Fix SSL passthrough
This commit is contained in:
Manuel de Brito Fontes
Manuel Alejandro de Brito Fontes
parent
1ec0a60746
commit
12ec0475c0
2 changed files with 34 additions and 33 deletions
|
|
@ -114,6 +114,8 @@ func NewNGINXController(config *Configuration, fs file.Filesystem) *NGINXControl
|
||||||
|
|
||||||
// create an empty configuration.
|
// create an empty configuration.
|
||||||
runningConfig: &ingress.Configuration{},
|
runningConfig: &ingress.Configuration{},
|
||||||
|
|
||||||
|
Proxy: &TCPProxy{},
|
||||||
}
|
}
|
||||||
|
|
||||||
n.store = store.New(true,
|
n.store = store.New(true,
|
||||||
|
|
@ -410,37 +412,41 @@ func (n *NGINXController) OnUpdate(ingressCfg ingress.Configuration) error {
|
||||||
cfg := n.store.GetBackendConfiguration()
|
cfg := n.store.GetBackendConfiguration()
|
||||||
cfg.Resolver = n.resolver
|
cfg.Resolver = n.resolver
|
||||||
|
|
||||||
servers := []*TCPServer{}
|
if n.cfg.EnableSSLPassthrough {
|
||||||
for _, pb := range ingressCfg.PassthroughBackends {
|
servers := []*TCPServer{}
|
||||||
svc := pb.Service
|
for _, pb := range ingressCfg.PassthroughBackends {
|
||||||
if svc == nil {
|
svc := pb.Service
|
||||||
glog.Warningf("missing service for PassthroughBackends %v", pb.Backend)
|
if svc == nil {
|
||||||
continue
|
glog.Warningf("missing service for PassthroughBackends %v", pb.Backend)
|
||||||
}
|
continue
|
||||||
port, err := strconv.Atoi(pb.Port.String())
|
}
|
||||||
if err != nil {
|
port, err := strconv.Atoi(pb.Port.String())
|
||||||
for _, sp := range svc.Spec.Ports {
|
if err != nil {
|
||||||
if sp.Name == pb.Port.String() {
|
for _, sp := range svc.Spec.Ports {
|
||||||
port = int(sp.Port)
|
if sp.Name == pb.Port.String() {
|
||||||
break
|
port = int(sp.Port)
|
||||||
}
|
break
|
||||||
}
|
}
|
||||||
} else {
|
}
|
||||||
for _, sp := range svc.Spec.Ports {
|
} else {
|
||||||
if sp.Port == int32(port) {
|
for _, sp := range svc.Spec.Ports {
|
||||||
port = int(sp.Port)
|
if sp.Port == int32(port) {
|
||||||
break
|
port = int(sp.Port)
|
||||||
|
break
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
//TODO: Allow PassthroughBackends to specify they support proxy-protocol
|
||||||
|
servers = append(servers, &TCPServer{
|
||||||
|
Hostname: pb.Hostname,
|
||||||
|
IP: svc.Spec.ClusterIP,
|
||||||
|
Port: port,
|
||||||
|
ProxyProtocol: false,
|
||||||
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
//TODO: Allow PassthroughBackends to specify they support proxy-protocol
|
n.Proxy.ServerList = servers
|
||||||
servers = append(servers, &TCPServer{
|
|
||||||
Hostname: pb.Hostname,
|
|
||||||
IP: svc.Spec.ClusterIP,
|
|
||||||
Port: port,
|
|
||||||
ProxyProtocol: false,
|
|
||||||
})
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// we need to check if the status module configuration changed
|
// we need to check if the status module configuration changed
|
||||||
|
|
|
||||||
|
|
@ -31,12 +31,7 @@ func (f *Framework) ExecCommand(pod *v1.Pod, command string) (string, error) {
|
||||||
execErr bytes.Buffer
|
execErr bytes.Buffer
|
||||||
)
|
)
|
||||||
|
|
||||||
args := fmt.Sprintf("kubectl exec --namespace %v %v -- %v", pod.Namespace, pod.Name, command)
|
args := fmt.Sprintf("kubectl exec --namespace %v %v --container nginx-ingress-controller -- %v", pod.Namespace, pod.Name, command)
|
||||||
if len(pod.Spec.Containers) != 1 {
|
|
||||||
args = fmt.Sprintf("kubectl exec --namespace %v %v --container nginx-ingress-controller -- %v", pod.Namespace, pod.Name, command)
|
|
||||||
}
|
|
||||||
|
|
||||||
log("DEBUG", "Executing command \"%v\"", args)
|
|
||||||
cmd := exec.Command("/bin/bash", "-c", args)
|
cmd := exec.Command("/bin/bash", "-c", args)
|
||||||
cmd.Stdout = &execOut
|
cmd.Stdout = &execOut
|
||||||
cmd.Stderr = &execErr
|
cmd.Stderr = &execErr
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue