2016-11-10 22:56:29 +00:00
|
|
|
/*
|
|
|
|
|
Copyright 2015 The Kubernetes Authors.
|
|
|
|
|
|
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
|
you may not use this file except in compliance with the License.
|
|
|
|
|
You may obtain a copy of the License at
|
|
|
|
|
|
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
|
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
|
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
|
See the License for the specific language governing permissions and
|
|
|
|
|
limitations under the License.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
package controller
|
|
|
|
|
|
|
|
|
|
import (
|
2019-04-02 13:56:12 +00:00
|
|
|
"fmt"
|
2020-08-09 15:30:41 +00:00
|
|
|
"os"
|
2018-06-14 00:55:07 +00:00
|
|
|
"os/exec"
|
2020-10-26 14:24:55 +00:00
|
|
|
"path"
|
|
|
|
|
"strconv"
|
|
|
|
|
"strings"
|
2018-03-22 16:03:04 +00:00
|
|
|
"syscall"
|
|
|
|
|
|
2017-08-23 05:00:42 +00:00
|
|
|
api "k8s.io/api/core/v1"
|
2021-08-21 20:42:00 +00:00
|
|
|
networking "k8s.io/api/networking/v1"
|
2019-04-02 13:56:12 +00:00
|
|
|
"k8s.io/apimachinery/pkg/util/intstr"
|
2022-07-22 00:32:48 +00:00
|
|
|
"k8s.io/ingress-nginx/pkg/apis/ingress"
|
2022-04-09 04:48:04 +00:00
|
|
|
klog "k8s.io/klog/v2"
|
2016-11-10 22:56:29 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// newUpstream creates an upstream without servers.
|
2016-11-11 23:43:35 +00:00
|
|
|
func newUpstream(name string) *ingress.Backend {
|
|
|
|
|
return &ingress.Backend{
|
2016-11-16 18:24:26 +00:00
|
|
|
Name: name,
|
2016-11-11 23:43:35 +00:00
|
|
|
Endpoints: []ingress.Endpoint{},
|
2017-08-23 05:00:42 +00:00
|
|
|
Service: &api.Service{},
|
2017-06-16 00:43:17 +00:00
|
|
|
SessionAffinity: ingress.SessionAffinityConfig{
|
|
|
|
|
CookieSessionAffinity: ingress.CookieSessionAffinity{
|
|
|
|
|
Locations: make(map[string][]string),
|
|
|
|
|
},
|
|
|
|
|
},
|
2016-11-10 22:56:29 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2018-09-18 18:05:32 +00:00
|
|
|
// upstreamName returns a formatted upstream name based on namespace, service, and port
|
2021-08-21 20:42:00 +00:00
|
|
|
func upstreamName(namespace string, service *networking.IngressServiceBackend) string {
|
|
|
|
|
if service != nil {
|
|
|
|
|
if service.Port.Number > 0 {
|
|
|
|
|
return fmt.Sprintf("%s-%s-%d", namespace, service.Name, service.Port.Number)
|
|
|
|
|
}
|
|
|
|
|
if service.Port.Name != "" {
|
|
|
|
|
return fmt.Sprintf("%s-%s-%s", namespace, service.Name, service.Port.Name)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return fmt.Sprintf("%s-INVALID", namespace)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// upstreamServiceNameAndPort verifies if service is not nil, and then return the
|
|
|
|
|
// correct serviceName and Port
|
|
|
|
|
func upstreamServiceNameAndPort(service *networking.IngressServiceBackend) (string, intstr.IntOrString) {
|
|
|
|
|
if service != nil {
|
|
|
|
|
if service.Port.Number > 0 {
|
|
|
|
|
return service.Name, intstr.FromInt(int(service.Port.Number))
|
|
|
|
|
}
|
|
|
|
|
if service.Port.Name != "" {
|
|
|
|
|
return service.Name, intstr.FromString(service.Port.Name)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return "", intstr.IntOrString{}
|
2018-09-18 18:05:32 +00:00
|
|
|
}
|
|
|
|
|
|
2018-06-13 18:15:45 +00:00
|
|
|
// sysctlSomaxconn returns the maximum number of connections that can be queued
|
|
|
|
|
// for acceptance (value of net.core.somaxconn)
|
2017-11-06 22:34:30 +00:00
|
|
|
// http://nginx.org/en/docs/http/ngx_http_core_module.html#listen
|
|
|
|
|
func sysctlSomaxconn() int {
|
2020-10-26 14:24:55 +00:00
|
|
|
maxConns, err := getSysctl("net/core/somaxconn")
|
2017-11-06 22:34:30 +00:00
|
|
|
if err != nil || maxConns < 512 {
