From 8255e76389fbdf1a022272ef0c4b5d70b194b279 Mon Sep 17 00:00:00 2001 From: Kirill Levin Date: Wed, 15 Mar 2017 18:22:15 +0300 Subject: [PATCH 1/9] udp-tcp-on-same-port fix --- controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl b/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl index 07a7e7921..73472122f 100644 --- a/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl +++ b/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl @@ -490,7 +490,7 @@ stream { # TCP services {{ range $i, $tcpServer := .TCPBackends }} - upstream {{ $tcpServer.Backend.Namespace }}-{{ $tcpServer.Backend.Name }}-{{ $tcpServer.Backend.Port }} { + upstream tcp-{{ $tcpServer.Backend.Namespace }}-{{ $tcpServer.Backend.Name }}-{{ $tcpServer.Backend.Port }} { {{ range $j, $endpoint := $tcpServer.Endpoints }} server {{ $endpoint.Address }}:{{ $endpoint.Port }}; {{ end }} @@ -498,22 +498,22 @@ stream { server { listen {{ $tcpServer.Port }}; - proxy_pass {{ $tcpServer.Backend.Namespace }}-{{ $tcpServer.Backend.Name }}-{{ $tcpServer.Backend.Port }}; + proxy_pass tcp-{{ $tcpServer.Backend.Namespace }}-{{ $tcpServer.Backend.Name }}-{{ $tcpServer.Backend.Port }}; } {{ end }} # UDP services {{ range $i, $udpServer := .UDPBackends }} - upstream {{ $udpServer.Backend.Namespace }}-{{ $udpServer.Backend.Name }}-{{ $udpServer.Backend.Port }} { + upstream udp-{{ $udpServer.Backend.Namespace }}-{{ $udpServer.Backend.Name }}-{{ $udpServer.Backend.Port }} { {{ range $j, $endpoint := $udpServer.Endpoints }} server {{ $endpoint.Address }}:{{ $endpoint.Port }}; {{ end }} } server { - listen {{ $udpServer.Port }}; + listen {{ $udpServer.Port }} udp; proxy_responses 1; - proxy_pass {{ $udpServer.Backend.Namespace }}-{{ $udpServer.Backend.Name }}-{{ $udpServer.Backend.Port }}; + proxy_pass udp-{{ $udpServer.Backend.Namespace }}-{{ $udpServer.Backend.Name }}-{{ $udpServer.Backend.Port }}; } {{ end }} } From 27b167468551bdb7bd859aa83b2e44c5a0fd4182 Mon Sep 17 00:00:00 2001 From: Kirill Levin Date: Wed, 15 Mar 2017 18:22:15 +0300 Subject: [PATCH 2/9] udp-tcp-on-same-port fix --- controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl b/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl index 07a7e7921..73472122f 100644 --- a/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl +++ b/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl @@ -490,7 +490,7 @@ stream { # TCP services {{ range $i, $tcpServer := .TCPBackends }} - upstream {{ $tcpServer.Backend.Namespace }}-{{ $tcpServer.Backend.Name }}-{{ $tcpServer.Backend.Port }} { + upstream tcp-{{ $tcpServer.Backend.Namespace }}-{{ $tcpServer.Backend.Name }}-{{ $tcpServer.Backend.Port }} { {{ range $j, $endpoint := $tcpServer.Endpoints }} server {{ $endpoint.Address }}:{{ $endpoint.Port }}; {{ end }} @@ -498,22 +498,22 @@ stream { server { listen {{ $tcpServer.Port }}; - proxy_pass {{ $tcpServer.Backend.Namespace }}-{{ $tcpServer.Backend.Name }}-{{ $tcpServer.Backend.Port }}; + proxy_pass tcp-{{ $tcpServer.Backend.Namespace }}-{{ $tcpServer.Backend.Name }}-{{ $tcpServer.Backend.Port }}; } {{ end }} # UDP services {{ range $i, $udpServer := .UDPBackends }} - upstream {{ $udpServer.Backend.Namespace }}-{{ $udpServer.Backend.Name }}-{{ $udpServer.Backend.Port }} { + upstream udp-{{ $udpServer.Backend.Namespace }}-{{ $udpServer.Backend.Name }}-{{ $udpServer.Backend.Port }} { {{ range $j, $endpoint := $udpServer.Endpoints }} server {{ $endpoint.Address }}:{{ $endpoint.Port }}; {{ end }} } server { - listen {{ $udpServer.Port }}; + listen {{ $udpServer.Port }} udp; proxy_responses 1; - proxy_pass {{ $udpServer.Backend.Namespace }}-{{ $udpServer.Backend.Name }}-{{ $udpServer.Backend.Port }}; + proxy_pass udp-{{ $udpServer.Backend.Namespace }}-{{ $udpServer.Backend.Name }}-{{ $udpServer.Backend.Port }}; } {{ end }} } From 49e4e8044cdd0c322d90d060be8c7578ffc2de47 Mon Sep 17 00:00:00 2001 From: Andreas Kohn Date: Tue, 7 Mar 2017 15:27:53 +0100 Subject: [PATCH 3/9] Avoid a nil-reference when the temporary file cannot be created --- core/pkg/net/ssl/ssl.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/pkg/net/ssl/ssl.go b/core/pkg/net/ssl/ssl.go index 2088c2a61..c758423fc 100644 --- a/core/pkg/net/ssl/ssl.go +++ b/core/pkg/net/ssl/ssl.go @@ -43,10 +43,10 @@ func AddOrUpdateCertAndKey(name string, cert, key, ca []byte) (*ingress.SSLCert, tempPemFile, err := ioutil.TempFile(ingress.DefaultSSLDirectory, pemName) - glog.V(3).Infof("Creating temp file %v for Keypair: %v", tempPemFile.Name(), pemName) if err != nil { return nil, fmt.Errorf("could not create temp pem file %v: %v", pemFileName, err) } + glog.V(3).Infof("Creating temp file %v for Keypair: %v", tempPemFile.Name(), pemName) _, err = tempPemFile.Write(cert) if err != nil { From 5749446a37404eee2a0d3247103416dad19eff9e Mon Sep 17 00:00:00 2001 From: Giancarlo Rubio Date: Tue, 14 Mar 2017 14:45:47 +0100 Subject: [PATCH 4/9] skip validation on empty configmap --- core/pkg/ingress/controller/launch.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/core/pkg/ingress/controller/launch.go b/core/pkg/ingress/controller/launch.go index 78704960d..144da3969 100644 --- a/core/pkg/ingress/controller/launch.go +++ b/core/pkg/ingress/controller/launch.go @@ -129,6 +129,11 @@ func NewIngressController(backend ingress.Controller) *GenericController { } for _, configMap := range []string{*configMap, *tcpConfigMapName, *udpConfigMapName} { + + if configMap == "" { + continue + } + _, err = k8s.IsValidConfigMap(kubeClient, configMap) if err != nil { From fc88cdbdd3167ed83121849f7d17c976bd66d03c Mon Sep 17 00:00:00 2001 From: Manuel de Brito Fontes Date: Mon, 13 Mar 2017 22:39:21 -0300 Subject: [PATCH 5/9] Release 0.9-beta.3 --- controllers/nginx/Changelog.md | 69 +++++++++++++++++++ controllers/nginx/Makefile | 2 +- docs/troubleshooting.md | 2 +- .../nginx/nginx-ingress-controller.yaml | 2 +- .../custom-errors/nginx/rc-custom-errors.yaml | 2 +- .../nginx/nginx-ingress-controller.yaml | 2 +- .../custom-template/custom-template.yaml | 2 +- .../nginx/nginx-ingress-daemonset.yaml | 2 +- .../kubeadm/nginx-ingress-controller.yaml | 2 +- .../nginx/nginx-ingress-controller.yaml | 2 +- .../nginx/nginx-ingress-deployment.yaml | 2 +- .../nginx/nginx-ingress-controller.yaml | 2 +- 12 files changed, 80 insertions(+), 11 deletions(-) diff --git a/controllers/nginx/Changelog.md b/controllers/nginx/Changelog.md index 761cda127..69eee1dff 100644 --- a/controllers/nginx/Changelog.md +++ b/controllers/nginx/Changelog.md @@ -1,5 +1,74 @@ Changelog +### 0.9-beta.3 + +**Image:** `gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.3` + +*New Features:* + +- Custom log formats using `log-format-upstream` directive in the configuration configmap. +- Force redirect to SSL using the annotation `ingress.kubernetes.io/force-ssl-redirect` +- Prometheus metric for VTS status module (transparent, just enable vts stats) +- Improved external authentication adding `ingress.kubernetes.io/auth-signin` annotation. Please check this [example](https://github.com/kubernetes/ingress/tree/master/examples/external-auth/nginx) + + +*Breaking changes:* + +- `ssl-dh-param` configuration in configmap is now the name of a secret that contains the Diffie-Hellman key + +*Changes:* + +- [X] [#433](https://github.com/kubernetes/ingress/pull/433) close over the ingress variable or the last assignment will be used +- [X] [#424](https://github.com/kubernetes/ingress/pull/424) Manually sync secrets from certificate authentication annotations +- [X] [#423](https://github.com/kubernetes/ingress/pull/423) Scrap json metrics from nginx vts module when enabled +- [X] [#418](https://github.com/kubernetes/ingress/pull/418) Only update