Merge current v2.3 branch into master

.gitignore

@@ -17,3 +17,4 @@
 cover.out
 vendor/
 plugins-storage/
+traefik_changelog.md

CHANGELOG.md

@@ -1,3 +1,23 @@
+## [v2.3.2](https://github.com/traefik/traefik/tree/v2.3.2) (2020-10-19)
+[All Commits](https://github.com/traefik/traefik/compare/v2.3.1...v2.3.2)
+
+**Bug fixes:**
+- **[acme]** fix: restrict protocol for TLS Challenge. ([#7400](https://github.com/traefik/traefik/pull/7400) by [ldez](https://github.com/ldez))
+- **[acme]** fix: use provider keytype instead of account keytype. ([#7387](https://github.com/traefik/traefik/pull/7387) by [mmatur](https://github.com/mmatur))
+- **[acme]** acme: Fix race condition in LocalStore during saving. ([#7355](https://github.com/traefik/traefik/pull/7355) by [walkline](https://github.com/walkline))
+- **[plugins]** fix: update Yaegi to v0.9.4 ([#7426](https://github.com/traefik/traefik/pull/7426) by [ldez](https://github.com/ldez))
+- **[udp]** fix: udp json struct tag ([#7375](https://github.com/traefik/traefik/pull/7375) by [mschneider82](https://github.com/mschneider82))
+
+**Documentation:**
+- **[consulcatalog]** fix: Consul Catalog address documentation. ([#7429](https://github.com/traefik/traefik/pull/7429) by [ldez](https://github.com/ldez))
+- **[middleware]** Moving Provider Namespace documentation topic to Configuration Discovery section ([#7423](https://github.com/traefik/traefik/pull/7423) by [AndrewSav](https://github.com/AndrewSav))
+- **[pilot]** fix: pilot static configuration documentation ([#7399](https://github.com/traefik/traefik/pull/7399) by [jbdoumenjou](https://github.com/jbdoumenjou))
+- **[plugins]** Revise Traefik Pilot documentation section ([#7427](https://github.com/traefik/traefik/pull/7427) by [PCM2](https://github.com/PCM2))
+- **[tls]** Adding details about the default TLS options to the documentation ([#7422](https://github.com/traefik/traefik/pull/7422) by [AndrewSav](https://github.com/AndrewSav))
+- doc: add YAML sample. ([#7397](https://github.com/traefik/traefik/pull/7397) by [ldez](https://github.com/ldez))
+- Fix containous links in readme ([#7394](https://github.com/traefik/traefik/pull/7394) by [kevinpollet](https://github.com/kevinpollet))
+- Fix broken logo ([#7390](https://github.com/traefik/traefik/pull/7390) by [Bencey](https://github.com/Bencey))
+
 ## [v2.3.1](https://github.com/traefik/traefik/tree/v2.3.1) (2020-09-28)
 [All Commits](https://github.com/traefik/traefik/compare/v2.3.0...v2.3.1)
 

docs/content/assets/styles/product-switcher.css

@@ -20,5 +20,5 @@
 
 .product-switcher .nav-dropdown-menu--products .nav-dropdown-menu-wrapper {
   width: auto;
-  height: auto;
+  height: 335px;
 }

docs/content/contributing/maintainers.md

@@ -11,75 +11,20 @@
 * Ludovic Fernandez [@ldez](https://github.com/ldez)
 * Julien Salleyron [@juliens](https://github.com/juliens)
 * Nicolas Mengin [@nmengin](https://github.com/nmengin)
-* Marco Jantke [@marco-jantke](https://github.com/marco-jantke)
+* Marco Jantke [@mjantke](https://github.com/mjeri)
 * Michaël Matur [@mmatur](https://github.com/mmatur)
 * Gérald Croës [@geraldcroes](https://github.com/geraldcroes)
 * Jean-Baptiste Doumenjou [@jbdoumenjou](https://github.com/jbdoumenjou)
 * Mathieu Lonjaret [@mpl](https://github.com/mpl)
 * Romain Tribotté [@rtribotte](https://github.com/rtribotte)
 
