2016-11-10 22:56:29 +00:00
|
|
|
/*
|
|
|
|
|
Copyright 2015 The Kubernetes Authors.
|
|
|
|
|
|
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
|
you may not use this file except in compliance with the License.
|
|
|
|
|
You may obtain a copy of the License at
|
|
|
|
|
|
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
|
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
|
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
|
See the License for the specific language governing permissions and
|
|
|
|
|
limitations under the License.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
package controller
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"fmt"
|
2017-03-01 00:11:16 +00:00
|
|
|
"os"
|
2016-11-10 22:56:29 +00:00
|
|
|
"reflect"
|
|
|
|
|
"sort"
|
|
|
|
|
"strconv"
|
|
|
|
|
"strings"
|
|
|
|
|
"sync"
|
|
|
|
|
"time"
|
|
|
|
|
|
|
|
|
|
"github.com/golang/glog"
|
|
|
|
|
|
2017-04-01 14:39:42 +00:00
|
|
|
"k8s.io/apimachinery/pkg/fields"
|
|
|
|
|
"k8s.io/apimachinery/pkg/util/intstr"
|
2017-04-09 16:52:10 +00:00
|
|
|
"k8s.io/apimachinery/pkg/util/wait"
|
2017-04-01 14:39:42 +00:00
|
|
|
clientset "k8s.io/client-go/kubernetes"
|
|
|
|
|
unversionedcore "k8s.io/client-go/kubernetes/typed/core/v1"
|
|
|
|
|
def_api "k8s.io/client-go/pkg/api"
|
|
|
|
|
api "k8s.io/client-go/pkg/api/v1"
|
|
|
|
|
extensions "k8s.io/client-go/pkg/apis/extensions/v1beta1"
|
|
|
|
|
"k8s.io/client-go/tools/cache"
|
|
|
|
|
"k8s.io/client-go/tools/record"
|
|
|
|
|
"k8s.io/client-go/util/flowcontrol"
|
|
|
|
|
|
2016-11-10 22:56:29 +00:00
|
|
|
"k8s.io/ingress/core/pkg/ingress"
|
2017-03-09 22:08:26 +00:00
|
|
|
"k8s.io/ingress/core/pkg/ingress/annotations/class"
|
2016-11-10 22:56:29 +00:00
|
|
|
"k8s.io/ingress/core/pkg/ingress/annotations/healthcheck"
|
2017-04-09 16:52:10 +00:00
|
|
|
"k8s.io/ingress/core/pkg/ingress/annotations/parser"
|
2016-11-10 22:56:29 +00:00
|
|
|
"k8s.io/ingress/core/pkg/ingress/annotations/proxy"
|
|
|
|
|
"k8s.io/ingress/core/pkg/ingress/annotations/service"
|
2016-12-29 20:02:06 +00:00
|
|
|
"k8s.io/ingress/core/pkg/ingress/defaults"
|
2017-01-10 12:16:18 +00:00
|
|
|
"k8s.io/ingress/core/pkg/ingress/resolver"
|
2016-11-10 22:56:29 +00:00
|
|
|
"k8s.io/ingress/core/pkg/ingress/status"
|
2017-04-01 14:39:42 +00:00
|
|
|
"k8s.io/ingress/core/pkg/ingress/store"
|
2016-11-10 22:56:29 +00:00
|
|
|
"k8s.io/ingress/core/pkg/k8s"
|
2017-03-27 02:18:22 +00:00
|
|
|
"k8s.io/ingress/core/pkg/net/ssl"
|
2016-11-10 22:56:29 +00:00
|
|
|
local_strings "k8s.io/ingress/core/pkg/strings"
|
|
|
|
|
"k8s.io/ingress/core/pkg/task"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
const (
|
|
|
|
|
defUpstreamName = "upstream-default-backend"
|
|
|
|
|
defServerName = "_"
|
|
|
|
|
podStoreSyncedPollPeriod = 1 * time.Second
|
|
|
|
|
rootLocation = "/"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
var (
|
|
|
|
|
// list of ports that cannot be used by TCP or UDP services
|
|
|
|
|
reservedPorts = []string{"80", "443", "8181", "18080"}
|
|
|
|
|
)
|
|
|
|
|
|
2016-11-11 23:43:35 +00:00
|
|
|
// GenericController holds the boilerplate code required to build an Ingress controlller.
|
2016-11-10 22:56:29 +00:00
|
|
|
type GenericController struct {
|
|
|
|
|
cfg *Configuration
|
|
|
|
|
|
2017-04-01 14:39:42 +00:00
|
|
|
ingController cache.Controller
|
|
|
|
|
endpController cache.Controller
|
|
|
|
|
svcController cache.Controller
|
|
|
|
|
nodeController cache.Controller
|
|
|
|
|
secrController cache.Controller
|
|
|
|
|
mapController cache.Controller
|
2016-11-10 22:56:29 +00:00
|
|
|
|
2017-04-01 14:39:42 +00:00
|
|
|
ingLister store.IngressLister
|
|
|
|
|
svcLister store.ServiceLister
|
|
|
|
|
nodeLister store.NodeLister
|
|
|
|
|
endpLister store.EndpointLister
|
|
|
|
|
secrLister store.SecretLister
|
|
|
|
|
mapLister store.ConfigMapLister
|
2016-11-10 22:56:29 +00:00
|
|
|
|
2016-12-29 20:02:06 +00:00
|
|
|
annotations annotationExtractor
|
|
|
|
|
|
2016-11-10 22:56:29 +00:00
|
|
|
recorder record.EventRecorder
|
|
|
|
|
|
|
|
|
|
syncQueue *task.Queue
|
|
|
|
|
|
|
|
|
|
syncStatus status.Sync
|
|
|
|
|
|
2016-11-23 23:22:29 +00:00
|
|
|
// local store of SSL certificates
|
|
|
|
|
// (only certificates used in ingress)
|
2016-11-10 22:56:29 +00:00
|
|
|
sslCertTracker *sslCertTracker
|
2017-04-09 16:52:10 +00:00
|
|
|
// store of secret names referenced from Ingress
|
|
|
|
|
secretTracker *secretTracker
|
2016-11-10 22:56:29 +00:00
|
|
|
|
|
|
|
|
syncRateLimiter flowcontrol.RateLimiter
|
|
|
|
|
|
|
|
|
|
// stopLock is used to enforce only a single call to Stop is active.
|
|
|
|
|
// Needed because we allow stopping through an http endpoint and
|
|
|
|
|
// allowing concurrent stoppers leads to stack traces.
|
|
|
|
|
stopLock *sync.Mutex
|
|
|
|
|
|
|
|
|
|
stopCh chan struct{}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Configuration contains all the settings required by an Ingress controller
|
|
|
|
|
type Configuration struct {
|
2017-03-24 02:17:39 +00:00
|
|
|
Client clientset.Interface
|
2016-11-10 22:56:29 +00:00
|
|
|
|
|
|
|
|
ResyncPeriod time.Duration
|
|
|
|
|
DefaultService string
|
|
|
|
|
IngressClass string
|
|
|
|
|
Namespace string
|
|
|
|
|
ConfigMapName string
|
|
|
|
|
// optional
|
|
|
|
|
TCPConfigMapName string
|
|
|
|
|
// optional
|
|
|
|
|
UDPConfigMapName string
|
|
|
|
|
DefaultSSLCertificate string
|
|
|
|
|
DefaultHealthzURL string
|
2017-03-02 15:50:31 +00:00
|
|
|
DefaultIngressClass string
|
2016-11-10 22:56:29 +00:00
|
|
|
// optional
|
|
|
|
|
PublishService string
|
2016-11-11 23:43:35 +00:00
|
|
|
// Backend is the particular implementation to be used.