Ingress status for the configured class +- [X] [#415](https://github.com/kubernetes/ingress/pull/415) Improve external authentication docs +- [X] [#410](https://github.com/kubernetes/ingress/pull/410) Add support for "signin url" +- [X] [#409](https://github.com/kubernetes/ingress/pull/409) Allow custom http2 header sizes +- [X] [#408](https://github.com/kubernetes/ingress/pull/408) Review docs +- [X] [#406](https://github.com/kubernetes/ingress/pull/406) Add debug info and fix spelling +- [X] [#402](https://github.com/kubernetes/ingress/pull/402) allow specifying custom dh param +- [X] [#397](https://github.com/kubernetes/ingress/pull/397) Fix external auth +- [X] [#394](https://github.com/kubernetes/ingress/pull/394) Update README.md +- [X] [#392](https://github.com/kubernetes/ingress/pull/392) Fix http2 header size +- [X] [#391](https://github.com/kubernetes/ingress/pull/391) remove tmp nginx-diff files +- [X] [#390](https://github.com/kubernetes/ingress/pull/390) Fix RateLimit comment +- [X] [#385](https://github.com/kubernetes/ingress/pull/385) add Copyright +- [X] [#382](https://github.com/kubernetes/ingress/pull/382) Ingress Fake Certificate generation +- [X] [#380](https://github.com/kubernetes/ingress/pull/380) Fix custom log format +- [X] [#373](https://github.com/kubernetes/ingress/pull/373) Cleanup +- [X] [#371](https://github.com/kubernetes/ingress/pull/371) add configuration to disable listening on ipv6 +- [X] [#370](https://github.com/kubernetes/ingress/pull/270) Add documentation for ingress.kubernetes.io/force-ssl-redirect +- [X] [#369](https://github.com/kubernetes/ingress/pull/369) Minor text fix for "ApiServer" +- [X] [#367](https://github.com/kubernetes/ingress/pull/367) BuildLogFormatUpstream was always using the default log-format +- [X] [#366](https://github.com/kubernetes/ingress/pull/366) add_judgment +- [X] [#365](https://github.com/kubernetes/ingress/pull/365) add ForceSSLRedirect ingress annotation +- [X] [#364](https://github.com/kubernetes/ingress/pull/364) Fix error caused by increasing proxy_buffer_size (#363) +- [X] [#362](https://github.com/kubernetes/ingress/pull/362) Fix ingress class +- [X] [#360](https://github.com/kubernetes/ingress/pull/360) add example of 'run multiple nginx ingress controllers as a deployment' +- [X] [#358](https://github.com/kubernetes/ingress/pull/358) Checks if the TLS secret contains a valid keypair structure +- [X] [#356](https://github.com/kubernetes/ingress/pull/356) Disable listen only on ipv6 and fix proxy_protocol +- [X] [#354](https://github.com/kubernetes/ingress/pull/354) add judgment +- [X] [#352](https://github.com/kubernetes/ingress/pull/352) Add ability to customize upstream and stream log format +- [X] [#351](https://github.com/kubernetes/ingress/pull/351) Enable custom election id for status sync. +- [X] [#347](https://github.com/kubernetes/ingress/pull/347) Fix client source IP address +- [X] [#345](https://github.com/kubernetes/ingress/pull/345) Fix lint error +- [X] [#344](https://github.com/kubernetes/ingress/pull/344) Refactoring of TCP and UDP services +- [X] [#343](https://github.com/kubernetes/ingress/pull/343) Fix node lister when --watch-namespace is used +- [X] [#341](https://github.com/kubernetes/ingress/pull/341) Do not run coverage check in the default target. +- [X] [#340](https://github.com/kubernetes/ingress/pull/340) Add support for specify proxy cookie path/domain +- [X] [#337](https://github.com/kubernetes/ingress/pull/337) Fix for formatting error introduced in #304 +- [X] [#335](https://github.com/kubernetes/ingress/pull/335) Fix for vet complaints: +- [X] [#332](https://github.com/kubernetes/ingress/pull/332) Add annotation to customize nginx configuration +- [X] [#331](https://github.com/kubernetes/ingress/pull/331) Correct spelling mistake +- [X] [#328](https://github.com/kubernetes/ingress/pull/328) fix misspell "affinity" in main.go +- [X] [#326](https://github.com/kubernetes/ingress/pull/326) add nginx daemonset example +- [X] [#311](https://github.com/kubernetes/ingress/pull/311) Sort stream service ports to avoid extra reloads +- [X] [#307](https://github.com/kubernetes/ingress/pull/307) Add docs for body-size annotation +- [X] [#306](https://github.com/kubernetes/ingress/pull/306) modify nginx readme +- [X] [#304](https://github.com/kubernetes/ingress/pull/304) change 'buildSSPassthrouthUpstreams' to 'buildSSLPassthroughUpstreams' + + ### 0.9-beta.2 **Image:** `gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.2` diff --git a/controllers/nginx/Makefile b/controllers/nginx/Makefile index bf22ee4ab..ac1300eb4 100644 --- a/controllers/nginx/Makefile +++ b/controllers/nginx/Makefile @@ -3,7 +3,7 @@ all: push BUILDTAGS= # Use the 0.0 tag for testing, it shouldn't clobber any release builds -RELEASE?=0.9.0-beta.2 +RELEASE?=0.9.0-beta.3 PREFIX?=gcr.io/google_containers/nginx-ingress-controller GOOS?=linux DOCKER?=gcloud docker -- diff --git a/docs/troubleshooting.md b/docs/troubleshooting.md index ab12588bd..877dc152b 100644 --- a/docs/troubleshooting.md +++ b/docs/troubleshooting.md @@ -255,7 +255,7 @@ spec: spec: terminationGracePeriodSeconds: 60 containers: - - image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.2 + - image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.3 name: ingress-nginx imagePullPolicy: Always ports: diff --git a/examples/customization/configuration-snippets/nginx/nginx-ingress-controller.yaml b/examples/customization/configuration-snippets/nginx/nginx-ingress-controller.yaml index c4065804a..5786f03d9 100644 --- a/examples/customization/configuration-snippets/nginx/nginx-ingress-controller.yaml +++ b/examples/customization/configuration-snippets/nginx/nginx-ingress-controller.yaml @@ -19,7 +19,7 @@ spec: # hostNetwork: true terminationGracePeriodSeconds: 60 containers: - - image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.2 + - image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.3 name: nginx-ingress-controller readinessProbe: httpGet: diff --git a/examples/customization/custom-errors/nginx/rc-custom-errors.yaml b/examples/customization/custom-errors/nginx/rc-custom-errors.yaml index d26dcbd5e..3dfbe540c 100644 --- a/examples/customization/custom-errors/nginx/rc-custom-errors.yaml +++ b/examples/customization/custom-errors/nginx/rc-custom-errors.yaml @@ -16,7 +16,7 @@ spec: spec: terminationGracePeriodSeconds: 60 containers: - - image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.2 + - image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.3 name: nginx-ingress-lb imagePullPolicy: Always readinessProbe: diff --git a/examples/customization/custom-headers/nginx/nginx-ingress-controller.yaml b/examples/customization/custom-headers/nginx/nginx-ingress-controller.yaml index c4065804a..5786f03d9 100644 --- a/examples/customization/custom-headers/nginx/nginx-ingress-controller.yaml +++ b/examples/customization/custom-headers/nginx/nginx-ingress-controller.yaml @@ -19,7 +19,7 @@ spec: # hostNetwork: true terminationGracePeriodSeconds: 60 containers: - - image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.2 + - image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.3 name: nginx-ingress-controller readinessProbe: httpGet: diff --git a/examples/customization/custom-template/custom-template.yaml b/examples/customization/custom-template/custom-template.yaml index 168b56b50..d3ca02cb1 100644 --- a/examples/customization/custom-template/custom-template.yaml +++ b/examples/customization/custom-template/custom-template.yaml @@ -16,7 +16,7 @@ spec: spec: terminationGracePeriodSeconds: 60 containers: - - image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.2 + - image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.3 name: nginx-ingress-lb imagePullPolicy: Always readinessProbe: diff --git a/examples/daemonset/nginx/nginx-ingress-daemonset.yaml b/examples/daemonset/nginx/nginx-ingress-daemonset.yaml index 1b476d670..0db798c30 100644 --- a/examples/daemonset/nginx/nginx-ingress-daemonset.yaml +++ b/examples/daemonset/nginx/nginx-ingress-daemonset.yaml @@ -13,7 +13,7 @@ spec: spec: terminationGracePeriodSeconds: 60 containers: - - image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.2 + - image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.3 name: nginx-ingress-lb readinessProbe: httpGet: diff --git a/examples/deployment/nginx/kubeadm/nginx-ingress-controller.yaml b/examples/deployment/nginx/kubeadm/nginx-ingress-controller.yaml index f2ca1072e..11f95e901 100644 --- a/examples/deployment/nginx/kubeadm/nginx-ingress-controller.yaml +++ b/examples/deployment/nginx/kubeadm/nginx-ingress-controller.yaml @@ -71,7 +71,7 @@ spec: hostNetwork: true terminationGracePeriodSeconds: 60 containers: - - image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.2 + - image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.3 name: nginx-ingress-controller readinessProbe: httpGet: diff --git a/examples/deployment/nginx/nginx-ingress-controller.yaml b/examples/deployment/nginx/nginx-ingress-controller.yaml index b610d58f8..9ed25ad7f 100644 --- a/examples/deployment/nginx/nginx-ingress-controller.yaml +++ b/examples/deployment/nginx/nginx-ingress-controller.yaml @@ -19,7 +19,7 @@ spec: # hostNetwork: true terminationGracePeriodSeconds: 60 containers: - - image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.2 + - image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.3 name: nginx-ingress-controller readinessProbe: httpGet: diff --git a/examples/scaling-deployment/nginx/nginx-ingress-deployment.yaml b/examples/scaling-deployment/nginx/nginx-ingress-deployment.yaml index f0ee65b31..d0948773f 100644 --- a/examples/scaling-deployment/nginx/nginx-ingress-deployment.yaml +++ b/examples/scaling-deployment/nginx/nginx-ingress-deployment.yaml @@ -14,7 +14,7 @@ spec: spec: terminationGracePeriodSeconds: 60 containers: - - image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.2 + - image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.3 name: nginx-ingress-controller readinessProbe: httpGet: diff --git a/examples/static-ip/nginx/nginx-ingress-controller.yaml b/examples/static-ip/nginx/nginx-ingress-controller.yaml index d6eb1d512..1417a28eb 100644 --- a/examples/static-ip/nginx/nginx-ingress-controller.yaml +++ b/examples/static-ip/nginx/nginx-ingress-controller.yaml @@ -18,7 +18,7 @@ spec: # hostNetwork: true terminationGracePeriodSeconds: 60 containers: - - image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.2 + - image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.3 name: nginx-ingress-controller readinessProbe: httpGet: From 7eff2f33aba69b94fe33236b0d95cbcee137b31b Mon Sep 17 00:00:00 2001 From: Jeff Grafton Date: Tue, 14 Mar 2017 14:49:21 -0700 Subject: [PATCH 6/9] Fix a few bugs in the nginx-ingress-controller Makefile * make 'clean' use the new path to the built binary * make 'container' depend on 'build' --- controllers/nginx/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/controllers/nginx/Makefile b/controllers/nginx/Makefile index ac1300eb4..058760582 100644 --- a/controllers/nginx/Makefile +++ b/controllers/nginx/Makefile @@ -21,7 +21,7 @@ build: clean -ldflags "-s -w -X ${PKG}/pkg/version.RELEASE=${RELEASE} -X ${PKG}/pkg/version.COMMIT=${COMMIT} -X ${PKG}/pkg/version.REPO=${REPO_INFO}" \ -o rootfs/nginx-ingress-controller ${PKG}/pkg/cmd/controller -container: +container: build $(DOCKER) build --pull -t $(PREFIX):$(RELEASE) rootfs push: container @@ -50,4 +50,4 @@ vet: @go vet $(shell