-## Contributions Daily Meeting
+## Issue Triage
 
-* 3 Maintainers should attend to a Contributions Daily Meeting where we sort and label new issues ([is:issue label:status/0-needs-triage](https://github.com/traefik/traefik/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3Astatus%2F0-needs-triage+)), and review every Pull Requests
-* Every pull request should be checked during the Contributions Daily Meeting
-    * Even if it’s already assigned
-    * Even PR labelled with `contributor/waiting-for-corrections` or `contributor/waiting-for-feedback`
-* Issues labeled with `priority/P0` and `priority/P1` should be assigned.
-* Modifying an issue or a pull request (labels, assignees, milestone) is only possible:
-    * During the Contributions Daily Meeting
-    * By an assigned maintainer
-    * In case of emergency, if a change proposal is approved by 2 other maintainers (on Slack, Discord, Discourse, etc)
+Issues and PRs are triaged daily and the process for triaging may be found under [triaging issues](https://github.com/traefik/contributors-guide/blob/master/issue_triage.md) in our [contributors guide repository](https://github.com/traefik/contributors-guide).
 
 ## PR review process:
 
-* The status `needs-design-review` is only used in complex/heavy/tricky PRs.
-* From `1` to `2`: 1 comment that says “design LGTM” (by a senior maintainer).
-* From `2` to `3`: 3 LGTM approvals by any maintainer.
-* If needed, a specific maintainer familiar with a particular domain can be requested for the review.
-* If a PR has been implemented in pair programming, one peer's LGTM goes into the review for free
-* Amending someone else's pull request is authorized only in emergency, if a rebase is needed, or if the initial contributor is silent
-
-We use [PRM](https://github.com/ldez/prm) to manage locally pull requests.
-
-## Bots
-
-### [Myrmica Lobicornis](https://github.com/traefik/lobicornis/)
-
-Update and Merge Pull Request.
-
-The maintainer giving the final LGTM must add the `status/3-needs-merge` label to trigger the merge bot.
-
-By default, a squash-rebase merge will be carried out.
-To preserve commits, add `bot/merge-method-rebase` before `status/3-needs-merge`.
-
-The status `status/4-merge-in-progress` is only used by the bot.
-
-If the bot is not able to perform the merge, the label `bot/need-human-merge` is added.  
-In such a situation, solve the conflicts/CI/... and then remove the label `bot/need-human-merge`.
-
-To prevent the bot from automatically merging a PR, add the label `bot/no-merge`.
-
-The label `bot/light-review` decreases the number of required LGTM from 3 to 1.
-
-This label is used when:
-
-* Updating the vendors from previously reviewed PRs
-* Merging branches into the master
-* Preparing the release
-
-### [Myrmica Bibikoffi](https://github.com/traefik/bibikoffi/)
-
-* closes stale issues [cron]
-    * use some criterion as number of days between creation, last update, labels, ...
-
-### [Myrmica Aloba](https://github.com/traefik/aloba)
-
-Manage GitHub labels.
-
-* Add labels on new PR [GitHub WebHook]
-* Add milestone to a new PR based on a branch version (1.4, 1.3, ...) [GitHub WebHook]
-* Add and remove `contributor/waiting-for-corrections` label when a review request changes [GitHub WebHook]
-* Weekly report of PR status on Slack (CaptainPR) [cron]
+The process for reviewing PRs may be found under [review guidelines](https://github.com/traefik/contributors-guide/blob/master/review_guidelines.md) in our contributors guide repository.
 
 ## Labels
 

docs/content/contributing/submitting-pull-requests.md

@@ -5,41 +5,5 @@ A Quick Guide for Efficient Contributions
 
 So you've decided to improve Traefik? 
 Thank You! 
-Now the last step is to submit your Pull Request in a way that makes sure it gets the attention it deserves.
 
-Let's go through the classic pitfalls to make sure everything is right. 
-
-## Title
-
-The title must be short and descriptive. (~60 characters)
-
-## Description
-
-Follow the [pull request template](https://github.com/traefik/traefik/blob/master/.github/PULL_REQUEST_TEMPLATE.md) as much as possible.
-
-Explain the conditions which led you to write this PR: give us context.
-The context should lead to something, an idea or a problem that you’re facing.
-
-Remain clear and concise.
-
-Take time to polish the format of your message so we'll enjoy reading it and working on it.
-Help the readers focus on what matters, and help them understand the structure of your message (see the [Github Markdown Syntax](https://help.github.com/articles/github-flavored-markdown)).
-
-## PR Content
-
-- Make it small.
-- One feature per Pull Request.
-- Write useful descriptions and titles.
-- Avoid re-formatting code that is not on the path of your PR.
-- Make sure the [code builds](building-testing.md).
-- Make sure [all tests pass](building-testing.md).
-- Add tests.
-- Address review comments in terms of additional commits (and don't amend/squash existing ones unless the PR is trivial).
-
-!!! note "Third-Party Dependencies"
-
-    If a PR involves changes to third-party dependencies, the commits pertaining to the vendor folder and the manifest/lock file(s) should be committed separated.
-
-!!! tip "10 Tips for Better Pull Requests"
-
-    We enjoyed this article, maybe you will too! [10 tips for better pull requests](https://blog.ploeh.dk/2015/01/15/10-tips-for-better-pull-requests/).
+Please review the [guidelines on creating PRs](https://github.com/traefik/contributors-guide/blob/master/pr_guidelines.md) for Traefik in our [contributors guide repository](https://github.com/traefik/contributors-guide).

