containous / traefik-extra-service-fabric Goto Github PK

I'd like to see our default resolution of endpoints handle a little differently I think - currently we just grab the first endpoint that has contains http (

Anyone want to take a stab at adding Support for Traefik v2? I would but am a total Go novice.

Do you want to request a feature or report a bug?

Feature/Enhancement

What did you expect to see?

Improve Https SSL certificate management in service fabric:

Enable KV/clustering for Azure service fabric for lets encrypt to reduce certificate requests. Service Fabric has stateful services and management properties which could be used to store the certificates

or

Add API to add/delete/update Endpoint certificates at runtime

Use case

White label multi tenanted solution where customer domains are added through web portal using lets encrypt. We currently do this outside of service fabric using a reverse proxy automation but Traefik would be ideal if we can enable the clustering of Traefik within service fabric or manage certificates on the fly.

Service Fabric - 6.3.187.9494 on Windows
Traefik - v1.7.4

Stateless Service when deployed with a Singleton Partition, Traefik sees the frontend/backend and forwards traffic as expected.

If I deploy the same service using named partitions, the follow errors are logged to stdout and the dashboard does not show

time="2018-10-31T13:03:56Z" level=error msg="Provider connection error: Near line 49 (last key parsed 'backends'): Key 'backends.fabric:/app01/serv001' has already been defined.; retrying in 1.365652418s"

I am not if I should open this issue here or Joni GitHub repo.

I'd like to look at creating an end-to-end test scenario to ensure things behave as expected with a real instance of Service Fabric.

My current plan would be to script the following process:

1. Start the docker container for linux SF to run an instance of SF
2. Deploy the sample SF application in to the cluster
3. Run Traefik
4. Test requests are routed as expected

Does this sound like a useful plan?

Do you want to request a feature or report a bug?

Bug

What did you do?

• We run an on-premise Service Fabric cluster, with Active Directory Integration (Not Azure AD)
• Our FabricSvc service is running under an Active Directory account, which has admin rights on the cluster and on the nodes
• The Traefik.exe is running under the same Active Directory Account
• When we start Traefik.exe in the cluster / or from the command line with that account we get the following errors in the log file: Provider connection error: Service Fabric responded with error code 401 Unauthorized to request http://localhost:19080/Applications/?api-version=3.0 with body {}; retrying in 588.391017ms
• Is it possible the windows account is not send with the request to the Service Fabric api ?
• We are able to access http://localhost:19080/Applications/?api-version=3.0 with the Account that is running the service.

What did you expect to see?

• When we browse to traefik dashboard we see the following: No providers found.

What did you see instead?

• We would like to see our Service Fabric services, like we see on our development environments.

Output of traefik version: (What version of Traefik are you using?)

Traefik version v1.7.7 built on 2019-01-08_10:21:03AM

What is your environment & configuration (arguments, toml, provider, platform, ...)?

################################################################
# Global configuration
################################################################

# Enable debug mode
#
# Optional
# Default: false
#
debug = true

# Traefik logs file
# If not defined, logs to stdout
#
# Optional
#
traefikLogsFile = "E:/ServiceFabric/traefik/traefik.log"

# Log level
#
# Optional
# Default: "ERROR"

logLevel = "DEBUG"

# Entrypoints to be used by frontends that do not specify any entrypoint.
# Each frontend can specify its own entrypoints.
#
# Optional
# Default: ["http"]
#
defaultEntryPoints = ["http", "https"]

# Entrypoints definition
#
# Optional
# Default:
[entryPoints]
[entryPoints.http]
address = ":21500"
[entryPoints.traefik]
address = ":21550"

# Enable access logs
# By default it will write to stdout and produce logs in the textual
# Common Log Format (CLF), extended with additional fields.
#
# Optional
#
# [accessLog]

# Sets the file path for the access log. If not specified, stdout will be used.
# Intermediate directories are created if necessary.
#
# Optional
# Default: os.Stdout
#
# filePath = "/path/to/log/log.txt"

# Format is either "json" or "common".
#
# Optional
# Default: "common"
#
# format = "common"

################################################################
# API definition
################################################################

[api]
  # Name of the related entry point
  #
  # Optional
  # Default: "traefik"
  #
  entryPoint = "traefik"

  # Enabled Dashboard
  #
  # Optional
  # Default: true
  #
  dashboard = true

  # Enable debug mode.
  # This will install HTTP handlers to expose Go expvars under /debug/vars and
  # pprof profiling data under /debug/pprof.
  # Additionally, the log level will be set to DEBUG.
  #
  # Optional
  # Default: false
  #
  debug = true

################################################################
# Service Fabric provider
################################################################

# Enable Service Fabric configuration backend
[servicefabric]

# Service Fabric Management Endpoint
clustermanagementurl = "http://localhost:19080"
# Note: use "https://localhost:19080" if you're using a secure cluster

# Service Fabric Management Endpoint API Version
apiversion = "3.0"

# Enable TLS connection.
#
# Optional
#
#[serviceFabric.tls]
#  cert = "certs/servicefabric.crt"
#  key = "certs/servicefabric.key"
#  insecureskipverify = true

Part of our cluster config.