|
|
|
|
|
// (for instance NGINX)
|
2016-11-10 22:56:29 +00:00
|
|
|
Backend ingress.Controller
|
2017-01-20 22:01:37 +00:00
|
|
|
|
|
|
|
|
UpdateStatus bool
|
2017-02-27 07:35:04 +00:00
|
|
|
ElectionID string
|
2016-11-10 22:56:29 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// newIngressController creates an Ingress controller
|
2016-11-11 23:43:35 +00:00
|
|
|
func newIngressController(config *Configuration) *GenericController {
|
2016-11-10 22:56:29 +00:00
|
|
|
|
|
|
|
|
eventBroadcaster := record.NewBroadcaster()
|
|
|
|
|
eventBroadcaster.StartLogging(glog.Infof)
|
2016-11-29 01:39:17 +00:00
|
|
|
eventBroadcaster.StartRecordingToSink(&unversionedcore.EventSinkImpl{
|
2016-11-10 22:56:29 +00:00
|
|
|
Interface: config.Client.Core().Events(config.Namespace),
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
ic := GenericController{
|
|
|
|
|
cfg: config,
|
|
|
|
|
stopLock: &sync.Mutex{},
|
|
|
|
|
stopCh: make(chan struct{}),
|
|
|
|
|
syncRateLimiter: flowcontrol.NewTokenBucketRateLimiter(0.1, 1),
|
2017-04-01 14:39:42 +00:00
|
|
|
recorder: eventBroadcaster.NewRecorder(def_api.Scheme, api.EventSource{
|
2016-11-10 22:56:29 +00:00
|
|
|
Component: "ingress-controller",
|
|
|
|
|
}),
|
|
|
|
|
sslCertTracker: newSSLCertTracker(),
|
2017-04-09 16:52:10 +00:00
|
|
|
secretTracker: newSecretTracker(),
|
2016-11-10 22:56:29 +00:00
|
|
|
}
|
|
|
|
|
|
2017-04-09 16:52:10 +00:00
|
|
|
ic.syncQueue = task.NewTaskQueue(ic.syncIngress)
|
2016-11-10 22:56:29 +00:00
|
|
|
|
|
|
|
|
// from here to the end of the method all the code is just boilerplate
|
|
|
|
|
// required to watch Ingress, Secrets, ConfigMaps and Endoints.
|
|
|
|
|
// This is used to detect new content, updates or removals and act accordingly
|
|
|
|
|
ingEventHandler := cache.ResourceEventHandlerFuncs{
|
|
|
|
|
AddFunc: func(obj interface{}) {
|
|
|
|
|
addIng := obj.(*extensions.Ingress)
|
2017-03-09 22:08:26 +00:00
|
|
|
if !class.IsValid(addIng, ic.cfg.IngressClass, ic.cfg.DefaultIngressClass) {
|
|
|
|
|
glog.Infof("ignoring add for ingress %v based on annotation %v", addIng.Name, class.IngressKey)
|
2016-11-10 22:56:29 +00:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
ic.recorder.Eventf(addIng, api.EventTypeNormal, "CREATE", fmt.Sprintf("Ingress %s/%s", addIng.Namespace, addIng.Name))
|
|
|
|
|
ic.syncQueue.Enqueue(obj)
|
2017-04-09 16:52:10 +00:00
|
|
|
ic.extractSecretNames(addIng)
|
2016-11-10 22:56:29 +00:00
|
|
|
},
|
|
|
|
|
DeleteFunc: func(obj interface{}) {
|
|
|
|
|
delIng := obj.(*extensions.Ingress)
|
2017-03-09 22:08:26 +00:00
|
|
|
if !class.IsValid(delIng, ic.cfg.IngressClass, ic.cfg.DefaultIngressClass) {
|
|
|
|
|
glog.Infof("ignoring delete for ingress %v based on annotation %v", delIng.Name, class.IngressKey)
|
2016-11-10 22:56:29 +00:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
ic.recorder.Eventf(delIng, api.EventTypeNormal, "DELETE", fmt.Sprintf("Ingress %s/%s", delIng.Namespace, delIng.Name))
|
|
|
|
|
ic.syncQueue.Enqueue(obj)
|
|
|
|
|
},
|
|
|
|
|
UpdateFunc: func(old, cur interface{}) {
|
2017-01-26 02:08:40 +00:00
|
|
|
oldIng := old.(*extensions.Ingress)
|
2016-11-10 22:56:29 +00:00
|
|
|
curIng := cur.(*extensions.Ingress)
|
2017-03-09 22:08:26 +00:00
|
|
|
if !class.IsValid(curIng, ic.cfg.IngressClass, ic.cfg.DefaultIngressClass) &&
|
|
|
|
|
!class.IsValid(oldIng, ic.cfg.IngressClass, ic.cfg.DefaultIngressClass) {
|
2016-11-10 22:56:29 +00:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if !reflect.DeepEqual(old, cur) {
|
|
|
|
|
upIng := cur.(*extensions.Ingress)
|
|
|
|
|
ic.recorder.Eventf(upIng, api.EventTypeNormal, "UPDATE", fmt.Sprintf("Ingress %s/%s", upIng.Namespace, upIng.Name))
|
|
|
|
|
ic.syncQueue.Enqueue(cur)
|
2017-04-09 16:52:10 +00:00
|
|
|
ic.extractSecretNames(upIng)
|
2016-11-10 22:56:29 +00:00
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
secrEventHandler := cache.ResourceEventHandlerFuncs{
|
|
|
|
|
DeleteFunc: func(obj interface{}) {
|
|
|
|
|
sec := obj.(*api.Secret)
|
|
|
|
|
ic.sslCertTracker.Delete(fmt.Sprintf("%v/%v", sec.Namespace, sec.Name))
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
eventHandler := cache.ResourceEventHandlerFuncs{
|
|
|
|
|
AddFunc: func(obj interface{}) {
|
|
|
|
|
ic.syncQueue.Enqueue(obj)
|
|
|
|
|
},
|
|
|
|
|
DeleteFunc: func(obj interface{}) {
|
|
|
|
|
ic.syncQueue.Enqueue(obj)
|
|
|
|
|
},
|
|
|
|
|
UpdateFunc: func(old, cur interface{}) {
|
|
|
|
|
if !reflect.DeepEqual(old, cur) {
|
|
|
|
|
ic.syncQueue.Enqueue(cur)
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
mapEventHandler := cache.ResourceEventHandlerFuncs{
|
2017-01-20 22:37:59 +00:00
|
|
|
AddFunc: func(obj interface{}) {
|
|
|
|
|
upCmap := obj.(*api.ConfigMap)
|
|
|
|
|
mapKey := fmt.Sprintf("%s/%s", upCmap.Namespace, upCmap.Name)
|
|
|
|
|
if mapKey == ic.cfg.ConfigMapName {
|
|
|
|
|
glog.V(2).Infof("adding configmap %v to backend", mapKey)
|
|
|
|
|
ic.cfg.Backend.SetConfig(upCmap)
|
|
|
|
|
}
|
|
|
|
|
},
|
2016-11-10 22:56:29 +00:00
|
|
|
UpdateFunc: func(old, cur interface{}) {
|
|
|
|
|
if !reflect.DeepEqual(old, cur) {
|
|
|
|
|
upCmap := cur.(*api.ConfigMap)
|
|
|
|
|
mapKey := fmt.Sprintf("%s/%s", upCmap.Namespace, upCmap.Name)
|
2017-01-20 22:37:59 +00:00
|
|
|
if mapKey == ic.cfg.ConfigMapName {
|
|
|
|
|
glog.V(2).Infof("updating configmap backend (%v)", mapKey)
|
|
|
|
|
ic.cfg.Backend.SetConfig(upCmap)
|
|
|
|
|
}
|
2016-11-10 22:56:29 +00:00
|
|
|
// updates to configuration configmaps can trigger an update
|
|
|
|
|
if mapKey == ic.cfg.ConfigMapName || mapKey == ic.cfg.TCPConfigMapName || mapKey == ic.cfg.UDPConfigMapName {
|
|
|
|
|
ic.recorder.Eventf(upCmap, api.EventTypeNormal, "UPDATE", fmt.Sprintf("ConfigMap %v", mapKey))
|
|
|
|
|
ic.syncQueue.Enqueue(cur)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ic.ingLister.Store, ic.ingController = cache.NewInformer(
|
|
|
|
|
cache.NewListWatchFromClient(ic.cfg.Client.Extensions().RESTClient(), "ingresses", ic.cfg.Namespace, fields.Everything()),
|
|
|
|
|
&extensions.Ingress{}, ic.cfg.ResyncPeriod, ingEventHandler)
|
|
|
|
|
|
|
|
|
|
ic.endpLister.Store, ic.endpController = cache.NewInformer(
|
|
|
|
|
cache.NewListWatchFromClient(ic.cfg.Client.Core().RESTClient(), "endpoints", ic.cfg.Namespace, fields.Everything()),
|
|
|
|
|
&api.Endpoints{}, ic.cfg.ResyncPeriod, eventHandler)
|
|
|
|
|
|
|
|
|
|
ic.secrLister.Store, ic.secrController = cache.NewInformer(
|
2017-03-10 15:34:13 +00:00
|
|
|
cache.NewListWatchFromClient(ic.cfg.Client.Core().RESTClient(), "secrets", api.NamespaceAll, fields.Everything()),
|
2016-11-10 22:56:29 +00:00
|
|
|
&api.Secret{}, ic.cfg.ResyncPeriod, secrEventHandler)
|
|
|
|
|
|
|
|
|
|
