DevFW-CICD/ingress-nginx-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge b96f7a4dc6 into ed3803cf58

Browse source
This commit is contained in:
Manuel Alejandro de Brito Fontes 2017-08-22 19:20:46 +00:00 committed by GitHub
commit 1f6785dbd7
2 changed files with 29 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

40
controllers/nginx/pkg/template/template.go
View file

@ -225,10 +225,7 @@ func buildAuthLocation(input interface{}) string {
return "" return ""
} }
str := base64.URLEncoding.EncodeToString([]byte(location.Path)) return fmt.Sprintf("/_external-auth-%v", encode(location.Path))
// avoid locations containing the = char
str = strings.Replace(str, "=", "", -1)
return fmt.Sprintf("/_external-auth-%v", str)
} }
func buildAuthResponseHeaders(input interface{}) []string { func buildAuthResponseHeaders(input interface{}) []string {
@ -362,11 +359,15 @@ func buildRateLimitZones(input interface{}) []string {
for _, loc := range server.Locations { for _, loc := range server.Locations {
lrn := fmt.Sprintf("%v_%v", server.Hostname, loc.RateLimit.Name) lrn := fmt.Sprintf("%v_%v", server.Hostname, loc.RateLimit.Name)
whitelistVar := buildWhitelistVariable(lrn) whitelistVar := buildWhitelistVariable(lrn)
sr := fmt.Sprintf("# Zone: %v %v%v", loc.RateLimit.Name, server.Hostname, loc.Path)
b := fmt.Sprintf("%v %v %v", loc.RateLimit.Name, server.Hostname, loc.Path)
zn := fmt.Sprintf("zone_%v", encode(b))
if loc.RateLimit.Connections.Limit > 0 { if loc.RateLimit.Connections.Limit > 0 {
zone := fmt.Sprintf("limit_conn_zone $limit_%s zone=%v:%vm;", zone := fmt.Sprintf("%v\n\tlimit_conn_zone $limit_%s zone=%v:%vm;",
sr,
whitelistVar, whitelistVar,
loc.RateLimit.Connections.Name, zn,
loc.RateLimit.Connections.SharedSize) loc.RateLimit.Connections.SharedSize)
if !zones.Has(zone) { if !zones.Has(zone) {
zones.Insert(zone) zones.Insert(zone)
@ -374,9 +375,10 @@ func buildRateLimitZones(input interface{}) []string {
} }
if loc.RateLimit.RPM.Limit > 0 { if loc.RateLimit.RPM.Limit > 0 {
zone := fmt.Sprintf("limit_req_zone $limit_%s zone=%v:%vm rate=%vr/m;", zone := fmt.Sprintf("%v\n\tlimit_req_zone $limit_%s zone=%v:%vm rate=%vr/m;",
sr,
whitelistVar, whitelistVar,
loc.RateLimit.RPM.Name, zn,
loc.RateLimit.RPM.SharedSize, loc.RateLimit.RPM.SharedSize,
loc.RateLimit.RPM.Limit) loc.RateLimit.RPM.Limit)
if !zones.Has(zone) { if !zones.Has(zone) {
@ -385,9 +387,10 @@ func buildRateLimitZones(input interface{}) []string {
} }
if loc.RateLimit.RPS.Limit > 0 { if loc.RateLimit.RPS.Limit > 0 {
zone := fmt.Sprintf("limit_req_zone $limit_%s zone=%v:%vm rate=%vr/s;", zone := fmt.Sprintf("%v\n\tlimit_req_zone $limit_%s zone=%v:%vm rate=%vr/s;",
sr,
whitelistVar, whitelistVar,
loc.RateLimit.RPS.Name, zn,
loc.RateLimit.RPS.SharedSize, loc.RateLimit.RPS.SharedSize,
loc.RateLimit.RPS.Limit) loc.RateLimit.RPS.Limit)
if !zones.Has(zone) { if !zones.Has(zone) {
@ -402,7 +405,7 @@ func buildRateLimitZones(input interface{}) []string {
// buildRateLimit produces an array of limit_req to be used inside the Path of // buildRateLimit produces an array of limit_req to be used inside the Path of
// Ingress rules. The order: connections by IP first, then RPS, and RPM last. // Ingress rules. The order: connections by IP first, then RPS, and RPM last.
func buildRateLimit(input interface{}) []string { func buildRateLimit(s, input interface{}) []string {
limits := []string{} limits := []string{}
loc, ok := input.(*ingress.Location) loc, ok := input.(*ingress.Location)
@ -410,21 +413,26 @@ func buildRateLimit(input interface{}) []string {
return limits return limits
} }
server, _ := s.(*ingress.Server)
if loc.RateLimit.Connections.Limit > 0 { if loc.RateLimit.Connections.Limit > 0 {
limit := fmt.Sprintf("limit_conn %v %v;", limit := fmt.Sprintf("limit_conn %v %v;",
loc.RateLimit.Connections.Name, loc.RateLimit.Connections.Limit) loc.RateLimit.Connections.Name, loc.RateLimit.Connections.Limit)
limits = append(limits, limit) limits = append(limits, limit)
} }
b := fmt.Sprintf("%v %v %v", loc.RateLimit.Name, server.Hostname, loc.Path)
z := fmt.Sprintf("zone_%v", encode(b))
if loc.RateLimit.RPS.Limit > 0 { if loc.RateLimit.RPS.Limit > 0 {
limit := fmt.Sprintf("limit_req zone=%v burst=%v nodelay;", limit := fmt.Sprintf("limit_req zone=%v burst=%v nodelay;",
loc.RateLimit.RPS.Name, loc.RateLimit.RPS.Burst) z, loc.RateLimit.RPS.Burst)
limits = append(limits, limit) limits = append(limits, limit)
} }
if loc.RateLimit.RPM.Limit > 0 { if loc.RateLimit.RPM.Limit > 0 {
limit := fmt.Sprintf("limit_req zone=%v burst=%v nodelay;", limit := fmt.Sprintf("limit_req zone=%v burst=%v nodelay;",
loc.RateLimit.RPM.Name, loc.RateLimit.RPM.Burst) z, loc.RateLimit.RPM.Burst)
limits = append(limits, limit) limits = append(limits, limit)
} }
@ -545,3 +553,9 @@ func buildRandomUUID() string {
s := uuid.New() s := uuid.New()
return strings.Replace(s, "-", "", -1) return strings.Replace(s, "-", "", -1)
} }
func encode(s string) string {
str := base64.URLEncoding.EncodeToString([]byte(s))
// avoid locations containing the = char
return strings.Replace(str, "=", "", -1)
}

3
controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl
View file

@ -313,6 +313,7 @@ http {
{{/* 1MB -> 16 thousand 64-byte states or about 8 thousand 128-byte states */}} {{/* 1MB -> 16 thousand 64-byte states or about 8 thousand 128-byte states */}}
{{ range $zone := (buildRateLimitZones $servers) }} {{ range $zone := (buildRateLimitZones $servers) }}
{{ $zone }} {{ $zone }}
{{ end }} {{ end }}
{{/* Build server redirects (from/to www) */}} {{/* Build server redirects (from/to www) */}}
@ -616,7 +617,7 @@ stream {
{{ end }} {{ end }}
{{/* if the location contains a rate limit annotation, create one */}} {{/* if the location contains a rate limit annotation, create one */}}
{{ $limits := buildRateLimit $location }} {{ $limits := buildRateLimit $server $location }}
{{ range $limit := $limits }} {{ range $limit := $limits }}
{{ $limit }}{{ end }} {{ $limit }}{{ end }}