"security": {
		"ClusterCredentialType": "Windows",
		"ServerCredentialType": "Windows",
		"WindowsIdentities": {
			"ClientIdentities": [
				{
					"Identity": "DOMAIN\\SA_XXXXXXXXXXXX",
					"IsAdmin": true
				},
				....
			]
		}
	},

If applicable, please paste the log output in DEBUG level (--logLevel=DEBUG switch)

time="2019-01-28T08:17:41+01:00" level=info msg="Using TOML configuration file D:\\ServiceFabric\\Data\\A250DOMZ01S0\\Fabric\\work\\Applications\\TraefikType_App12\\TraefikPkg.Code.1.7.7\\traefik.toml"
time="2019-01-28T08:17:41+01:00" level=info msg="Traefik version v1.7.7 built on 2019-01-08_10:21:03AM"
time="2019-01-28T08:17:41+01:00" level=debug msg="Global configuration loaded {\"LifeCycle\":{\"RequestAcceptGraceTimeout\":0,\"GraceTimeOut\":10000000000},\"GraceTimeOut\":0,\"Debug\":true,\"CheckNewVersion\":true,\"SendAnonymousUsage\":false,\"AccessLogsFile\":\"\",\"AccessLog\":null,\"TraefikLogsFile\":\"E:/ServiceFabric/traefik/traefik.log\",\"TraefikLog\":null,\"Tracing\":null,\"LogLevel\":\"DEBUG\",\"EntryPoints\":{\"http\":{\"Address\":\":21500\",\"TLS\":null,\"Redirect\":null,\"Auth\":null,\"WhitelistSourceRange\":null,\"WhiteList\":null,\"Compress\":false,\"ProxyProtocol\":null,\"ForwardedHeaders\":{\"Insecure\":true,\"TrustedIPs\":null}},\"traefik\":{\"Address\":\":21550\",\"TLS\":null,\"Redirect\":null,\"Auth\":null,\"WhitelistSourceRange\":null,\"WhiteList\":null,\"Compress\":false,\"ProxyProtocol\":null,\"ForwardedHeaders\":{\"Insecure\":true,\"TrustedIPs\":null}}},\"Cluster\":null,\"Constraints\":[],\"ACME\":null,\"DefaultEntryPoints\":[\"http\",\"https\"],\"ProvidersThrottleDuration\":2000000000,\"MaxIdleConnsPerHost\":200,\"IdleTimeout\":0,\"InsecureSkipVerify\":false,\"RootCAs\":null,\"Retry\":null,\"HealthCheck\":{\"Interval\":30000000000},\"RespondingTimeouts\":null,\"ForwardingTimeouts\":null,\"AllowMinWeightZero\":false,\"KeepTrailingSlash\":false,\"Web\":null,\"Docker\":null,\"File\":null,\"Marathon\":null,\"Consul\":null,\"ConsulCatalog\":null,\"Etcd\":null,\"Zookeeper\":null,\"Boltdb\":null,\"Kubernetes\":null,\"Mesos\":null,\"Eureka\":null,\"ECS\":null,\"Rancher\":null,\"DynamoDB\":null,\"ServiceFabric\":{\"Watch\":false,\"Filename\":\"\",\"Constraints\":null,\"Trace\":false,\"TemplateVersion\":0,\"DebugLogGeneratedTemplate\":false,\"ClusterManagementURL\":\"http://localhost:19080\",\"APIVersion\":\"3.0\",\"RefreshSeconds\":0,\"TLS\":null,\"AppInsightsClientName\":\"\",\"AppInsightsKey\":\"\",\"AppInsightsBatchSize\":0,\"AppInsightsInterval\":0},\"Rest\":null,\"API\":{\"EntryPoint\":\"traefik\",\"Dashboard\":true,\"Debug\":true,\"CurrentConfigurations\":null,\"Statistics\":null},\"Metrics\":null,\"Ping\":null,\"HostResolver\":null}"
time="2019-01-28T08:17:41+01:00" level=info msg="\nStats collection is disabled.\nHelp us improve Traefik by turning this feature on :)\nMore details on: https://docs.traefik.io/basics/#collected-data\n"
time="2019-01-28T08:17:41+01:00" level=warning msg="clientTLS is nil"
time="2019-01-28T08:17:41+01:00" level=info msg="Preparing server traefik &{Address::21550 TLS:<nil> Redirect:<nil> Auth:<nil> WhitelistSourceRange:[] WhiteList:<nil> Compress:false ProxyProtocol:<nil> ForwardedHeaders:0xc0004f01e0} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s"
time="2019-01-28T08:17:41+01:00" level=info msg="Preparing server http &{Address::21500 TLS:<nil> Redirect:<nil> Auth:<nil> WhitelistSourceRange:[] WhiteList:<nil> Compress:false ProxyProtocol:<nil> ForwardedHeaders:0xc0004f01a0} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s"
time="2019-01-28T08:17:41+01:00" level=info msg="Starting server on :21550"
time="2019-01-28T08:17:41+01:00" level=info msg="Starting provider configuration.ProviderAggregator {}"
time="2019-01-28T08:17:41+01:00" level=info msg="Starting server on :21500"
time="2019-01-28T08:17:41+01:00" level=info msg="Starting provider *servicefabric.Provider {\"Watch\":false,\"Filename\":\"\",\"Constraints\":null,\"Trace\":false,\"TemplateVersion\":0,\"DebugLogGeneratedTemplate\":false,\"ClusterManagementURL\":\"http://localhost:19080\",\"APIVersion\":\"3.0\",\"RefreshSeconds\":10000000000,\"TLS\":null,\"AppInsightsClientName\":\"\",\"AppInsightsKey\":\"\",\"AppInsightsBatchSize\":0,\"AppInsightsInterval\":0}"
time="2019-01-28T08:17:51+01:00" level=info msg="Checking service fabric config"
time="2019-01-28T08:17:51+01:00" level=error msg="Provider connection error: Service Fabric responded with error code 401 Unauthorized to request http://localhost:19080/Applications/?api-version=3.0 with body {}; retrying in 588.391017ms"
time="2019-01-28T08:18:01+01:00" level=info msg="Checking service fabric config"
time="2019-01-28T08:18:01+01:00" level=error msg="Provider connection error: Service Fabric responded with error code 401 Unauthorized to request http://localhost:19080/Applications/?api-version=3.0 with body {}; retrying in 507.777275ms"
time="2019-01-28T08:18:12+01:00" level=info msg="Checking service fabric config"
.... (Trimmed, because this goes on)