ic.mapLister.Store, ic.mapController = cache.NewInformer(
|
2017-03-10 15:34:13 +00:00
|
|
|
cache.NewListWatchFromClient(ic.cfg.Client.Core().RESTClient(), "configmaps", api.NamespaceAll, fields.Everything()),
|
2016-11-10 22:56:29 +00:00
|
|
|
&api.ConfigMap{}, ic.cfg.ResyncPeriod, mapEventHandler)
|
|
|
|
|
|
2017-04-01 14:39:42 +00:00
|
|
|
ic.svcLister.Store, ic.svcController = cache.NewInformer(
|
2016-11-10 22:56:29 +00:00
|
|
|
cache.NewListWatchFromClient(ic.cfg.Client.Core().RESTClient(), "services", ic.cfg.Namespace, fields.Everything()),
|
2017-04-01 14:39:42 +00:00
|
|
|
&api.Service{}, ic.cfg.ResyncPeriod, cache.ResourceEventHandlerFuncs{})
|
2016-11-10 22:56:29 +00:00
|
|
|
|
2017-02-11 05:07:28 +00:00
|
|
|
ic.nodeLister.Store, ic.nodeController = cache.NewInformer(
|
2017-02-24 17:18:10 +00:00
|
|
|
cache.NewListWatchFromClient(ic.cfg.Client.Core().RESTClient(), "nodes", api.NamespaceAll, fields.Everything()),
|
2017-02-11 05:07:28 +00:00
|
|
|
&api.Node{}, ic.cfg.ResyncPeriod, eventHandler)
|
|
|
|
|
|
2017-01-20 22:01:37 +00:00
|
|
|
if config.UpdateStatus {
|
|
|
|
|
ic.syncStatus = status.NewStatusSyncer(status.Config{
|
2017-03-09 22:08:26 +00:00
|
|
|
Client: config.Client,
|
|
|
|
|
PublishService: ic.cfg.PublishService,
|
|
|
|
|
IngressLister: ic.ingLister,
|
|
|
|
|
ElectionID: config.ElectionID,
|
|
|
|
|
IngressClass: config.IngressClass,
|
|
|
|
|
DefaultIngressClass: config.DefaultIngressClass,
|
2017-01-20 22:01:37 +00:00
|
|
|
})
|
|
|
|
|
} else {
|
|
|
|
|
glog.Warning("Update of ingress status is disabled (flag --update-status=false was specified)")
|
|
|
|
|
}
|
2016-11-10 22:56:29 +00:00
|
|
|
|
2016-12-29 20:02:06 +00:00
|
|
|
ic.annotations = newAnnotationExtractor(ic)
|
|
|
|
|
|
2017-02-07 18:13:08 +00:00
|
|
|
ic.cfg.Backend.SetListers(ingress.StoreLister{
|
|
|
|
|
Ingress: ic.ingLister,
|
|
|
|
|
Service: ic.svcLister,
|
2017-02-11 05:07:28 +00:00
|
|
|
Node: ic.nodeLister,
|
2017-02-07 18:13:08 +00:00
|
|
|
Endpoint: ic.endpLister,
|
|
|
|
|
Secret: ic.secrLister,
|
|
|
|
|
ConfigMap: ic.mapLister,
|
|
|
|
|
})
|
|
|
|
|
|
2016-11-11 23:43:35 +00:00
|
|
|
return &ic
|
2016-11-10 22:56:29 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (ic *GenericController) controllersInSync() bool {
|
|
|
|
|
return ic.ingController.HasSynced() &&
|
|
|
|
|
ic.svcController.HasSynced() &&
|
|
|
|
|
ic.endpController.HasSynced() &&
|
|
|
|
|
ic.secrController.HasSynced() &&
|
|
|
|
|
ic.mapController.HasSynced()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Info returns information about the backend
|
2016-11-16 18:24:26 +00:00
|
|
|
func (ic GenericController) Info() *ingress.BackendInfo {
|
2016-11-10 22:56:29 +00:00
|
|
|
return ic.cfg.Backend.Info()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// IngressClass returns information about the backend
|
|
|
|
|
func (ic GenericController) IngressClass() string {
|
|
|
|
|
return ic.cfg.IngressClass
|
|
|
|
|
}
|
|
|
|
|
|
2016-12-29 20:02:06 +00:00
|
|
|
// GetDefaultBackend returns the default backend
|
|
|
|
|
func (ic GenericController) GetDefaultBackend() defaults.Backend {
|
|
|
|
|
return ic.cfg.Backend.BackendDefaults()
|
|
|
|
|
}
|
|
|
|
|
|
2017-02-05 22:41:05 +00:00
|
|
|
// GetSecret searches for a secret in the local secrets Store
|
2016-12-29 20:02:06 +00:00
|
|
|
func (ic GenericController) GetSecret(name string) (*api.Secret, error) {
|
2016-11-10 22:56:29 +00:00
|
|
|
s, exists, err := ic.secrLister.Store.GetByKey(name)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
if !exists {
|
|
|
|
|
return nil, fmt.Errorf("secret %v was not found", name)
|
|
|
|
|
}
|
|
|
|
|
return s.(*api.Secret), nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (ic *GenericController) getConfigMap(ns, name string) (*api.ConfigMap, error) {
|
2017-01-20 22:37:59 +00:00
|
|
|
s, exists, err := ic.mapLister.Store.GetByKey(fmt.Sprintf("%v/%v", ns, name))
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
if !exists {
|
|
|
|
|
return nil, fmt.Errorf("configmap %v was not found", name)
|
|
|
|
|
}
|
|
|
|
|
return s.(*api.ConfigMap), nil
|
2016-11-10 22:56:29 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// sync collects all the pieces required to assemble the configuration file and
|
|
|
|
|
// then sends the content to the backend (OnUpdate) receiving the populated
|
|
|
|
|
// template as response reloading the backend if is required.
|
2017-04-09 16:52:10 +00:00
|
|
|
func (ic *GenericController) syncIngress(key interface{}) error {
|
2016-11-10 22:56:29 +00:00
|
|
|
ic.syncRateLimiter.Accept()
|
|
|
|
|
|
|
|
|
|
if ic.syncQueue.IsShuttingDown() {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if !ic.controllersInSync() {
|
|
|
|
|
time.Sleep(podStoreSyncedPollPeriod)
|
|
|
|
|
return fmt.Errorf("deferring sync till endpoints controller has synced")
|
|
|
|
|
}
|
|
|
|
|
|
2016-11-11 23:43:35 +00:00
|
|
|
upstreams, servers := ic.getBackendServers()
|
|
|
|
|
var passUpstreams []*ingress.SSLPassthroughBackend
|
2016-11-10 22:56:29 +00:00
|
|
|
for _, server := range servers {
|
|
|
|
|
if !server.SSLPassthrough {
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for _, loc := range server.Locations {
|
|
|
|
|
if loc.Path != rootLocation {
|
2017-04-02 02:32:22 +00:00
|
|
|
glog.Warningf("ignoring path %v of ssl passthrough host %v", loc.Path, server.Hostname)
|
2016-11-10 22:56:29 +00:00
|
|
|
continue
|
|
|
|
|
}
|
2016-11-11 23:43:35 +00:00
|
|
|
passUpstreams = append(passUpstreams, &ingress.SSLPassthroughBackend{
|
2016-11-16 18:24:26 +00:00
|
|
|
Backend: loc.Backend,
|
|
|
|
|
Hostname: server.Hostname,
|
2016-11-10 22:56:29 +00:00
|
|
|
})
|
|
|
|
|
break
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-01-20 22:37:59 +00:00
|
|
|
data, err := ic.cfg.Backend.OnUpdate(ingress.Configuration{
|
2016-11-16 18:24:26 +00:00
|
|
|
Backends: upstreams,
|
|
|
|
|
Servers: servers,
|
2017-02-02 22:41:02 +00:00
|
|
|
TCPEndpoints: ic.getStreamServices(ic.cfg.TCPConfigMapName, api.ProtocolTCP),
|
2017-02-07 06:35:39 +00:00
|
|
|
UDPEndpoints: ic.getStreamServices(ic.cfg.UDPConfigMapName, api.ProtocolUDP),
|
2016-11-16 18:24:26 +00:00
|
|
|
PassthroughBackends: passUpstreams,
|
2016-11-10 22:56:29 +00:00
|
|
|
})
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2016-11-24 00:14:14 +00:00
|
|
|
out, reloaded, err := ic.cfg.Backend.Reload(data)
|
2016-11-10 22:56:29 +00:00
|
|
|
if err != nil {
|
|
|
|
|
incReloadErrorCount()
|
|
|
|
|
glog.Errorf("unexpected failure restarting the backend: \n%v", string(out))
|
|
|
|
|
return err
|
|
|
|
|
}
|
2016-11-24 00:14:14 +00:00
|
|
|
if reloaded {
|
|
|
|
|
glog.Infof("ingress backend successfully reloaded...")