go list ${PKG}/... | grep -v vendor) clean: - rm -f nginx-ingress-controller + rm -f rootfs/nginx-ingress-controller From 75621c85c103b2d0f2cca295be9c6bb24d7689bb Mon Sep 17 00:00:00 2001 From: Giancarlo Rubio Date: Wed, 15 Mar 2017 12:39:39 +0100 Subject: [PATCH 7/9] remove configmap validations . rollback #441, fix #443 --- core/pkg/ingress/controller/launch.go | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/core/pkg/ingress/controller/launch.go b/core/pkg/ingress/controller/launch.go index 144da3969..d532c0653 100644 --- a/core/pkg/ingress/controller/launch.go +++ b/core/pkg/ingress/controller/launch.go @@ -128,19 +128,6 @@ func NewIngressController(backend ingress.Controller) *GenericController { glog.Infof("service %v validated as source of Ingress status", *publishSvc) } - for _, configMap := range []string{*configMap, *tcpConfigMapName, *udpConfigMapName} { - - if configMap == "" { - continue - } - - _, err = k8s.IsValidConfigMap(kubeClient, configMap) - - if err != nil { - glog.Fatalf("%v", err) - } - } - if *watchNamespace != "" { _, err = k8s.IsValidNamespace(kubeClient, *watchNamespace) From c822ac9922f589f3f4e593e12dfb8e9ed956cad4 Mon Sep 17 00:00:00 2001 From: Manuel de Brito Fontes Date: Wed, 15 Mar 2017 08:23:25 -0300 Subject: [PATCH 8/9] Remove snake oil certificate generation --- controllers/nginx/rootfs/Dockerfile | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/controllers/nginx/rootfs/Dockerfile b/controllers/nginx/rootfs/Dockerfile index 6959d6bbc..dc114b925 100644 --- a/controllers/nginx/rootfs/Dockerfile +++ b/controllers/nginx/rootfs/Dockerfile @@ -16,10 +16,8 @@ FROM gcr.io/google_containers/nginx-slim:0.14 RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt-get install -y \ diffutils \ - ssl-cert \ --no-install-recommends \ - && rm -rf /var/lib/apt/lists/* \ - && make-ssl-cert generate-default-snakeoil --force-overwrite + && rm -rf /var/lib/apt/lists/* COPY . / From 9154f4b9e2483105a75c2eb84035215a645a25b2 Mon Sep 17 00:00:00 2001 From: Kirill Levin Date: Wed, 15 Mar 2017 18:22:15 +0300 Subject: [PATCH 9/9] udp-tcp-on-same-port fix --- controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl b/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl index 07a7e7921..73472122f 100644 --- a/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl +++ b/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl @@ -490,7 +490,7 @@ stream { # TCP services {{ range $i, $tcpServer := .TCPBackends }} - upstream {{ $tcpServer.Backend.Namespace }}-{{ $tcpServer.Backend.Name }}-{{ $tcpServer.Backend.Port }} { + upstream tcp-{{ $tcpServer.Backend.Namespace }}-{{ $tcpServer.Backend.Name }}-{{ $tcpServer.Backend.Port }} { {{ range $j, $endpoint := $tcpServer.Endpoints }} server {{ $endpoint.Address }}:{{ $endpoint.Port }}; {{ end }} @@ -498,22 +498,22 @@ stream { server { listen {{ $tcpServer.Port }}; - proxy_pass {{ $tcpServer.Backend.Namespace }}-{{ $tcpServer.Backend.Name }}-{{ $tcpServer.Backend.Port }}; + proxy_pass tcp-{{ $tcpServer.Backend.Namespace }}-{{ $tcpServer.Backend.Name }}-{{ $tcpServer.Backend.Port }}; } {{ end }} # UDP services {{ range $i, $udpServer := .UDPBackends }} - upstream {{ $udpServer.Backend.Namespace }}-{{ $udpServer.Backend.Name }}-{{ $udpServer.Backend.Port }} { + upstream udp-{{ $udpServer.Backend.Namespace }}-{{ $udpServer.Backend.Name }}-{{ $udpServer.Backend.Port }} { {{ range $j, $endpoint := $udpServer.Endpoints }} server {{ $endpoint.Address }}:{{ $endpoint.Port }}; {{ end }} } server { - listen {{ $udpServer.Port }}; + listen {{ $udpServer.Port }} udp; proxy_responses 1; - proxy_pass {{ $udpServer.Backend.Namespace }}-{{ $udpServer.Backend.Name }}-{{ $udpServer.Backend.Port }}; + proxy_pass udp-{{ $udpServer.Backend.Namespace }}-{{ $udpServer.Backend.Name }}-{{ $udpServer.Backend.Port }}; } {{ end }} }