I've recently had some questions around the following problem statement via email, I wanted to open the conversation up as an Issue to get opinions/thoughts and allow others to contribute/learn.

Given the problem statement: "Each service should be able to self-report that it's full, at this point only existing sessions should be routed to it. New sessions should go to other nodes". I think it's possible with the existing Traefik code and if that fails I think it should be possible with some code changes.

Proposed solution:

Currently all the servers in a backend have a default weight of 1 set in the configuration template which then uses this function to get weight or return a default of 1. The template is used to output the configuration from the SF plugin Traefik. The template canbe customized for individual uses. So you could take a copy of this template and then edit it.

The code supports picking up dynamically set labels, which can be set by calling the SF API, as explained here. So services can set labels themselves using this method.

So the aim is to have the service make a call to set a label which sets it's particular weight then have the template pick this up and make those changes appear in Traefik (all the instances in the cluster).

To do this we'd change this line "weight = {{ getWeight $service }}" to something like this

        {{ $instanceLabel := printf("traefik.servicefabric.instance.%S.weight" $instance.ID)}}
        {{ $hasPerServerWeight := hasLabel $service $instanceLabel }}
        {{ if $hasPerServerWeight }}     
        weight = {{ getLabelValue $instanceLabel "1"}}
        {{ else }}
        weight = {{ getWeight $service }}
        {{end}}

This would check for a label in the form of "traefik.servicefabric.instance.INSTANCEIDHERE.weight" and set it's value as the servers weight. The InstanceID is the ID of the instance in SF so should be accessible by the code running in the service.

When the node is "full" it can set it's weight to 0. I think this will not affect existing sessions but this will need to be checked in a test.

What could go wrong with this:

1. It relies on getLabelValue which is meant to retreive a string value won't be as "Safe" as it could be. If you set a non-int value to the label it will cause the config update to fail rather than to use it's default. (Fixable with 1 line PR to expose getLabelValueInt)
2. The template code I've written should be roughly right but I've not had a chance to test it out so may have some syntax errors.
3. Existing sessions may be routed away from 0 weighted stuff (simple to test routing behavior)

Hopefully this makes sense, would be interested to hear how you get on if you wanted to give this a test.

In abundance of caution, while I don't see any reason it will not work, I want to flag that this approach is not something we've used before and I'd strongly recommend testing it well before using it in a production system.

Docs

Server weight in Traefik

Other notes

This approach could be combined with the Retry option in Traefik to handle any requests which do still get routed to the node. However, this would need to tested to see what classed as a retryable error.

Hi,

We are exposing gRPC services through Traefik with the h2c protocol on the backends. Because of the logic in getValidInstances shown below, service instances that do not have an http endpoint are considered invalid:

As a consequence, the gRPC service instances are not included when the configuration template is evaluated.

We have managed to work around this issue by first adding an additional "dummy" http endpoint to the services and then writing a custom configuration template that selects the "h2c" endpoint using the getNamedEndpoint template function.

Our workaround seems a bit fragile and it would be useful with a first order support for custom protocols - for example by using the traefik.protocol label on the service.

I picked this up while updating the tests. Don't this it is a serious issue as it could be impossible to achieve.

The following line, I believe has the wrong logic.

(instanceData.ReplicaStatus == "Ready" || instanceData.HealthState != "Error")

I think this should be:

(instanceData.ReplicaStatus == "Ready" && instanceData.HealthState != "Error")

To handle a scenario where ReplicaStatus: Down and HealthState: Warning. As I say I'm unsure if this is possible in the cluster but happy to put in a PR to fix just in case.

What do you think?

As raised by @naeemkhedarun we are currently missing support for passTLSCert.

I propose using this issue to capture all labels which we may be missing and then creating a related PR to add the functionality.

Do you want to request a feature or report a bug?

Feature

What did you do?

Ive tried to configure rate limits for my frontend rule by using the Traefik labels for service fabric.

What did you expect to see?

i expected to be able to use the following annotations in my servicemanifest.xml configuration.

traefik.frontend.rateLimit.extractorFunc
traefik.frontend.rateLimit.rateSet.burst
traefik.frontend.rateLimit.rateSet.period
traefik.frontend.rateLimit.rateSet.average

although the service fabric documentation (https://docs.traefik.io/configuration/backends/servicefabric/) doesn't have these labels on the supported label list i assumed it will be just like the traefik.backend.healthcheck label which is basically supported but for some reason isn't mentioned in the supported labels.