|
|
|
|
|
incReloadCount()
|
|
|
|
|
}
|
2016-11-10 22:56:29 +00:00
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2017-02-24 21:46:39 +00:00
|
|
|
func (ic *GenericController) getStreamServices(configmapName string, proto api.Protocol) []ingress.L4Service {
|
2017-02-16 17:26:58 +00:00
|
|
|
glog.V(3).Infof("obtaining information about stream services of type %v located in configmap %v", proto, configmapName)
|
2017-02-02 22:41:02 +00:00
|
|
|
if configmapName == "" {
|
|
|
|
|
// no configmap configured
|
2017-02-24 21:46:39 +00:00
|
|
|
return []ingress.L4Service{}
|
2016-11-10 22:56:29 +00:00
|
|
|
}
|
|
|
|
|
|
2017-02-02 22:41:02 +00:00
|
|
|
ns, name, err := k8s.ParseNameNS(configmapName)
|
2016-11-10 22:56:29 +00:00
|
|
|
if err != nil {
|
2017-02-02 22:41:02 +00:00
|
|
|
glog.Errorf("unexpected error reading configmap %v: %v", name, err)
|
2017-02-24 21:46:39 +00:00
|
|
|
return []ingress.L4Service{}
|
2016-11-10 22:56:29 +00:00
|
|
|
}
|
|
|
|
|
|
2017-02-02 22:41:02 +00:00
|
|
|
configmap, err := ic.getConfigMap(ns, name)
|
2016-11-10 22:56:29 +00:00
|
|
|
if err != nil {
|
2017-02-02 22:41:02 +00:00
|
|
|
glog.Errorf("unexpected error reading configmap %v: %v", name, err)
|
2017-02-24 21:46:39 +00:00
|
|
|
return []ingress.L4Service{}
|
2016-11-10 22:56:29 +00:00
|
|
|
}
|
|
|
|
|
|
2017-02-24 21:46:39 +00:00
|
|
|
var svcs []ingress.L4Service
|
2016-11-10 22:56:29 +00:00
|
|
|
// k -> port to expose
|
|
|
|
|
// v -> <namespace>/<service name>:<port from service to be used>
|
2017-02-02 22:41:02 +00:00
|
|
|
for k, v := range configmap.Data {
|
2017-02-24 21:46:39 +00:00
|
|
|
externalPort, err := strconv.Atoi(k)
|
2016-11-10 22:56:29 +00:00
|
|
|
if err != nil {
|
2017-02-02 22:41:02 +00:00
|
|
|
glog.Warningf("%v is not valid as a TCP/UDP port", k)
|
2016-11-10 22:56:29 +00:00
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// this ports used by the backend
|
|
|
|
|
if local_strings.StringInSlice(k, reservedPorts) {
|
|
|
|
|
glog.Warningf("port %v cannot be used for TCP or UDP services. It is reserved for the Ingress controller", k)
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
nsSvcPort := strings.Split(v, ":")
|
|
|
|
|
if len(nsSvcPort) != 2 {
|
|
|
|
|
glog.Warningf("invalid format (namespace/name:port) '%v'", k)
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
nsName := nsSvcPort[0]
|
|
|
|
|
svcPort := nsSvcPort[1]
|
|
|
|
|
|
|
|
|
|
svcNs, svcName, err := k8s.ParseNameNS(nsName)
|
|
|
|
|
if err != nil {
|
|
|
|
|
glog.Warningf("%v", err)
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
|
2017-04-01 14:39:42 +00:00
|
|
|
svcObj, svcExists, err := ic.svcLister.Store.GetByKey(nsName)
|
2016-11-10 22:56:29 +00:00
|
|
|
if err != nil {
|
|
|
|
|
glog.Warningf("error getting service %v: %v", nsName, err)
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if !svcExists {
|
|
|
|
|
glog.Warningf("service %v was not found", nsName)
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
svc := svcObj.(*api.Service)
|
|
|
|
|
|
2016-11-11 23:43:35 +00:00
|
|
|
var endps []ingress.Endpoint
|
2016-11-10 22:56:29 +00:00
|
|
|
targetPort, err := strconv.Atoi(svcPort)
|
|
|
|
|
if err != nil {
|
2017-02-16 17:26:58 +00:00
|
|
|
glog.V(3).Infof("searching service %v/%v endpoints using the name '%v'", svcNs, svcName, svcPort)
|
2016-11-10 22:56:29 +00:00
|
|
|
for _, sp := range svc.Spec.Ports {
|
|
|
|
|
if sp.Name == svcPort {
|
|
|
|
|
endps = ic.getEndpoints(svc, sp.TargetPort, proto, &healthcheck.Upstream{})
|
|
|
|
|
break
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
// we need to use the TargetPort (where the endpoints are running)
|
2017-02-16 17:26:58 +00:00
|
|
|
glog.V(3).Infof("searching service %v/%v endpoints using the target port '%v'", svcNs, svcName, targetPort)
|
2016-11-10 22:56:29 +00:00
|
|
|
for _, sp := range svc.Spec.Ports {
|
|
|
|
|
if sp.Port == int32(targetPort) {
|
|
|
|
|
endps = ic.getEndpoints(svc, sp.TargetPort, proto, &healthcheck.Upstream{})
|
|
|
|
|
break
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-02-16 17:26:58 +00:00
|
|
|
// stream services cannot contain empty upstreams and there is no
|
|
|
|
|
// default backend equivalent
|
2016-11-10 22:56:29 +00:00
|
|
|
if len(endps) == 0 {
|
2017-02-16 17:26:58 +00:00
|
|
|
glog.Warningf("service %v/%v does not have any active endpoints for port %v and protocol %v", svcNs, svcName, svcPort, proto)
|
2016-11-10 22:56:29 +00:00
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
|
2017-02-24 21:46:39 +00:00
|
|
|
svcs = append(svcs, ingress.L4Service{
|
|
|
|
|
Port: externalPort,
|
|
|
|
|
Backend: ingress.L4Backend{
|
|
|
|
|
Name: svcName,
|
|
|
|
|
Namespace: svcNs,
|
|
|
|
|
Port: intstr.FromString(svcPort),
|
|
|
|
|
Protocol: proto,
|
|
|
|
|
},
|
|
|
|
|
Endpoints: endps,
|
2016-11-10 22:56:29 +00:00
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return svcs
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// getDefaultUpstream returns an upstream associated with the
|
|
|
|
|
// default backend service. In case of error retrieving information
|
|
|
|
|
// configure the upstream to return http code 503.
|
2016-11-11 23:43:35 +00:00
|
|
|
func (ic *GenericController) getDefaultUpstream() *ingress.Backend {
|
|
|
|
|
upstream := &ingress.Backend{
|
2016-11-10 22:56:29 +00:00
|
|
|
Name: defUpstreamName,
|
|
|
|
|
}
|
|
|
|
|
svcKey := ic.cfg.DefaultService
|
2017-04-01 14:39:42 +00:00
|
|
|
svcObj, svcExists, err := ic.svcLister.Store.GetByKey(svcKey)
|
2016-11-10 22:56:29 +00:00
|
|
|
if err != nil {
|
|
|
|
|
glog.Warningf("unexpected error searching the default backend %v: %v", ic.cfg.DefaultService, err)
|
2016-11-11 23:43:35 +00:00
|
|
|
upstream.Endpoints = append(upstream.Endpoints, newDefaultServer())
|
2016-11-10 22:56:29 +00:00
|
|
|
return upstream
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if !svcExists {
|
2017-03-14 12:47:34 +00:00
|
|
|
glog.Warningf("service %v does not exist", svcKey)
|
2016-11-11 23:43:35 +00:00
|
|
|
upstream.Endpoints = append(upstream.Endpoints, newDefaultServer())
|
2016-11-10 22:56:29 +00:00
|
|
|
return upstream
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
svc := svcObj.(*api.Service)
|
|
|
|
|
endps := ic.getEndpoints(svc, svc.Spec.Ports[0].TargetPort, api.ProtocolTCP, &healthcheck.Upstream{})
|
|
|
|
|
if len(endps) == 0 {
|
|
|
|
|
glog.Warningf("service %v does not have any active endpoints", svcKey)
|
2016-11-11 23:43:35 +00:00
|
|
|
endps = []ingress.Endpoint{newDefaultServer()}
|
2016-11-10 22:56:29 +00:00
|
|
|
}
|
|
|
|
|
|
2016-11-11 23:43:35 +00:00
|
|
|
upstream.Endpoints = append(upstream.Endpoints, endps...)