docs/content/https/tls.md

@@ -134,14 +134,23 @@ If no default certificate is provided, Traefik generates and uses a self-signed
 
 The TLS options allow one to configure some parameters of the TLS connection.
 
+!!! important "'default' TLS Option"
+
+    The `default` option is special.
+    When no tls options are specified in a tls router, the `default` option is used.  
+    When specifying the `default` option explicitly, make sure not to specify provider namespace as the `default` option does not have one.  
+    Conversely, for cross-provider references, for example, when referencing the file provider from a docker label,
+    you must specify the provider namespace, for example:  
+    `traefik.http.routers.myrouter.tls.options=myoptions@file`
+
 !!! important "TLSOptions in Kubernetes"
 
     When using the TLSOptions-CRD in Kubernetes, one might setup a default set of options that,
-    if not explicitly overwritten, should apply to all ingresses. To achieve that, you'll have to
-    create a TLSOptions CR with the name `default`. There may exist only one TLSOption with the 
-    name `default` (across all namespaces) - otherwise they will be dropped.  
-    To explicitly use a different TLSOption (and using the Kubernetes Ingress resources) you'll 
-    have to add an annotation to the Ingress in the following form:
+    if not explicitly overwritten, should apply to all ingresses.  
+    To achieve that, you'll have to create a TLSOptions CR with the name `default`.
+    There may exist only one TLSOption with the name `default` (across all namespaces) - otherwise they will be dropped.  
+    To explicitly use a different TLSOption (and using the Kubernetes Ingress resources)
+    you'll have to add an annotation to the Ingress in the following form:
     `traefik.ingress.kubernetes.io/router.tls.options: <resource-namespace>-<resource-name>@kubernetescrd`
 
 ### Minimum TLS Version

docs/content/middlewares/overview.md

@@ -11,6 +11,11 @@ There are several available middleware in Traefik, some can modify the request,
 
 Pieces of middleware can be combined in chains to fit every scenario.
 
+!!! warning "Provider Namespace"
+
+    Be aware of the concept of Providers Namespace described in the [Configuration Discovery](../providers/overview.md#provider-namespace) section. 
+    It also applies to Middlewares.
+
 ## Configuration Example
 
 ```yaml tab="Docker"
@@ -128,106 +133,6 @@ http:
           - url: "http://127.0.0.1:80"
 ```
 