What did you see instead?

i couldnt define a rate limit for my frontend rule. my labels were basically ignored.
I noticed that the service fabric template still doesnt support the mentioned annotations,while it looks like the vast majority of the other templates (kubernetes.tmpl,marathon.tmpl etc..) support them.
im basing my opinion on the template file which can be found here:
https://github.com/containous/traefik-extra-service-fabric/blob/master/servicefabric_tmpl.go

Output of traefik version: (What version of Traefik are you using?)

im using traefik 1.5.2

Do you want to request a feature or report a bug?

Bug

Did you try using a 1.7.x configuration for the version 2.0?

• Yes
• No

What did you do?

I run Traefik inside Azure Service Fabric. At the same time, I configure other services on Service Fabric with Traefik's extension labels including traefik.frontend.rule. For instance:

<ServiceTypes>
    <StatelessServiceType ServiceTypeName="MyServiceType" UseImplicitHost="true">
      <Extensions>
        <Extension Name="Traefik">
          <Labels xmlns="http://schemas.microsoft.com/2015/03/fabact-no-schema">
            <Label Key="traefik.enable">true</Label>
            <Label Key="traefik.frontend.passHostHeader">true</Label>
            <Label Key="traefik.frontend.rule">
                   Host:myapp.mydomain.com;PathPrefixStripRegex:/{path:(?i)path1}, /{path:(?i)path2}
            </Label>
            <Label Key="traefik.backend.loadbalancer.stickiness">true</Label>
            <Label Key="traefik.backend.healthcheck.path">/</Label>
            <Label Key="traefik.backend.healthcheck.interval">20s</Label>
          </Labels>
        </Extension>
      </Extensions>
    </StatelessServiceType>
  </ServiceTypes>

What did you expect to see?

Traefik discover the service and display it on the dashboard.

What did you see instead?

Traefik didn't discover the service.

Output of traefik version: (What version of Traefik are you using?)

1.7.6

If applicable, please paste the log output in DEBUG level (--log.level=DEBUG switch)

time="2019-04-26T20:28:44Z" level=error msg="Provider connection error: Near line 122 (last key parsed 'frontends.frontend-fabric:/xxxx/xxxx.routes.traefik.frontend.rule.rule'): strings cannot contain newlines; retrying in 650.84664ms"

Do you want to request a feature or report a bug?

Feature

What did you expect to see?

When using Azure Service Fabric as a provider, neither TLS client certificate nor certificate infos are forwarded to the backends. It would be really helpful, if the traefik.frontend.passTLSClientCert.* labels and client certificate info passing were implemented also for the Azure Service Fabric provider.

Need this feature, as the one described in the current documentation traefik.frontend.passTLSCert=true passes server instead of client certificate to the backend.

In the current v1.6rc docs, under the heading extensions the sample for labels references the v1.5 label expose rather than the v1.6 label enable.

<StatelessServiceType ServiceTypeName="WebServiceType">
  <Extensions>
      <Extension Name="Traefik">
        <Labels xmlns="http://schemas.microsoft.com/2015/03/fabact-no-schema">
          <Label Key="traefik.frontend.rule.example2">PathPrefixStrip: /a/path/to/strip</Label>
         <!-- This should be enable -->
         <Label Key="traefik.expose">true</Label>
         <!-- This should be enable -->
          <Label Key="traefik.frontend.passHostHeader">true</Label>
        </Labels>
      </Extension>
  </Extensions>
</StatelessServiceType>

The docs use the labels:

• traefik.backend.group.name
• traefik.backend.group.weight

However in servicefabric_labelfuncs.go on line 11 and 12:

traefikSFGroupName                   = "traefik.servicefabric.groupname"
traefikSFGroupWeight                 = "traefik.servicefabric.groupweight"

This means the grouped labels do not match and canary testing is not possible with the documented labels.

NOTE: For anybody wishing to use this feature before a fix is merged, please use the labels:

• traefik.servicefabric.groupname
• traefik.servicefabric.groupweight

I will post a fix shortly.
cc: @lawrencegripper

Currently the provider only checks for the existence of the label traefik.expose but doesn't check it's associated value. This means using <Label Key="traefik.expose">false</Label> will still actually expose the service.
Offending line: servicefabric_tmpl.go:94

We require multiple front-end rule sets to be accessible for our Fabric Service. At the moment, it appears that additional traefik.frontend.rule{.name} labels will AND themselves together instead of OR.

My StackOverflow question should detail our use-case.

Another use case example would be to support multiple host names for our service.

Suggested label syntax could be something like this:

  <Extensions>
    <Extension Name="Traefik">
      <Labels xmlns="http://schemas.microsoft.com/2015/03/fabact-no-schema">
        <Label Key="traefik.frontends">local; external</Label> <!-- Identifies the names for multiple frontends support -->
        <Label Key="traefik.frontend.local.rule">PathPrefixStrip: /my-service/</Label> <!-- Defines default rule for "local" frontend -->
        <Label Key="traefik.frontend.external.rule">Host: my-domain.localhost</Label> <!-- Defines default rule for "external" frontend -->
        <Label Key="traefik.frontends.passHostHeader">true</Label> <!-- Due to "frontends" it applies to all frontends -->
        <Label Key="traefik.frontend.external.passHostHeader">false</Label> <!-- Overrides the "frontends" rule for the "external" frontend -->
        <Label Key="traefik.enable">true</Label>
      </Labels>
    </Extension>
  </Extensions>

Hi, I notice that there's code in here related to error pages support in Traefik. However, I can't work out what the labels need to look like and the documentation on https://docs.traefik.io/configuration/backends/servicefabric/ hasn't got any extra information.

