DevFW-CICD/ingress-nginx-helm
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #2333 from oilbeater/fix/disable-lua

Browse source 
disable lua for arch s390x and ppc64le
This commit is contained in:
k8s-ci-robot 2018-04-12 05:46:58 -07:00 committed by GitHub
commit 353c63153e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 21 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
cmd/nginx/flags.go
View file

@ -195,10 +195,14 @@ func parseFlags() (bool, *controller.Configuration, error) {
glog.Warningf("Check of SSL certificate chain is disabled (--enable-ssl-chain-completion=false)") glog.Warningf("Check of SSL certificate chain is disabled (--enable-ssl-chain-completion=false)")
} }
if *dynamicConfigurationEnabled && (runtime.GOARCH == "s390x" || runtime.GOARCH == "ppc64le") { // LuaJIT is not available on arch s390x and ppc64le
b := false disableLua := false
dynamicConfigurationEnabled = &b if runtime.GOARCH == "s390x" || runtime.GOARCH == "ppc64le" {
glog.Warningf("Disabling dynamic configuration feature (LuaJIT is not available in s390x and ppc64le)") disableLua = true
if *dynamicConfigurationEnabled {
*dynamicConfigurationEnabled = false
glog.Warningf("Disabling dynamic configuration feature (LuaJIT is not available in s390x and ppc64le)")
}
} }
config := &controller.Configuration{ config := &controller.Configuration{
@ -225,6 +229,7 @@ func parseFlags() (bool, *controller.Configuration, error) {
UseNodeInternalIP: *useNodeInternalIP, UseNodeInternalIP: *useNodeInternalIP,
SyncRateLimit: *syncRateLimit, SyncRateLimit: *syncRateLimit,
DynamicConfigurationEnabled: *dynamicConfigurationEnabled, DynamicConfigurationEnabled: *dynamicConfigurationEnabled,
DisableLua: disableLua,
ListenPorts: &ngx_config.ListenPorts{ ListenPorts: &ngx_config.ListenPorts{
Default: *defServerPort, Default: *defServerPort,
Health: *healthzPort, Health: *healthzPort,

2
internal/file/bindata.go
View file

File diff suppressed because one or more lines are too long

1
internal/ingress/controller/config/config.go
View file

@ -657,6 +657,7 @@ type TemplateConfig struct {
ListenPorts *ListenPorts ListenPorts *ListenPorts
PublishService *apiv1.Service PublishService *apiv1.Service
DynamicConfigurationEnabled bool DynamicConfigurationEnabled bool
DisableLua bool
} }
// ListenPorts describe the ports required to run the // ListenPorts describe the ports required to run the

2
internal/ingress/controller/controller.go
View file

@ -97,6 +97,8 @@ type Configuration struct {
SyncRateLimit float32 SyncRateLimit float32
DynamicConfigurationEnabled bool DynamicConfigurationEnabled bool
DisableLua bool
} }
// GetPublishService returns the configured service used to set ingress status // GetPublishService returns the configured service used to set ingress status

1
internal/ingress/controller/nginx.go
View file

@ -628,6 +628,7 @@ func (n *NGINXController) OnUpdate(ingressCfg ingress.Configuration) error {
ListenPorts: n.cfg.ListenPorts, ListenPorts: n.cfg.ListenPorts,
PublishService: n.GetPublishService(), PublishService: n.GetPublishService(),
DynamicConfigurationEnabled: n.cfg.DynamicConfigurationEnabled, DynamicConfigurationEnabled: n.cfg.DynamicConfigurationEnabled,
DisableLua: n.cfg.DisableLua,
} }
content, err := n.t.Write(tc) content, err := n.t.Write(tc)

9
rootfs/etc/nginx/template/nginx.tmpl
View file

@ -36,6 +36,7 @@ events {
} }
http { http {
{{ if not $all.DisableLua }}
lua_package_cpath "/usr/local/lib/lua/?.so;/usr/lib/x86_64-linux-gnu/lua/5.1/?.so;;"; lua_package_cpath "/usr/local/lib/lua/?.so;/usr/lib/x86_64-linux-gnu/lua/5.1/?.so;;";
lua_package_path "/etc/nginx/lua/?.lua;/etc/nginx/lua/vendor/?.lua;/usr/local/lib/lua/?.lua;;"; lua_package_path "/etc/nginx/lua/?.lua;/etc/nginx/lua/vendor/?.lua;/usr/local/lib/lua/?.lua;;";
@ -73,6 +74,7 @@ http {
balancer.init_worker() balancer.init_worker()
} }
{{ end }} {{ end }}
{{ end }}
{{/* we use the value of the header X-Forwarded-For to be able to use the geo_ip module */}} {{/* we use the value of the header X-Forwarded-For to be able to use the geo_ip module */}}
{{ if $cfg.UseProxyProtocol }} {{ if $cfg.UseProxyProtocol }}
real_ip_header proxy_protocol; real_ip_header proxy_protocol;
@ -494,7 +496,7 @@ http {
access_log off; access_log off;
return 200; return 200;
} }
{{ if not $all.DisableLua }}
location /is-dynamic-lb-initialized { location /is-dynamic-lb-initialized {
{{ if $cfg.EnableOpentracing }} {{ if $cfg.EnableOpentracing }}
opentracing off; opentracing off;
@ -513,7 +515,7 @@ http {
ngx.exit(ngx.HTTP_OK) ngx.exit(ngx.HTTP_OK)
} }
} }
{{ end }}
location /nginx_status { location /nginx_status {
set $proxy_upstream_name "internal"; set $proxy_upstream_name "internal";
{{ if $cfg.EnableOpentracing }} {{ if $cfg.EnableOpentracing }}
@ -816,6 +818,7 @@ stream {
{{ end }} {{ end }}
location {{ $path }} { location {{ $path }} {
{{ if not $all.DisableLua }}
{{ if shouldConfigureLuaRestyWAF $all.Cfg.DisableLuaRestyWAF $location.LuaRestyWAF.Mode }} {{ if shouldConfigureLuaRestyWAF $all.Cfg.DisableLuaRestyWAF $location.LuaRestyWAF.Mode }}
access_by_lua_block { access_by_lua_block {
local lua_resty_waf = require("resty.waf") local lua_resty_waf = require("resty.waf")
@ -866,6 +869,8 @@ stream {
balancer.call() balancer.call()
{{ end }} {{ end }}
} }
{{ end }}
{{ if (and (not (empty $server.SSLCertificate)) $all.Cfg.HSTS) }} {{ if (and (not (empty $server.SSLCertificate)) $all.Cfg.HSTS) }}
if ($scheme = https) { if ($scheme = https) {
more_set_headers "Strict-Transport-Security: max-age={{ $all.Cfg.HSTSMaxAge }}{{ if $all.Cfg.HSTSIncludeSubdomains }}; includeSubDomains{{ end }}{{ if $all.Cfg.HSTSPreload }}; preload{{ end }}"; more_set_headers "Strict-Transport-Security: max-age={{ $all.Cfg.HSTSMaxAge }}{{ if $all.Cfg.HSTSIncludeSubdomains }}; includeSubDomains{{ end }}{{ if $all.Cfg.HSTSPreload }}; preload{{ end }}";