|
2020-09-27 20:32:40 +00:00
|
|
|
klog.V(3).InfoS("Using default net.core.somaxconn", "value", maxConns)
|
2017-11-06 22:34:30 +00:00
|
|
|
return 511
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return maxConns
|
|
|
|
|
}
|
|
|
|
|
|
2019-01-15 20:34:17 +00:00
|
|
|
// rlimitMaxNumFiles returns hard limit for RLIMIT_NOFILE
|
|
|
|
|
func rlimitMaxNumFiles() int {
|
2018-03-22 16:03:04 +00:00
|
|
|
var rLimit syscall.Rlimit
|
|
|
|
|
err := syscall.Getrlimit(syscall.RLIMIT_NOFILE, &rLimit)
|
2017-11-06 22:34:30 +00:00
|
|
|
if err != nil {
|
2020-09-27 20:32:40 +00:00
|
|
|
klog.ErrorS(err, "Error reading system maximum number of open file descriptors (RLIMIT_NOFILE)")
|
2017-11-06 22:34:30 +00:00
|
|
|
return 0
|
|
|
|
|
}
|
2018-03-22 16:03:04 +00:00
|
|
|
return int(rLimit.Max)
|
2017-11-06 22:34:30 +00:00
|
|
|
}
|
2018-06-14 00:55:07 +00:00
|
|
|
|
|
|
|
|
const (
|
2022-04-09 04:48:04 +00:00
|
|
|
defBinary = "/usr/bin/nginx"
|
2018-06-14 00:55:07 +00:00
|
|
|
cfgPath = "/etc/nginx/nginx.conf"
|
|
|
|
|
)
|
|
|
|
|
|
2019-02-21 19:45:21 +00:00
|
|
|
// NginxExecTester defines the interface to execute
|
|
|
|
|
// command like reload or test configuration
|
|
|
|
|
type NginxExecTester interface {
|
|
|
|
|
ExecCommand(args ...string) *exec.Cmd
|
|
|
|
|
Test(cfg string) ([]byte, error)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// NginxCommand stores context around a given nginx executable path
|
|
|
|
|
type NginxCommand struct {
|
|
|
|
|
Binary string
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// NewNginxCommand returns a new NginxCommand from which path
|
|
|
|
|
// has been detected from environment variable NGINX_BINARY or default
|
|
|
|
|
func NewNginxCommand() NginxCommand {
|
2020-08-09 15:30:41 +00:00
|
|
|
command := NginxCommand{
|
2019-02-21 19:45:21 +00:00
|
|
|
Binary: defBinary,
|
|
|
|
|
}
|
2020-08-09 15:30:41 +00:00
|
|
|
|
|
|
|
|
binary := os.Getenv("NGINX_BINARY")
|
|
|
|
|
if binary != "" {
|
|
|
|
|
command.Binary = binary
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return command
|
2019-02-21 19:45:21 +00:00
|
|
|
}
|
|
|
|
|
|
2024-09-06 14:59:43 +00:00
|
|
|
// ExecCommand instantiates an exec.Cmd object to call nginx program
|
2019-02-21 19:45:21 +00:00
|
|
|
func (nc NginxCommand) ExecCommand(args ...string) *exec.Cmd {
|
2019-03-05 13:08:34 +00:00
|
|
|
cmdArgs := []string{}
|
2018-08-31 00:32:06 +00:00
|
|
|
|
2019-03-05 13:08:34 +00:00
|
|
|
cmdArgs = append(cmdArgs, "-c", cfgPath)
|
2018-06-14 00:55:07 +00:00
|
|
|
cmdArgs = append(cmdArgs, args...)
|
2023-08-31 07:36:48 +00:00
|
|
|
//nolint:gosec // Ignore G204 error
|
2019-02-21 19:45:21 +00:00
|
|
|
return exec.Command(nc.Binary, cmdArgs...)
|
2018-06-14 00:55:07 +00:00
|
|
|
}
|
|
|
|
|
|
2019-02-21 19:45:21 +00:00
|
|
|
// Test checks if config file is a syntax valid nginx configuration
|
|
|
|
|
func (nc NginxCommand) Test(cfg string) ([]byte, error) {
|
2023-08-31 07:36:48 +00:00
|
|
|
//nolint:gosec // Ignore G204 error
|
2019-02-21 19:45:21 +00:00
|
|
|
return exec.Command(nc.Binary, "-c", cfg, "-t").CombinedOutput()
|
2018-06-14 00:55:07 +00:00
|
|
|
}
|
2020-10-26 14:24:55 +00:00
|
|
|
|
|
|
|
|
// getSysctl returns the value for the specified sysctl setting
|
|
|
|
|
func getSysctl(sysctl string) (int, error) {
|
2021-08-06 14:18:17 +00:00
|
|
|
data, err := os.ReadFile(path.Join("/proc/sys", sysctl))
|
2020-10-26 14:24:55 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return -1, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
val, err := strconv.Atoi(strings.Trim(string(data), " \n"))
|
|
|
|
|
if err != nil {
|
|
|
|
|
return -1, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return val, nil
|
|
|
|
|
}
|