Can we please provide some information on the labels please?

Hi,

Currently the code and the main set of documents on how to run the extension sit across two repositories. The code is here and the docs/samples sit in @jjcollinge https://github.com/jjcollinge/traefik-on-service-fabric.

I'd like to propose moving the bulk of the existing docs repository into this repository under a /docs folder.

The main objective would be to ensure issues which related to the code are not opened in the docs (like this one) repo and the other way around.

Ps. Sorry this is a problem of our own making - we should have thought this through better before creating the separate docs repo

What are your thoughts?

Recently i tried traefik version 1.6.0-rc2.
it looks like its supposed to use the 1.1.0 service fabric provider (according to the 1.6.0-rc1 release notes, issue can be fount at traefik/traefik#3064)

Im using custom template, and im basing it upon the default template in this repository.
as a starting point i took the template just like its in version 1.1.0 and bootstrap logs have the following message:

" level=error msg="Provider connection error: template: config.toml.tmpl:118: function \"getWhitelistSourceRange\" not defined; retrying in 687.177172ms""

when I'm working with custom template and just coping the template of the 1.1.1 version everything works okay.

In addition its clear to see that between 1.1.0 and 1.1.1 the getWhitelistSourceRange method was replaced with getWhiteList (changes can be viewed at servicefabric_config.go file)

Currently its really hard to understand which sf provider version is actually integrated in a given traefik release.

I observed the Traefik repository and it seems like all the other providers source code is managed in the same repo as traefik. if the provider is separated its still vital to know which version of it is embedded to the current traefik release.

Do you want to request a feature or report a bug?

Bug

What did you do?

Simply started the traefik exe pointing to my SF Cluster with no special configuration except the SF Cluster provider part

What did you expect to see?

It could start, connect to SF Cluster properly and recognize the existing services

What did you see instead?

It crashes when it try to get further information through the SF Client API due to a malformed URL.
Service Fabric has no limitation on the Version format for both Applications and Services, it means it is possible to find Version Labels using some offending character that need to be encoded when added to the URL.

This is our case.
From the log pasted here under, you can easily find the ERROR is generated because this URL is used:
http://cac-sf-02.icc.crifnet.com:19080/ApplicationTypes/Crif.REApp.010.3rdPARTIES__Type/$/GetServiceTypes?api-version=6.0&ApplicationTypeVersion=2.0.0 [20200719.194357-7]
and I have verified the same error is returned if I put the same URL into Postman
but
If I properly encode the final part of the URL (the version parameter value) from 2.0.0 [20200719.194357-7] to 2.0.0%20%5B20200719.194357-7%5D the Postman with the new URL stars working as expected:
http://cac-sf-02.icc.crifnet.com:19080/ApplicationTypes/Crif.REApp.010.3rdPARTIES__Type/$/GetServiceTypes?api-version=6.0&ApplicationTypeVersion=2.0.0%20%5B20200719.194357-7%5D

Output of traefik version: (What version of Traefik are you using?)

2020/08/12 12:18:34 Using high precision timer
Version:      v1.7.26
Codename:     maroilles
Go version:   go1.14.6
Built:        2020-07-28_03:45:27PM
OS/Arch:      windows/amd64

What is your environment & configuration (arguments, toml, provider, platform, ...)?

################################################################
# Global configuration
################################################################

debug = true
logLevel = "DEBUG"
defaultEntryPoints = ["http", "https"]

[entryPoints]
  [entryPoints.http]
    address = ":99"
  [entryPoints.traefik]
    address = ":8099"

################################################################
# API definition
################################################################

[api]
  entryPoint = "traefik"
  dashboard = true
  debug = true

################################################################
# Service Fabric provider
################################################################

# Enable Service Fabric configuration backend
[servicefabric]

# Service Fabric Management Endpoint
clustermanagementurl = "http://cac-sf-02.icc.crifnet.com:19080"
apiversion = "6.0"

If applicable, please paste the log output in DEBUG level (--log.level=DEBUG switch)