-## Provider Namespace
-
-When you declare a middleware, it lives in its provider's namespace.
-For example, if you declare a middleware using a Docker label, under the hoods, it will reside in the docker provider namespace.
-
-If you use multiple providers and wish to reference a middleware declared in another provider
-(aka referencing a cross-provider middleware),
-then you'll have to append to the middleware name, the `@` separator, followed by the provider name.
-
-```text
-<resource-name>@<provider-name>
-```
-
-!!! important "Kubernetes Namespace"
-
-    As Kubernetes also has its own notion of namespace, one should not confuse the "provider namespace"
-    with the "kubernetes namespace" of a resource when in the context of a cross-provider usage.
-    In this case, since the definition of the middleware is not in kubernetes,
-    specifying a "kubernetes namespace" when referring to the resource does not make any sense,
-    and therefore this specification would be ignored even if present.
-    On the other hand, if you declare the middleware as a Custom Resource in Kubernetes and use the 
-    non-crd Ingress objects, you'll have to add the kubernetes namespace of the middleware to the 
-    annotation like this `<middleware-namespace>-<middleware-name>@kubernetescrd`.
-
-!!! abstract "Referencing a Middleware from Another Provider"
-
-    Declaring the add-foo-prefix in the file provider.
-
-    ```toml tab="File (TOML)"
-    [http.middlewares]
-      [http.middlewares.add-foo-prefix.addPrefix]
-        prefix = "/foo"
-    ```
-
-    ```yaml tab="File (YAML)"
-    http:
-      middlewares:
-        add-foo-prefix:
-          addPrefix:
-            prefix: "/foo"
-    ```
-
-    Using the add-foo-prefix middleware from other providers:
-
-    ```yaml tab="Docker"
-    your-container: #
-      image: your-docker-image
-
-      labels:
-        # Attach add-foo-prefix@file middleware (declared in file)
-        - "traefik.http.routers.my-container.middlewares=add-foo-prefix@file"
-    ```
-
-    ```yaml tab="Kubernetes Ingress Route"
-    apiVersion: traefik.containo.us/v1alpha1
-    kind: IngressRoute
-    metadata:
-      name: ingressroutestripprefix
-
-    spec:
-      entryPoints:
-        - web
-      routes:
-        - match: Host(`example.com`)
-          kind: Rule
-          services:
-            - name: whoami
-              port: 80
-          middlewares:
-            - name: add-foo-prefix@file
-            # namespace: bar
-            # A namespace specification such as above is ignored
-            # when the cross-provider syntax is used.
-    ```
-
-    ```yaml tab="Kubernetes Ingress"
-    apiVersion: traefik.containo.us/v1alpha1
-    kind: Middleware
-    metadata:
-      name: stripprefix
-      namespace: appspace
-    spec:
-      stripPrefix:
-        prefixes:
-          - /stripit
-
-    ---
-    apiVersion: networking.k8s.io/v1
-    kind: Ingress
-    metadata:
-      name: ingress
-      namespace: appspace
-      annotations:
-        # referencing a middleware from Kubernetes CRD provider: 
-        # <middleware-namespace>-<middleware-name>@kubernetescrd
-        "traefik.ingress.kubernetes.io/router.middlewares": appspace-stripprefix@kubernetescrd
-    spec:
-      # ... regular ingress definition
-    ```
-
 ## Available Middlewares
 
 | Middleware                                | Purpose                                           | Area                        |

docs/content/observability/access-logs.md

@@ -74,7 +74,7 @@ The available filters are:
 
 - `statusCodes`, to limit the access logs to requests with a status codes in the specified range
 - `retryAttempts`, to keep the access logs when at least one retry has happened
-- `minDuration`, to keep access logs when requests take longer than the specified duration
+- `minDuration`, to keep access logs when requests take longer than the specified duration (provided in seconds or as a valid duration format, see [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration))
 
 ```toml tab="File (TOML)"
 # Configuring Multiple Filters
@@ -198,7 +198,7 @@ accessLog:
     | `RequestScheme`         | The HTTP scheme requested `http` or `https`.                                                                                                                        |
     | `RequestLine`           | `RequestMethod` + `RequestPath` + `RequestProtocol`                                                                                                                 |
     | `RequestContentSize`    | The number of bytes in the request entity (a.k.a. body) sent by the client.                                                                                         |
-    | `OriginDuration`        | The time taken by the origin server ('upstream') to return its response.                                                                                            |
+    | `OriginDuration`        | The time taken (in nanoseconds) by the origin server ('upstream') to return its response.                                                                                            |
     | `OriginContentSize`     | The content length specified by the origin server, or 0 if unspecified.                                                                                             |
     | `OriginStatus`          | The HTTP status code returned by the origin server. If the request was handled by this Traefik instance (e.g. with a redirect), then this value will be absent.     |
     | `OriginStatusLine`      | `OriginStatus` + Status code explanation                                                                                                                            |
@@ -207,7 +207,7 @@ accessLog:
     | `DownstreamContentSize` | The number of bytes in the response entity returned to the client. This is in addition to the "Content-Length" header, which may be present in the origin response. |
     | `RequestCount`          | The number of requests received since the Traefik instance started.                                                                                                 |
     | `GzipRatio`             | The response body compression ratio achieved.                                                                                                                       |
-    | `Overhead`              | The processing time overhead caused by Traefik.                                                                                                                     |
+    | `Overhead`              | The processing time overhead (in nanoseconds) caused by Traefik.                                                                                                                     |
     | `RetryAttempts`         | The amount of attempts the request was retried.                                                                                                                     |
 
 ## Log Rotation