-
Hello lifeform
I am mirsal (they / them)
Antifa cybersoldier
Digger of tunnels
Builder of bridgesⵏⴽ ⴳⵉⵖ ⵜⵎⴰⵣⵉⵖⵜ
I am from the future
I come in peace - Joined on
2021-03-19 -
-
Done, along with squashing this PR's commit into one :)
Additionally, there's a big gotcha because setting the endpoint_mode to vip bars from using any of the compose overrides which add published ports to the traefik service.
i don't really…
I had Traefik deployed with compose.host.yml and compose.nextcloud-talk-hpb.yml. Upgrading to this PR worked mostly ok, except for Nextcloud Talk ports
Thanks a lot for testing this!
I am…
maybe we should also add a
compose.no-host.ymlthat overwritesendpoint-modetovipand themodeof theports 80/443 toingressor do you think we don't need that? :)
I…
ee344cce5d
Merge pull request 'docs: next release notes' (#80) from feat-release-notes-next into master
27cc7efb72
Merge pull request 'chore(deps): update traefik docker tag to v3.6.7' (#83) from renovate/traefik-3.x into master
@3wordchant an unprivileged swarm container would not be able to perform MITM without CAP_NET_ADMIN or host-mode networking, but I believe that's besides the point because with code execution as…
That is expected, the only more-or-less sane way I can think of would be a separate overlay network for each app (although that would potentially cause a lot of networks to be created, docker…
endpoint-mode dnsrr for traefik itself
i would like to see if there are any performance gains we can win back from this change...
Bypassing the ingress routing mesh (which is actually implemented as a hidden haproxy container)…
i don't have a socket proxy running that i know of
the socket proxy is enabled by default as part of the traefik recipe (traefik is configured to use the proxy to access the swarm control…
@fauno yes, this is related: with this change, the docker socket proxy's internal IP address changes when the container is restarted, you can manually trigger it by running docker kill on the…
endpoint-mode dnsrr for traefik itself
nope, not while ports are exposed using the ingress routing mesh (which is useless in single-server deployments btw).
it can be done in compose.host.yml though
Curious about improvements we might see from this one.
not much tbh, the important bit would be to switch traefik to host-mode port publishing, that would give us out-of-the box IPv6 ingress…
Curious to understand what you would need to know. We can try to bring these points to discussion in the matrix/fedi/etc. channels.
knowing of any deployment on which there are multiple…
in simpler terms, traefik is our load-balancer, we don't need docker to put another load-balancer in front of it.
@decentral1se thanks for stepping in!
that is especially confusing because in docker terms, host-mode networking and host-mode port publishing are completely different things, here we're…