PS C:\Users\738marmonduc.ICC\Downloads\traefik> .\traefik_windows-amd64.exe --configfile=traefik.toml
2020/08/12 12:20:22 Using high precision timer
INFO[2020-08-12T12:20:23+02:00] Using TOML configuration file C:\Users\738marmonduc.ICC\Downloads\traefik\traefik.toml
INFO[2020-08-12T12:20:23+02:00] Traefik version v1.7.26 built on 2020-07-28_03:45:27PM
DEBU[2020-08-12T12:20:23+02:00] Global configuration loaded {"LifeCycle":{"RequestAcceptGraceTimeout":0,"GraceTimeOut":10000000000},"GraceTimeOut":0,"Debug":true,"CheckNewVersion":true,"SendAnonymousUsage":false,"AccessLogsFile":"","AccessLog":null,"TraefikLogsFile":"","TraefikLog":null,"Tracing":null,"LogLevel":"DEBUG","EntryPoints":{"http":{"Address":":99","TLS":null,"Redirect":null,"Auth":null,"WhitelistSourceRange":null,"WhiteList":null,"Compress":false,"ProxyProtocol":null,"ForwardedHeaders":{"Insecure":true,"TrustedIPs":null}},"traefik":{"Address":":8099","TLS":null,"Redirect":null,"Auth":null,"WhitelistSourceRange":null,"WhiteList":null,"Compress":false,"ProxyProtocol":null,"ForwardedHeaders":{"Insecure":true,"TrustedIPs":null}}},"Cluster":null,"Constraints":[],"ACME":null,"DefaultEntryPoints":["http","https"],"ProvidersThrottleDuration":2000000000,"MaxIdleConnsPerHost":200,"IdleTimeout":0,"InsecureSkipVerify":false,"RootCAs":null,"Retry":null,"HealthCheck":{"Interval":30000000000},"RespondingTimeouts":null,"ForwardingTimeouts":null,"AllowMinWeightZero":false,"KeepTrailingSlash":false,"Web":null,"Docker":null,"File":null,"Marathon":null,"Consul":null,"ConsulCatalog":null,"Etcd":null,"Zookeeper":null,"Boltdb":null,"Kubernetes":null,"Mesos":null,"Eureka":null,"ECS":null,"Rancher":null,"DynamoDB":null,"ServiceFabric":{"Watch":false,"Filename":"","Constraints":null,"Trace":false,"TemplateVersion":0,"DebugLogGeneratedTemplate":false,"ClusterManagementURL":"http://cac-sf-02.icc.crifnet.com:19080","APIVersion":"6.0","RefreshSeconds":0,"TLS":null,"AppInsightsClientName":"","AppInsightsKey":"","AppInsightsBatchSize":0,"AppInsightsInterval":0},"Rest":null,"API":{"EntryPoint":"traefik","Dashboard":true,"Debug":true,"CurrentConfigurations":null,"Statistics":null},"Metrics":null,"Ping":null,"HostResolver":null}
INFO[2020-08-12T12:20:23+02:00]
Stats collection is disabled.
Help us improve Traefik by turning this feature on :)
More details on: https://docs.traefik.io/v1.7/basics/#collected-data
WARN[2020-08-12T12:20:23+02:00] clientTLS is nil
INFO[2020-08-12T12:20:23+02:00] Preparing server http &{Address::99 TLS:<nil> Redirect:<nil> Auth:<nil> WhitelistSourceRange:[] WhiteList:<nil> Compress:false ProxyProtocol:<nil> ForwardedHeaders:0xc0009c28e0} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s
INFO[2020-08-12T12:20:23+02:00] Preparing server traefik &{Address::8099 TLS:<nil> Redirect:<nil> Auth:<nil> WhitelistSourceRange:[] WhiteList:<nil> Compress:false ProxyProtocol:<nil> ForwardedHeaders:0xc0009c28c0} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s
INFO[2020-08-12T12:20:23+02:00] Starting server on :99
INFO[2020-08-12T12:20:23+02:00] Starting provider configuration.ProviderAggregator {}
INFO[2020-08-12T12:20:23+02:00] Starting server on :8099
INFO[2020-08-12T12:20:23+02:00] Starting provider *servicefabric.Provider {"Watch":false,"Filename":"","Constraints":null,"Trace":false,"TemplateVersion":0,"DebugLogGeneratedTemplate":false,"ClusterManagementURL":"http://cac-sf-02.icc.crifnet.com:19080","APIVersion":"6.0","RefreshSeconds":10000000000,"TLS":null,"AppInsightsClientName":"","AppInsightsKey":"","AppInsightsBatchSize":0,"AppInsightsInterval":0}
INFO[2020-08-12T12:20:33+02:00] Checking service fabric config
ERRO[2020-08-12T12:20:33+02:00] Error retrieving serviceExtensionMap: error requesting service extensions: Service Fabric responded with error code 400 Bad Request to request http://cac-sf-02.icc.crifnet.com:19080/ApplicationTypes/Crif.REApp.010.3rdPARTIES__Type/$/GetServiceTypes?api-version=6.0&ApplicationTypeVersion=2.0.0 [20200719.194357-7] with body &{0xc0008ea040 {0 0} false <nil> 0x733d90 0x733d10}
ERRO[2020-08-12T12:20:33+02:00] error requesting service extensions: Service Fabric responded with error code 400 Bad Request to request http://cac-sf-02.icc.crifnet.com:19080/ApplicationTypes/Crif.REApp.010.3rdPARTIES__Type/$/GetServiceTypes?api-version=6.0&ApplicationTypeVersion=2.0.0 [20200719.194357-7] with body &{0xc0008ea040 {0 0} false <nil> 0x733d90 0x733d10}
ERRO[2020-08-12T12:20:33+02:00] Error retrieving serviceExtensionMap: error requesting service extensions: Service Fabric responded with error code 400 Bad Request to request http://cac-sf-02.icc.crifnet.com:19080/ApplicationTypes/Crif.REApp.110.CFF-PTF-CORE__Type/$/GetServiceTypes?api-version=6.0&ApplicationTypeVersion=2.0.0 [20200719.221114-155] - cff 7.9.1-SNAPSHOT with body &{0xc000056600 {0 0} false <nil> 0x733d90 0x733d10}
ERRO[2020-08-12T12:20:33+02:00] error requesting service extensions: Service Fabric responded with error code 400 Bad Request to request http://cac-sf-02.icc.crifnet.com:19080/ApplicationTypes/Crif.REApp.110.CFF-PTF-CORE__Type/$/GetServiceTypes?api-version=6.0&ApplicationTypeVersion=2.0.0 [20200719.221114-155] - cff 7.9.1-SNAPSHOT with body &{0xc000056600 {0 0} false <nil> 0x733d90 0x733d10}
ERRO[2020-08-12T12:20:33+02:00] Error retrieving serviceExtensionMap: error requesting service extensions: Service Fabric responded with error code 400 Bad Request to request http://cac-sf-02.icc.crifnet.com:19080/ApplicationTypes/Crif.REApp.110.CFF-PTF-CORE__Type/$/GetServiceTypes?api-version=6.0&ApplicationTypeVersion=2.0.0 [20200719.221114-155] - cff 7.9.1-SNAPSHOT with body &{0xc0008ea200 {0 0} false <nil> 0x733d90 0x733d10}
ERRO[2020-08-12T12:20:33+02:00] error requesting service extensions: Service Fabric responded with error code 400 Bad Request to request http://cac-sf-02.icc.crifnet.com:19080/ApplicationTypes/Crif.REApp.110.CFF-PTF-CORE__Type/$/GetServiceTypes?api-version=6.0&ApplicationTypeVersion=2.0.0 [20200719.221114-155] - cff 7.9.1-SNAPSHOT with body &{0xc0008ea200 {0 0} false <nil> 0x733d90 0x733d10}
INFO[2020-08-12T12:20:34+02:00] I have to go...
INFO[2020-08-12T12:20:34+02:00] Stopping server gracefully
DEBU[2020-08-12T12:20:34+02:00] Waiting 10s seconds before killing connections on entrypoint http...
DEBU[2020-08-12T12:20:34+02:00] Waiting 10s seconds before killing connections on entrypoint traefik...
DEBU[2020-08-12T12:20:34+02:00] Entrypoint http closed
DEBU[2020-08-12T12:20:34+02:00] Entrypoint traefik closed
INFO[2020-08-12T12:20:34+02:00] Server stopped
INFO[2020-08-12T12:20:34+02:00] Shutting down

