Merge 'v2.1' into master

2020-02-29 00:13:44 +01:00 · 2020-02-29 00:13:44 +01:00 · e9d0a16a3b
commit e9d0a16a3b
parent 389536aff0 5072735866
67 changed files with 827 additions and 329 deletions
--- a/docs/content/providers/kubernetes-ingress.md
+++ b/docs/content/providers/kubernetes-ingress.md
@ -31,6 +31,51 @@ The provider then watches for incoming ingresses events, such as the example bel
 and derives the corresponding dynamic configuration from it,
 which in turn will create the resulting routers, services, handlers, etc.

+```yaml tab="File (YAML)"
+kind: Ingress
+apiVersion: extensions/v1beta1
+metadata:
+  name: "foo"
+  namespace: production
+
+spec:
+  rules:
+    - host: foo.com
+      http:
+        paths:
+          - path: /bar
+            backend:
+              serviceName: service1
+              servicePort: 80
+          - path: /foo
+            backend:
+              serviceName: service1
+              servicePort: 80
+```
+
+## LetsEncrypt Support with the Ingress Provider
+
+By design, Traefik is a stateless application,
+meaning that it only derives its configuration from the environment it runs in,
+without additional configuration.
+For this reason, users can run multiple instances of Traefik at the same time to achieve HA,
+as is a common pattern in the kubernetes ecosystem.
+
+When using a single instance of Traefik with LetsEncrypt, no issues should be encountered,
+however this could be a single point of failure.
+Unfortunately, it is not possible to run multiple instances of Traefik 2.0 with LetsEncrypt enabled,
+because there is no way to ensure that the correct instance of Traefik will receive the challenge request, and subsequent responses.
+Previous versions of Traefik used a [KV store](https://docs.traefik.io/v1.7/configuration/acme/#storage) to attempt to achieve this,
+but due to sub-optimal performance was dropped as a feature in 2.0.
+
+If you require LetsEncrypt with HA in a kubernetes environment,
+we recommend using [TraefikEE](https://containo.us/traefikee/) where distributed LetsEncrypt is a supported feature.
+
+If you are wanting to continue to run Traefik Community Edition,
+LetsEncrypt HA can be achieved by using a Certificate Controller such as [Cert-Manager](https://docs.cert-manager.io/en/latest/index.html).
+When using Cert-Manager to manage certificates,
+it will create secrets in your namespaces that can be referenced as TLS secrets in your [ingress objects](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls).
+
 ## Provider Configuration

 ### `endpoint`
@ -63,7 +108,8 @@ They are both provided automatically as mounts in the pod where Traefik is deplo

 When the environment variables are not found, Traefik tries to connect to the Kubernetes API server with an external-cluster client.
 In which case, the endpoint is required.
-Specifically, it may be set to the URL used by `kubectl proxy` to connect to a Kubernetes cluster using the granted authentication and authorization of the associated kubeconfig.
+Specifically, it may be set to the URL used by `kubectl proxy` to connect to a Kubernetes cluster using the granted authentication
+and authorization of the associated kubeconfig.

 ### `token`

@ -268,7 +314,7 @@ _Optional, Default: empty_

 ```toml tab="File (TOML)"
 [providers.kubernetesIngress.ingressEndpoint]
-  publishedService = "foo-service"
+  publishedService = "namespace/foo-service"
  # ...
 ```

@ -276,15 +322,16 @@ _Optional, Default: empty_
 providers:
  kubernetesIngress:
    ingressEndpoint:
-      publishedService: "foo-service"
+      publishedService: "namespace/foo-service"
    # ...
 ```

 ```bash tab="CLI"
--providers.kubernetesingress.ingressendpoint.publishedservice=foo-service
+--providers.kubernetesingress.ingressendpoint.publishedservice=namespace/foo-service
 ```

 Published Kubernetes Service to copy status from.
+Format: `namespace/servicename`.

 ### `throttleDuration`

@ -309,7 +356,8 @@ providers:

 ### Further

-If one wants to know more about the various aspects of the Ingress spec that Traefik supports, many examples of Ingresses definitions are located in the tests [data](https://github.com/containous/traefik/tree/v2.0/pkg/provider/kubernetes/ingress/fixtures) of the Traefik repository.
+If one wants to know more about the various aspects of the Ingress spec that Traefik supports,
+many examples of Ingresses definitions are located in the tests [data](https://github.com/containous/traefik/tree/v2.1/pkg/provider/kubernetes/ingress/fixtures) of the Traefik repository.

 ## LetsEncrypt Support with the Ingress Provider