|
2016-11-10 22:56:29 +00:00
|
|
|
return upstream
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type ingressByRevision []interface{}
|
|
|
|
|
|
|
|
|
|
func (c ingressByRevision) Len() int { return len(c) }
|
|
|
|
|
func (c ingressByRevision) Swap(i, j int) { c[i], c[j] = c[j], c[i] }
|
|
|
|
|
func (c ingressByRevision) Less(i, j int) bool {
|
|
|
|
|
ir := c[i].(*extensions.Ingress).ResourceVersion
|
|
|
|
|
jr := c[j].(*extensions.Ingress).ResourceVersion
|
|
|
|
|
return ir < jr
|
|
|
|
|
}
|
|
|
|
|
|
2016-11-11 23:43:35 +00:00
|
|
|
// getBackendServers returns a list of Upstream and Server to be used by the backend
|
2016-11-10 22:56:29 +00:00
|
|
|
// An upstream can be used in multiple servers if the namespace, service name and port are the same
|
2016-11-11 23:43:35 +00:00
|
|
|
func (ic *GenericController) getBackendServers() ([]*ingress.Backend, []*ingress.Server) {
|
2016-11-10 22:56:29 +00:00
|
|
|
ings := ic.ingLister.Store.List()
|
|
|
|
|
sort.Sort(ingressByRevision(ings))
|
|
|
|
|
|
|
|
|
|
upstreams := ic.createUpstreams(ings)
|
|
|
|
|
servers := ic.createServers(ings, upstreams)
|
|
|
|
|
|
|
|
|
|
for _, ingIf := range ings {
|
|
|
|
|
ing := ingIf.(*extensions.Ingress)
|
|
|
|
|
|
2017-03-09 22:08:26 +00:00
|
|
|
if !class.IsValid(ing, ic.cfg.IngressClass, ic.cfg.DefaultIngressClass) {
|
2017-02-14 14:02:23 +00:00
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
|
2016-12-29 20:02:06 +00:00
|
|
|
anns := ic.annotations.Extract(ing)
|
2016-11-10 22:56:29 +00:00
|
|
|
|
|
|
|
|
for _, rule := range ing.Spec.Rules {
|
|
|
|
|
host := rule.Host
|
|
|
|
|
if host == "" {
|
|
|
|
|
host = defServerName
|
|
|
|
|
}
|
|
|
|
|
server := servers[host]
|
|
|
|
|
if server == nil {
|
|
|
|
|
server = servers[defServerName]
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if rule.HTTP == nil &&
|
|
|
|
|
host != defServerName {
|
2017-04-03 10:22:08 +00:00
|
|
|
glog.V(3).Infof("ingress rule %v/%v does not contain HTTP rules, using default backend", ing.Namespace, ing.Name)
|
2016-11-10 22:56:29 +00:00
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for _, path := range rule.HTTP.Paths {
|
|
|
|
|
upsName := fmt.Sprintf("%v-%v-%v",
|
|
|
|
|
ing.GetNamespace(),
|
|
|
|
|
path.Backend.ServiceName,
|
|
|
|
|
path.Backend.ServicePort.String())
|
|
|
|
|
|
|
|
|
|
ups := upstreams[upsName]
|
|
|
|
|
|
|
|
|
|
// if there's no path defined we assume /
|
|
|
|
|
nginxPath := rootLocation
|
|
|
|
|
if path.Path != "" {
|
|
|
|
|
nginxPath = path.Path
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
addLoc := true
|
|
|
|
|
for _, loc := range server.Locations {
|
|
|
|
|
if loc.Path == nginxPath {
|
|
|
|
|
addLoc = false
|
|
|
|
|
|
|
|
|
|
if !loc.IsDefBackend {
|
2016-11-16 18:24:26 +00:00
|
|
|
glog.V(3).Infof("avoiding replacement of ingress rule %v/%v location %v upstream %v (%v)", ing.Namespace, ing.Name, loc.Path, ups.Name, loc.Backend)
|
2016-11-10 22:56:29 +00:00
|
|
|
break
|
|
|
|
|
}
|
|
|
|
|
|
2016-11-16 18:24:26 +00:00
|
|
|
glog.V(3).Infof("replacing ingress rule %v/%v location %v upstream %v (%v)", ing.Namespace, ing.Name, loc.Path, ups.Name, loc.Backend)
|
|
|
|
|
loc.Backend = ups.Name
|
2016-11-10 22:56:29 +00:00
|
|
|
loc.IsDefBackend = false
|
2016-11-16 18:24:26 +00:00
|
|
|
loc.Backend = ups.Name
|
2016-12-29 20:02:06 +00:00
|
|
|
mergeLocationAnnotations(loc, anns)
|
2016-11-10 22:56:29 +00:00
|
|
|
break
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
// is a new location
|
|
|
|
|
if addLoc {
|
2016-11-16 18:24:26 +00:00
|
|
|
glog.V(3).Infof("adding location %v in ingress rule %v/%v upstream %v", nginxPath, ing.Namespace, ing.Name, ups.Name)
|
2016-12-29 20:02:06 +00:00
|
|
|
loc := &ingress.Location{
|
|
|
|
|
Path: nginxPath,
|
|
|
|
|
Backend: ups.Name,
|
|
|
|
|
IsDefBackend: false,
|
|
|
|
|
}
|
|
|
|
|
mergeLocationAnnotations(loc, anns)
|
|
|
|
|
server.Locations = append(server.Locations, loc)
|
2016-11-10 22:56:29 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-04-02 02:32:22 +00:00
|
|
|
// Configure Backends[].SSLPassthrough
|
|
|
|
|
for _, upstream := range upstreams {
|
|
|
|
|
isHTTP := false
|
|
|
|
|
isHTTPSfrom := []*ingress.Server{}
|
|
|
|
|
for _, server := range servers {
|
|
|
|
|
for _, location := range server.Locations {
|
|
|
|
|
if upstream.Name == location.Backend {
|
|
|
|
|
if server.SSLPassthrough {
|
|
|
|
|
if location.Path == rootLocation {
|
|
|
|
|
if location.Backend == defUpstreamName {
|
|
|
|
|
glog.Warningf("ignoring ssl passthrough of %v as it doesn't have a default backend (root context)", server.Hostname)
|
|
|
|
|
} else {
|
|
|
|
|
isHTTPSfrom = append(isHTTPSfrom, server)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
isHTTP = true
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if len(isHTTPSfrom) > 0 {
|
|
|
|
|
if isHTTP {
|
|
|
|
|
for _, server := range isHTTPSfrom {
|
|
|
|
|
glog.Warningf("backend type mismatch on %v, assuming HTTP on ssl passthrough host %v", upstream.Name, server.Hostname)
|
|
|
|
|
// removing this server from the PassthroughBackends slice
|
|
|
|
|
server.SSLPassthrough = false
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
upstream.SSLPassthrough = true
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-11-10 22:56:29 +00:00
|
|
|
// TODO: find a way to make this more readable
|
|
|
|
|
// The structs must be ordered to always generate the same file
|
|
|
|
|
// if the content does not change.
|
2016-11-11 23:43:35 +00:00
|
|
|
aUpstreams := make([]*ingress.Backend, 0, len(upstreams))
|
2016-11-10 22:56:29 +00:00
|
|
|
for _, value := range upstreams {
|
2016-11-11 23:43:35 +00:00
|
|
|
if len(value.Endpoints) == 0 {
|
2016-11-10 22:56:29 +00:00
|
|
|
glog.V(3).Infof("upstream %v does not have any active endpoints. Using default backend", value.Name)
|
2016-11-11 23:43:35 +00:00
|
|
|
value.Endpoints = append(value.Endpoints, newDefaultServer())
|
2016-11-10 22:56:29 +00:00
|
|
|
}
|
|
|
|
|
aUpstreams = append(aUpstreams, value)
|
|
|
|
|
}
|
2016-11-11 23:43:35 +00:00
|
|
|
sort.Sort(ingress.BackendByNameServers(aUpstreams))
|
2016-11-10 22:56:29 +00:00
|
|
|
|
|
|
|
|
aServers := make([]*ingress.Server, 0, len(servers))
|
|
|
|
|
for _, value := range servers {
|
|
|
|
|
sort.Sort(ingress.LocationByPath(value.Locations))
|
|
|
|
|
aServers = append(aServers, value)
|
|
|
|
|
}
|
|
|
|
|
sort.Sort(ingress.ServerByName(aServers))
|
|
|
|
|
|
|
|
|
|
return aUpstreams, aServers
|
|
|
|
|
}
|
|
|
|
|
|
2016-12-29 20:02:06 +00:00
|
|
|
// GetAuthCertificate ...
|
2017-01-10 12:16:18 +00:00
|
|
|
func (ic GenericController) GetAuthCertificate(secretName string) (*resolver.AuthSSLCert, error) {
|
2017-04-09 16:52:10 +00:00
|
|
|
_, err := ic.GetSecret(secretName)
|
2017-02-06 18:16:36 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return &resolver.AuthSSLCert{}, fmt.Errorf("unexpected error: %v", err)
|
|
|
|
|
}
|
|
|
|
|
|
2016-11-10 22:56:29 +00:00
|
|
|
bc, exists := ic.sslCertTracker.Get(secretName)
|
|
|
|
|
if !exists {
|
2017-03-14 12:47:34 +00:00
|
|
|
return &resolver.AuthSSLCert{}, fmt.Errorf("secret %v does not exist", secretName)
|
2016-11-10 22:56:29 +00:00
|
|
|
}
|
|
|
|
|
cert := bc.(*ingress.SSLCert)
|
2017-01-10 12:16:18 +00:00
|
|
|
return &resolver.AuthSSLCert{
|
2017-02-06 18:16:36 +00:00
|
|
|
Secret: secretName,
|
|
|
|
|
CAFileName: cert.CAFileName,
|
|
|
|
|
PemSHA: cert.PemSHA,
|
2016-11-10 22:56:29 +00:00
|
|
|
}, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// createUpstreams creates the NGINX upstreams for each service referenced in
|
|
|
|
|
// Ingress rules. The servers inside the upstream are endpoints.