Is this supposed to be able to work with stateful services? Because I can't get it to do so. Traefik shows the backend name of the service as hyphenated with a guid suffix (unlike my stateless services which have names that align to the service names in the fabric naming service). The front end rules for the statful service specified via extension labels in ServiceManifest are not picked up.

My service has a single named partition. I suspect it may be something to do with partitioning but I don't understand enough about how to implement it.

Using Traefik version 1.7.12 on Service Fabric, I'd like to add a custom header to certain responses returned from a particular service. It seems the only way to do this is to re-deploy the service with different labels. The problem with this is then I'll end up with 2 backends. In my case, this means 2 set of docker containers.

Is there a way to map multiple frontends to the same backend?

Do you want to request a feature or report a bug?

BUG

What did you do?

Deploy two services, one with a valid ServiceManifest.xml and good labels (GoodService) for Traefik, and one a ServiceManifest.xml containing a bad label value (BorkService):

<StatelessServiceType ServiceTypeName="BorkServiceType" UseImplicitHost="true">
  <Extensions>
    <Extension Name="Traefik">
      <Labels xmlns="http://schemas.microsoft.com/2015/03/fabact-no-schema">
        <Label Key="traefik.frontend.rule.borkservice">PathPrefixStrip: /bork</Label>
        <Label Key="traefik.enable">true</Label>
        <Label Key="traefik.frontend.entryPoints">["https","http"]</Label><!-- value should be: https,http -->
      </Labels>
    </Extension>
  </Extensions>
</StatelessServiceType>

What did you expect to see?

Traefik should register GoodService but not BorkService.

What did you see instead?

No backend services. Traefik Dashboard UI is entirely blank except for header. Errors are not visible unless viewing Traefik logs on server.

Output of traefik version: (What version of Traefik are you using?)

1.6.0

What is your environment & configuration (arguments, toml, provider, platform, ...)?

Provider: Service Fabric v6.1.480.9494
Platform: Windows Server 2016 Datacenter

################################################################
# Global configuration
################################################################

InsecureSkipVerify = true
debug = true
logLevel = "INFO"
defaultEntryPoints = ["https","http"]

[traefikLog]
  filePath = "traefik.log"

[entryPoints]
  [entryPoints.http]
  address = ":30080"
  [entryPoints.https]
  address = ":30443"
    [entryPoints.https.proxyProtocol]
      insecure = true
    [entryPoints.https.tls]
      [entryPoints.https.tls.ClientCA]
      optional = true
      [[entryPoints.https.tls.certificates]]
      certFile = "localhost.cert"
      keyFile = "localhost.key"
[entryPoints.traefik]
address = ":38080"


################################################################
# API definition
################################################################

[api]
  entryPoint = "traefik"
  dashboard = true

################################################################
# Service Fabric provider
################################################################

[servicefabric]
clustermanagementurl = "https://localhost:19080"
apiversion = "3.0"

[serviceFabric.tls]
  cert = "traefikcert.crt"
  key = "traefikkey.key"
  insecureskipverify = true
  caoptional = true

If applicable, please paste the log output at DEBUG level (--logLevel=DEBUG switch)

time="2018-05-11T19:54:07Z" level=error msg="Provider connection error: Near line 133 (last key parsed 'frontends.frontend-fabric:/BorkService/BorkService.entryPoints'): expected a comma or array terminator ']', but got 'h' instead; retrying in 1.008273491s"

Do you want to request a feature or report a bug?

Bug

What did you do?

