.org/x/net/http/httpguts"
 )

@ -29,6 +32,7 @@ func buildSingleHostProxy(target *url.URL, passHostHeader bool, preservePath boo
 		Transport:     roundTripper,
 		FlushInterval: flushInterval,
 		BufferPool:    bufferPool,
+		ErrorLog:      stdlog.New(logs.NoLevel(log.Logger, zerolog.DebugLevel), "", 0),
 		ErrorHandler:  ErrorHandler,
 	}
 }
--- a/pkg/server/socket_activation_unix.go
+++ b/pkg/server/socket_activation_unix.go
@ -5,7 +5,7 @@ package server
 import (
 	"net"

-	"github.com/coreos/go-systemd/activation"
+	"github.com/coreos/go-systemd/v22/activation"
 	"github.com/rs/zerolog/log"
 )