|
2016-11-11 23:43:35 +00:00
|
|
|
func (ic *GenericController) createUpstreams(data []interface{}) map[string]*ingress.Backend {
|
|
|
|
|
upstreams := make(map[string]*ingress.Backend)
|
2016-11-10 22:56:29 +00:00
|
|
|
upstreams[defUpstreamName] = ic.getDefaultUpstream()
|
|
|
|
|
|
|
|
|
|
for _, ingIf := range data {
|
|
|
|
|
ing := ingIf.(*extensions.Ingress)
|
|
|
|
|
|
2017-03-09 22:08:26 +00:00
|
|
|
if !class.IsValid(ing, ic.cfg.IngressClass, ic.cfg.DefaultIngressClass) {
|
2017-02-14 14:02:23 +00:00
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
|
2016-12-29 20:02:06 +00:00
|
|
|
secUpstream := ic.annotations.SecureUpstream(ing)
|
|
|
|
|
hz := ic.annotations.HealthCheck(ing)
|
2017-02-12 23:13:39 +00:00
|
|
|
affinity := ic.annotations.SessionAffinity(ing)
|
2016-11-10 22:56:29 +00:00
|
|
|
|
|
|
|
|
var defBackend string
|
|
|
|
|
if ing.Spec.Backend != nil {
|
|
|
|
|
defBackend = fmt.Sprintf("%v-%v-%v",
|
|
|
|
|
ing.GetNamespace(),
|
|
|
|
|
ing.Spec.Backend.ServiceName,
|
|
|
|
|
ing.Spec.Backend.ServicePort.String())
|
|
|
|
|
|
|
|
|
|
glog.V(3).Infof("creating upstream %v", defBackend)
|
|
|
|
|
upstreams[defBackend] = newUpstream(defBackend)
|
|
|
|
|
|
|
|
|
|
svcKey := fmt.Sprintf("%v/%v", ing.GetNamespace(), ing.Spec.Backend.ServiceName)
|
|
|
|
|
endps, err := ic.serviceEndpoints(svcKey, ing.Spec.Backend.ServicePort.String(), hz)
|
2016-11-11 23:43:35 +00:00
|
|
|
upstreams[defBackend].Endpoints = append(upstreams[defBackend].Endpoints, endps...)
|
2016-11-10 22:56:29 +00:00
|
|
|
if err != nil {
|
|
|
|
|
glog.Warningf("error creating upstream %v: %v", defBackend, err)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for _, rule := range ing.Spec.Rules {
|
|
|
|
|
if rule.HTTP == nil {
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for _, path := range rule.HTTP.Paths {
|
|
|
|
|
name := fmt.Sprintf("%v-%v-%v",
|
|
|
|
|
ing.GetNamespace(),
|
|
|
|
|
path.Backend.ServiceName,
|
|
|
|
|
path.Backend.ServicePort.String())
|
|
|
|
|
|
2017-04-06 01:21:34 +00:00
|
|
|
upstream, ok := upstreams[name]
|
|
|
|
|
isNewUpstream := !ok
|
|
|
|
|
|
|
|
|
|
if isNewUpstream {
|
|
|
|
|
glog.V(3).Infof("creating upstream %v", name)
|
|
|
|
|
upstream = newUpstream(name)
|
|
|
|
|
upstreams[name] = upstream
|
2016-11-10 22:56:29 +00:00
|
|
|
}
|
|
|
|
|
|
2017-04-06 01:21:34 +00:00
|
|
|
if !upstream.Secure {
|
|
|
|
|
upstream.Secure = secUpstream
|
2016-11-16 18:24:26 +00:00
|
|
|
}
|
2017-04-06 01:21:34 +00:00
|
|
|
|
|
|
|
|
if upstream.SessionAffinity.AffinityType == "" {
|
|
|
|
|
upstream.SessionAffinity.AffinityType = affinity.AffinityType
|
2017-02-12 23:13:39 +00:00
|
|
|
if affinity.AffinityType == "cookie" {
|
2017-04-06 01:21:34 +00:00
|
|
|
upstream.SessionAffinity.CookieSessionAffinity.Name = affinity.CookieConfig.Name
|
|
|
|
|
upstream.SessionAffinity.CookieSessionAffinity.Hash = affinity.CookieConfig.Hash
|
2017-02-12 23:13:39 +00:00
|
|
|
}
|
2017-02-10 03:00:17 +00:00
|
|
|
}
|
|
|
|
|
|
2017-04-06 01:21:34 +00:00
|
|
|
if isNewUpstream {
|
|
|
|
|
svcKey := fmt.Sprintf("%v/%v", ing.GetNamespace(), path.Backend.ServiceName)
|
|
|
|
|
endp, err := ic.serviceEndpoints(svcKey, path.Backend.ServicePort.String(), hz)
|
|
|
|
|
if err != nil {
|
|
|
|
|
glog.Warningf("error obtaining service endpoints: %v", err)
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
upstream.Endpoints = endp
|
2016-11-10 22:56:29 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return upstreams
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// serviceEndpoints returns the upstream servers (endpoints) associated
|
|
|
|
|
// to a service.
|
|
|
|
|
func (ic *GenericController) serviceEndpoints(svcKey, backendPort string,
|
2016-11-11 23:43:35 +00:00
|
|
|
hz *healthcheck.Upstream) ([]ingress.Endpoint, error) {
|
2017-04-01 14:39:42 +00:00
|
|
|
svcObj, svcExists, err := ic.svcLister.Store.GetByKey(svcKey)
|
2016-11-10 22:56:29 +00:00
|
|
|
|
2016-11-11 23:43:35 +00:00
|
|
|
var upstreams []ingress.Endpoint
|
2016-11-10 22:56:29 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return upstreams, fmt.Errorf("error getting service %v from the cache: %v", svcKey, err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if !svcExists {
|
2017-03-14 12:47:34 +00:00
|
|
|
err = fmt.Errorf("service %v does not exist", svcKey)
|
2016-11-10 22:56:29 +00:00
|
|
|
return upstreams, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
svc := svcObj.(*api.Service)
|
|
|
|
|
glog.V(3).Infof("obtaining port information for service %v", svcKey)
|
|
|
|
|
for _, servicePort := range svc.Spec.Ports {
|
|
|
|
|
// targetPort could be a string, use the name or the port (int)
|
|
|
|
|
if strconv.Itoa(int(servicePort.Port)) == backendPort ||
|
|
|
|
|
servicePort.TargetPort.String() == backendPort ||
|
|
|
|
|
servicePort.Name == backendPort {
|
|
|
|
|
|
|
|
|
|
endps := ic.getEndpoints(svc, servicePort.TargetPort, api.ProtocolTCP, hz)
|
|
|
|
|
if len(endps) == 0 {
|
|
|
|
|
glog.Warningf("service %v does not have any active endpoints", svcKey)
|
|
|
|
|
}
|
|
|
|
|
|
2017-02-21 14:04:08 +00:00
|
|
|
sort.Sort(ingress.EndpointByAddrPort(endps))
|
2016-11-10 22:56:29 +00:00
|
|
|
upstreams = append(upstreams, endps...)
|
|
|
|
|
break
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return upstreams, nil
|
|
|
|
|
}
|
|
|
|
|
|
2017-02-16 17:26:58 +00:00
|
|
|
// createServers initializes a map that contains information about the list of
|
|
|
|
|
// FDQN referenced by ingress rules and the common name field in the referenced
|
|
|
|
|
// SSL certificates. Each server is configured with location / using a default
|
|
|
|
|
// backend specified by the user or the one inside the ingress spec.