I setup service fabric configuration with two listening endpoints. One for the web endpoint and one for a healthcheck endpoint. Here is the service fabric configuration with Traefik labels:

<?xml version="1.0" encoding="utf-8"?>
<ServiceManifest Name="CustomerApiPkg"
                 Version="1.0.0"
                 xmlns="http://schemas.microsoft.com/2011/01/fabric"
                 xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <ServiceTypes>
    <!-- This is the name of your ServiceType. 
         This name must match the string used in RegisterServiceType call in Program.cs. -->
    <StatelessServiceType ServiceTypeName="CustomerApiType">
      <Extensions>
        <Extension Name="Traefik">
          <Labels xmlns="http://schemas.microsoft.com/2015/03/fabact-no-schema">
            <Label Key="traefik.frontend.rule.customer">PathPrefix: /api/customer/</Label>
            <Label Key="traefik.portName">WebPort</Label>
            <Label Key="traefik.backend.healthcheck.path">/api/customer/</Label>
            <Label Key="traefik.backend.healthcheck.port">8261</Label>
            <Label Key="traefik.backend.healthcheck.interval">1s</Label>
            <Label Key="traefik.enable">true</Label>
            <Label Key="traefik.frontend.passHostHeader">true</Label>
          </Labels>
        </Extension>
      </Extensions>
    </StatelessServiceType>
  </ServiceTypes>

  <!-- Code package is your service executable. -->
  <CodePackage Name="Code" Version="1.0.0">
    <EntryPoint>
      <ExeHost>
        <Program>CustomerApi.exe</Program>
        <WorkingFolder>CodePackage</WorkingFolder>
      </ExeHost>
    </EntryPoint>
    <EnvironmentVariables>
      <EnvironmentVariable Name="ASPNETCORE_ENVIRONMENT" Value=""/>
    </EnvironmentVariables>
  </CodePackage>

  <!-- Config package is the contents of the Config directoy under PackageRoot that contains an 
       independently-updateable and versioned set of custom configuration settings for your service. -->
  <ConfigPackage Name="Config" Version="1.0.0" />

  <Resources>
    <Endpoints>
      <!-- This endpoint is used by the communication listener to obtain the port on which to 
           listen. Please note that if your service is partitioned, this port is shared with 
           replicas of different partitions that are placed in your code. -->
      <Endpoint Protocol="http" Name="WebPort" Type="Input" Port="80" />
      <Endpoint Protocol="http" Name="HealthCheckPort" Type="Input" Port="8261" />
    </Endpoints>
  </Resources>
</ServiceManifest>

What did you expect to see?

I expect Traefik to serve up the WebPort endpoint.

What did you see instead?

What happens is Traefik sometimes serves up the WebPort endpoint and then sometimes serves up the HealthCheckPort endpoint. It appears that the Traefik Label "traefik.portName" is having no affect over selecting the endpoint to serve web traffic through.

Output of traefik version: (What version of Traefik are you using?)

v1.7.6

What is your environment & configuration (arguments, toml, provider, platform, ...)?

Running Traefik as a guest executable on Service Fabric. Here is my toml configuration:

################################################################
# Global configuration
################################################################

# Enable debug mode
#
# Optional
# Default: false
#
debug = true

# Traefik logs file
# If not defined, logs to stdout
#
# Optional
#
# traefikLogsFile = "log/traefik.log"

# Log level
#
# Optional
# Default: "ERROR"

logLevel = "INFO"

# Entrypoints to be used by frontends that do not specify any entrypoint.
# Each frontend can specify its own entrypoints.
#
# Optional
# Default: ["http"]
#
defaultEntryPoints = ["http", "https"]

# Entrypoints definition
#
# Optional
# Default:
[entryPoints]
  [entryPoints.http]
  address = ":80"
  [entryPoints.traefik]
  address = ":9000"

# Enable access logs
# By default it will write to stdout and produce logs in the textual
# Common Log Format (CLF), extended with additional fields.
#
# Optional
#
# [accessLog]

# Sets the file path for the access log. If not specified, stdout will be used.
# Intermediate directories are created if necessary.
#
# Optional
# Default: os.Stdout
#
# filePath = "/path/to/log/log.txt"

# Format is either "json" or "common".
#
# Optional
# Default: "common"
#
# format = "common"

################################################################
# API definition
################################################################

[api]
  # Name of the related entry point
  #
  # Optional
  # Default: "traefik"
  #
  entryPoint = "traefik"

  # Enabled Dashboard
  #
  # Optional
  # Default: true
  #
  dashboard = true

  # Enable debug mode.
  # This will install HTTP handlers to expose Go expvars under /debug/vars and
  # pprof profiling data under /debug/pprof.
  # Additionally, the log level will be set to DEBUG.
  #
  # Optional
  # Default: false
  #
  debug = true

################################################################
# Service Fabric provider
################################################################

# Enable Service Fabric configuration backend
[servicefabric]

# Service Fabric Management Endpoint
clustermanagementurl = "http://localhost:19080"
# Note: use "https://localhost:19080" if you're using a secure cluster

# Service Fabric Management Endpoint API Version
apiversion = "3.0"

# Enable TLS connection.
#
# Optional
#
#[serviceFabric.tls]
#  cert = "certs/servicefabric.crt"
#  key = "certs/servicefabric.key"
#  insecureskipverify = true

Got Traefik working on Azure Service Fabric cloud host.
However the url to access my api is as follows:
mycloud.southeastasia.cloudapp.azure.com/api/values

Shouldn't it be (Following the built in reverse proxy by microsoft)
mycloud.southeastasia.cloudapp.azure.com/AppName/ServiceName/api/values

How can I configure it so that Traefik includes the AppName and ServiceName in the url ?