|
|
|
|
|
func (ic *GenericController) createServers(data []interface{},
|
|
|
|
|
upstreams map[string]*ingress.Backend) map[string]*ingress.Server {
|
2016-11-10 22:56:29 +00:00
|
|
|
servers := make(map[string]*ingress.Server)
|
|
|
|
|
|
2016-12-29 20:02:06 +00:00
|
|
|
bdef := ic.GetDefaultBackend()
|
|
|
|
|
ngxProxy := proxy.Configuration{
|
2017-01-20 21:53:32 +00:00
|
|
|
BodySize: bdef.ProxyBodySize,
|
2016-12-29 20:02:06 +00:00
|
|
|
ConnectTimeout: bdef.ProxyConnectTimeout,
|
|
|
|
|
SendTimeout: bdef.ProxySendTimeout,
|
|
|
|
|
ReadTimeout: bdef.ProxyReadTimeout,
|
|
|
|
|
BufferSize: bdef.ProxyBufferSize,
|
2017-02-24 21:46:39 +00:00
|
|
|
CookieDomain: bdef.ProxyCookieDomain,
|
|
|
|
|
CookiePath: bdef.ProxyCookiePath,
|
2016-12-29 20:02:06 +00:00
|
|
|
}
|
|
|
|
|
|
2017-03-06 19:29:33 +00:00
|
|
|
// This adds the Default Certificate to Default Backend (or generates a new self signed one)
|
2017-01-26 18:51:55 +00:00
|
|
|
var defaultPemFileName, defaultPemSHA string
|
2017-03-06 19:29:33 +00:00
|
|
|
|
|
|
|
|
// Tries to fetch the default Certificate. If it does not exists, generate a new self signed one.
|
2017-01-26 18:51:55 +00:00
|
|
|
defaultCertificate, err := ic.getPemCertificate(ic.cfg.DefaultSSLCertificate)
|
|
|
|
|
if err != nil {
|
2017-03-06 19:29:33 +00:00
|
|
|
// This means the Default Secret does not exists, so we will create a new one.
|
2017-03-01 00:11:16 +00:00
|
|
|
fakeCertificate := "default-fake-certificate"
|
|
|
|
|
fakeCertificatePath := fmt.Sprintf("%v/%v.pem", ingress.DefaultSSLDirectory, fakeCertificate)
|
|
|
|
|
|
|
|
|
|
// Only generates a new certificate if it doesn't exists physically
|
|
|
|
|
_, err := os.Stat(fakeCertificatePath)
|
2017-01-26 18:51:55 +00:00
|
|
|
if err != nil {
|
2017-03-06 19:29:33 +00:00
|
|
|
glog.V(3).Infof("No Default SSL Certificate found. Generating a new one")
|
2017-03-01 00:11:16 +00:00
|
|
|
defCert, defKey := ssl.GetFakeSSLCert()
|
2017-03-06 19:29:33 +00:00
|
|
|
defaultCertificate, err = ssl.AddOrUpdateCertAndKey(fakeCertificate, defCert, defKey, []byte{})
|
2017-03-01 00:11:16 +00:00
|
|
|
if err != nil {
|
|
|
|
|
glog.Fatalf("Error generating self signed certificate: %v", err)
|
|
|
|
|
}
|
2017-03-06 19:29:33 +00:00
|
|
|
defaultPemFileName = defaultCertificate.PemFileName
|
|
|
|
|
defaultPemSHA = defaultCertificate.PemSHA
|
2017-03-01 00:11:16 +00:00
|
|
|
} else {
|
|
|
|
|
defaultPemFileName = fakeCertificatePath
|
|
|
|
|
defaultPemSHA = ssl.PemSHA1(fakeCertificatePath)
|
2017-01-26 18:51:55 +00:00
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
defaultPemFileName = defaultCertificate.PemFileName
|
|
|
|
|
defaultPemSHA = defaultCertificate.PemSHA
|
|
|
|
|
}
|
|
|
|
|
|
2017-02-16 17:26:58 +00:00
|
|
|
// initialize the default server
|
2016-11-10 22:56:29 +00:00
|
|
|
servers[defServerName] = &ingress.Server{
|
2017-01-26 18:51:55 +00:00
|
|
|
Hostname: defServerName,
|
|
|
|
|
SSLCertificate: defaultPemFileName,
|
|
|
|
|
SSLPemChecksum: defaultPemSHA,
|
2016-11-10 22:56:29 +00:00
|
|
|
Locations: []*ingress.Location{
|
|
|
|
|
{
|
|
|
|
|
Path: rootLocation,
|
|
|
|
|
IsDefBackend: true,
|
2017-02-16 17:26:58 +00:00
|
|
|
Backend: ic.getDefaultUpstream().Name,
|
2016-11-10 22:56:29 +00:00
|
|
|
Proxy: ngxProxy,
|
|
|
|
|
},
|
|
|
|
|
}}
|
|
|
|
|
|
|
|
|
|
// initialize all the servers
|
|
|
|
|
for _, ingIf := range data {
|
|
|
|
|
ing := ingIf.(*extensions.Ingress)
|
2017-03-09 22:08:26 +00:00
|
|
|
if !class.IsValid(ing, ic.cfg.IngressClass, ic.cfg.DefaultIngressClass) {
|
2017-02-14 14:02:23 +00:00
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
|
2016-11-10 22:56:29 +00:00
|
|
|
// check if ssl passthrough is configured
|
2016-12-29 20:02:06 +00:00
|
|
|
sslpt := ic.annotations.SSLPassthrough(ing)
|
2017-02-16 17:26:58 +00:00
|
|
|
dun := ic.getDefaultUpstream().Name
|
|
|
|
|
if ing.Spec.Backend != nil {
|
|
|
|
|
// replace default backend
|
|
|
|
|
defUpstream := fmt.Sprintf("%v-%v-%v", ing.GetNamespace(), ing.Spec.Backend.ServiceName, ing.Spec.Backend.ServicePort.String())
|
|
|
|
|
if backendUpstream, ok := upstreams[defUpstream]; ok {
|
|
|
|
|
dun = backendUpstream.Name
|
|
|
|
|
}
|
|
|
|
|
}
|
2016-11-10 22:56:29 +00:00
|
|
|
|
|
|
|
|
for _, rule := range ing.Spec.Rules {
|
|
|
|
|
host := rule.Host
|
|
|
|
|
if host == "" {
|
|
|
|
|
host = defServerName
|
|
|
|
|
}
|
|
|
|
|
if _, ok := servers[host]; ok {
|
|
|
|
|
// server already configured
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
servers[host] = &ingress.Server{
|
2016-11-16 18:24:26 +00:00
|
|
|
Hostname: host,
|
2016-11-10 22:56:29 +00:00
|
|
|
Locations: []*ingress.Location{
|
|
|
|
|
{
|
|
|
|
|
Path: rootLocation,
|
|
|
|
|
IsDefBackend: true,
|
2016-12-29 20:02:06 +00:00
|
|
|
Backend: dun,
|
2016-11-10 22:56:29 +00:00
|
|
|
Proxy: ngxProxy,
|
|
|
|
|
},
|
|
|
|
|
}, SSLPassthrough: sslpt}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// configure default location and SSL
|
|
|
|
|
for _, ingIf := range data {
|
|
|
|
|
ing := ingIf.(*extensions.Ingress)
|
2017-03-09 22:08:26 +00:00
|
|
|
if !class.IsValid(ing, ic.cfg.IngressClass, ic.cfg.DefaultIngressClass) {
|
2017-02-14 14:02:23 +00:00
|
|
|
continue
|
|
|
|
|
}
|
2016-11-10 22:56:29 +00:00
|
|
|
|
|
|
|
|
for _, rule := range ing.Spec.Rules {
|
|
|
|
|
host := rule.Host
|
|
|
|
|
if host == "" {
|
|
|
|
|
host = defServerName
|
|
|
|
|
}
|
|
|
|
|
|
2016-11-24 00:14:14 +00:00
|
|
|
// only add a certificate if the server does not have one previously configured
|
2016-11-23 23:22:29 +00:00
|
|
|
// TODO: TLS without secret?
|
2016-12-25 19:48:10 +00:00
|
|
|
if len(ing.Spec.TLS) > 0 && servers[host].SSLCertificate == "" {
|
|
|
|
|
tlsSecretName := ""
|
2017-03-26 12:28:59 +00:00
|
|
|
found := false
|
2016-12-25 19:48:10 +00:00
|
|
|
for _, tls := range ing.Spec.TLS {
|
|
|
|
|
for _, tlsHost := range tls.Hosts {
|
|
|
|
|
if tlsHost == host {
|
|
|
|
|
tlsSecretName = tls.SecretName
|
2017-03-26 12:28:59 +00:00
|
|
|
found = true
|
2016-12-25 19:48:10 +00:00
|
|
|
break
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-03-26 12:28:59 +00:00
|
|
|
// the current ing.Spec.Rules[].Host doesn't have an entry at
|
|
|
|
|
// ing.Spec.TLS[].Hosts[], skipping to the next Rule
|
|
|
|
|
if !found {
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Current Host listed on ing.Spec.TLS[].Hosts[]
|
|
|
|
|
// but TLS[].SecretName is empty; using default cert
|
2017-03-16 15:07:07 +00:00
|
|
|
if tlsSecretName == "" {
|
2017-03-26 12:28:59 +00:00
|
|
|
servers[host].SSLCertificate = defaultPemFileName
|
|
|
|
|
servers[host].SSLPemChecksum = defaultPemSHA
|
2017-03-16 15:07:07 +00:00
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
|
2016-12-25 19:48:10 +00:00
|
|
|
key := fmt.Sprintf("%v/%v", ing.Namespace, tlsSecretName)
|
2016-11-10 22:56:29 +00:00
|
|
|
bc, exists := ic.sslCertTracker.Get(key)
|
|
|
|
|
if exists {
|
|
|
|
|
cert := bc.(*ingress.SSLCert)
|
|
|
|
|
if isHostValid(host, cert) {
|
|
|
|
|
servers[host].SSLCertificate = cert.PemFileName
|
|
|
|
|
servers[host].SSLPemChecksum = cert.PemSHA
|
2017-03-16 15:07:07 +00:00
|
|
|
} else {
|
2017-04-03 10:22:08 +00:00
|
|
|
glog.Warningf("ssl certificate %v does not contain a common name for host %v", key, host)
|
2016-11-10 22:56:29 +00:00
|
|
|
}
|
2017-03-16 15:07:07 +00:00
|
|
|
} else {
|
|
|
|
|
glog.Warningf("ssl certificate \"%v\" does not exist in local store", key)
|
2016-11-10 22:56:29 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return servers
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// getEndpoints returns a list of <endpoint ip>:<port> for a given service/target port combination.
|
|
|
|
|
func (ic *GenericController) getEndpoints(
|
|
|
|
|
s *api.Service,
|
|
|
|
|
servicePort intstr.IntOrString,
|
|
|
|
|
proto api.Protocol,
|
2016-11-11 23:43:35 +00:00
|
|
|
hz *healthcheck.Upstream) []ingress.Endpoint {
|
2016-11-10 22:56:29 +00:00
|
|
|
glog.V(3).Infof("getting endpoints for service %v/%v and port %v", s.Namespace, s.Name, servicePort.String())
|
|
|
|
|
ep, err := ic.endpLister.GetServiceEndpoints(s)
|
|
|
|
|
if err != nil {
|
|
|
|
|
glog.Warningf("unexpected error obtaining service endpoints: %v", err)
|
2016-11-11 23:43:35 +00:00
|
|
|
return []ingress.Endpoint{}
|
2016-11-10 22:56:29 +00:00
|
|
|
}
|
|
|
|
|
|
2016-11-11 23:43:35 +00:00
|
|
|
upsServers := []ingress.Endpoint{}
|
2016-11-10 22:56:29 +00:00
|
|
|
|
2017-03-16 11:20:52 +00:00
|
|
|
// avoid duplicated upstream servers when the service
|
|
|
|
|
// contains multiple port definitions sharing the same
|
|
|
|
|
// targetport.
|
|
|
|
|
adus := make(map[string]bool, 0)
|
|
|
|
|
|
2016-11-10 22:56:29 +00:00
|
|
|
for _, ss := range ep.Subsets {
|
|
|
|
|
for _, epPort := range ss.Ports {
|
|
|
|
|
|
|
|
|
|
if !reflect.DeepEqual(epPort.Protocol, proto) {
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var targetPort int32
|
|
|
|
|
|
|
|
|
|
switch servicePort.Type {
|
|
|
|
|
case intstr.Int:
|
|
|
|
|
if int(epPort.Port) == servicePort.IntValue() {
|
|
|
|
|
targetPort = epPort.Port
|
|
|
|
|
}
|
|
|
|
|
case intstr.String:
|
|
|
|
|
port, err := service.GetPortMapping(servicePort.StrVal, s)
|
|
|
|
|
if err == nil {
|
|
|
|
|
targetPort = port
|
2017-01-10 10:48:25 +00:00
|
|
|
break
|
2016-11-10 22:56:29 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
glog.Warningf("error mapping service port: %v", err)
|
|
|
|
|
err = ic.checkSvcForUpdate(s)
|
|
|
|
|
if err != nil {
|
|
|
|
|
glog.Warningf("error mapping service ports: %v", err)
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
port, err = service.GetPortMapping(servicePort.StrVal, s)
|
|
|
|
|
if err == nil {
|
|
|
|
|
targetPort = port
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// check for invalid port value
|
2016-12-29 22:59:56 +00:00
|
|
|
if targetPort <= 0 {
|
2016-11-10 22:56:29 +00:00
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for _, epAddress := range ss.Addresses {
|
2017-03-16 11:20:52 +00:00
|
|
|
ep := fmt.Sprintf("%v:%v", epAddress.IP, targetPort)
|
|
|
|
|
if _, exists := adus[ep]; exists {
|
|
|
|
|
continue
|
|
|
|
|
}
|
2016-11-11 23:43:35 +00:00
|
|
|
ups := ingress.Endpoint{
|
2016-11-10 22:56:29 +00:00
|
|
|
Address: epAddress.IP,
|
|
|
|
|
Port: fmt.Sprintf("%v", targetPort),
|
|
|
|
|
MaxFails: hz.MaxFails,
|
|
|
|
|
FailTimeout: hz.FailTimeout,
|
|
|
|
|
}
|
|
|
|
|
upsServers = append(upsServers, ups)
|
2017-03-16 11:20:52 +00:00
|
|
|
adus[ep] = true
|
2016-11-10 22:56:29 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
glog.V(3).Infof("endpoints found: %v", upsServers)
|
|
|
|
|
return upsServers
|
|
|
|
|
}
|
|
|
|
|
|
2017-04-09 16:52:10 +00:00
|
|
|
// extractSecretNames extracts information about secrets inside the Ingress rule
|
|
|
|
|
func (ic GenericController) extractSecretNames(ing *extensions.Ingress) {
|
|
|
|
|
if ic.annotations.ContainsCertificateAuth(ing) {
|
|
|
|
|
key, _ := parser.GetStringAnnotation("ingress.kubernetes.io/auth-tls-secret", ing)
|
|
|
|
|
if key != "" {
|
|
|
|
|
_, exists := ic.secretTracker.Get(key)
|
|
|
|
|
if !exists {
|
|
|
|
|
ic.secretTracker.Add(key, key)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for _, tls := range ing.Spec.TLS {
|
|
|
|
|
key := fmt.Sprintf("%v/%v", ing.Namespace, tls.SecretName)
|
|
|
|
|
_, exists := ic.secretTracker.Get(key)
|
|
|
|
|
if !exists {
|
|
|
|
|
ic.secretTracker.Add(key, key)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-11-10 22:56:29 +00:00
|
|
|
// Stop stops the loadbalancer controller.
|
|
|
|
|
func (ic GenericController) Stop() error {
|
|
|
|
|
ic.stopLock.Lock()
|
|
|
|
|
defer ic.stopLock.Unlock()
|
|
|
|
|
|
|
|
|
|
// Only try draining the workqueue if we haven't already.
|
|
|
|
|
if !ic.syncQueue.IsShuttingDown() {
|
|
|
|
|
glog.Infof("shutting down controller queues")
|
|
|
|
|
close(ic.stopCh)
|
|
|
|
|
go ic.syncQueue.Shutdown()
|
2017-01-20 22:01:37 +00:00
|
|
|
if ic.syncStatus != nil {
|
|
|
|
|
ic.syncStatus.Shutdown()
|
|
|
|
|
}
|
2016-11-10 22:56:29 +00:00
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return fmt.Errorf("shutdown already in progress")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Start starts the Ingress controller.
|
|
|
|
|
func (ic GenericController) Start() {
|
|
|
|
|
glog.Infof("starting Ingress controller")
|
|
|
|
|
|
|
|
|
|
go ic.ingController.Run(ic.stopCh)
|
|
|
|
|
go ic.endpController.Run(ic.stopCh)
|
|
|
|
|
go ic.svcController.Run(ic.stopCh)
|
2017-02-11 05:07:28 +00:00
|
|
|
go ic.nodeController.Run(ic.stopCh)
|
2016-11-10 22:56:29 +00:00
|
|
|
go ic.secrController.Run(ic.stopCh)
|
|
|
|
|
go ic.mapController.Run(ic.stopCh)
|
|
|
|
|
|
2016-11-24 00:14:14 +00:00
|
|
|
go ic.syncQueue.Run(5*time.Second, ic.stopCh)
|
2016-11-10 22:56:29 +00:00
|
|
|
|
2017-04-09 16:52:10 +00:00
|
|
|
go wait.Forever(ic.syncSecret, 10*time.Second)
|
|
|
|
|
|
2017-01-20 22:01:37 +00:00
|
|
|
if ic.syncStatus != nil {
|
|
|
|
|
go ic.syncStatus.Run(ic.stopCh)
|
|
|
|
|
}
|
2016-11-10 22:56:29 +00:00
|
|
|
|
|
|
|
|
<-ic.stopCh
|
|
|
|
|
}
|
