Merge pull request #3198 from aledbf/only-dynamic
Only support dynamic configuration
This commit is contained in:
k8s-ci-robot
GitHub
commit
3edf11b85f
12 changed files with 134 additions and 328 deletions
|
|
@ -20,7 +20,6 @@ import (
|
|||
"flag"
|
||||
"fmt"
|
||||
"os"
|
||||
"runtime"
|
||||
|
||||
"github.com/golang/glog"
|
||||
"github.com/spf13/pflag"
|
||||
|
|
@ -130,10 +129,6 @@ extension for this to succeed.`)
|
|||
`Customized address to set as the load-balancer status of Ingress objects this controller satisfies.
|
||||
Requires the update-status parameter.`)
|
||||
|
||||
dynamicConfigurationEnabled = flags.Bool("enable-dynamic-configuration", true,
|
||||
`Dynamically refresh backends on topology changes instead of reloading NGINX.
|
||||
Feature backed by OpenResty Lua libraries.`)
|
||||
|
||||
dynamicCertificatesEnabled = flags.Bool("enable-dynamic-certificates", false,
|
||||
`Dynamically update SSL certificates instead of reloading NGINX.
|
||||
Feature backed by OpenResty Lua libraries. Requires that OCSP stapling is not enabled`)
|
||||
|
|
@ -200,7 +195,7 @@ Feature backed by OpenResty Lua libraries. Requires that OCSP stapling is not en
|
|||
glog.Warningf("SSL certificate chain completion is disabled (--enable-ssl-chain-completion=false)")
|
||||
}
|
||||
|
||||
if (*enableSSLChainCompletion || !*dynamicConfigurationEnabled) && *dynamicCertificatesEnabled {
|
||||
if *enableSSLChainCompletion && *dynamicCertificatesEnabled {
|
||||
return false, nil, fmt.Errorf(`SSL certificate chain completion cannot be enabled and dynamic configuration cannot be disabled when
|
||||
dynamic certificates functionality is enabled. Please check the flags --enable-ssl-chain-completion and --enable-dynamic-configuration`)
|
||||
}
|
||||
|
|
@ -209,40 +204,28 @@ dynamic certificates functionality is enabled. Please check the flags --enable-s
|
|||
return false, nil, fmt.Errorf("Flags --publish-service and --publish-status-address are mutually exclusive")
|
||||
}
|
||||
|
||||
// LuaJIT is not available on arch s390x and ppc64le
|
||||
disableLua := false
|
||||
if runtime.GOARCH == "s390x" || runtime.GOARCH == "ppc64le" {
|
||||
disableLua = true
|
||||
if *dynamicConfigurationEnabled {
|
||||
*dynamicConfigurationEnabled = false
|
||||
glog.Warningf("LuaJIT is not available on s390x and ppc64le architectures: disabling dynamic configuration feature.")
|
||||
}
|
||||
}
|
||||
|
||||
config := &controller.Configuration{
|
||||
APIServerHost: *apiserverHost,
|
||||
KubeConfigFile: *kubeConfigFile,
|
||||
UpdateStatus: *updateStatus,
|
||||
ElectionID: *electionID,
|
||||
EnableProfiling: *profiling,
|
||||
EnableSSLPassthrough: *enableSSLPassthrough,
|
||||
EnableSSLChainCompletion: *enableSSLChainCompletion,
|
||||
ResyncPeriod: *resyncPeriod,
|
||||
DefaultService: *defaultSvc,
|
||||
Namespace: *watchNamespace,
|
||||
ConfigMapName: *configMap,
|
||||
DefaultSSLCertificate: *defSSLCertificate,
|
||||
DefaultHealthzURL: *defHealthzURL,
|
||||
PublishService: *publishSvc,
|
||||
PublishStatusAddress: *publishStatusAddress,
|
||||
ForceNamespaceIsolation: *forceIsolation,
|
||||
UpdateStatusOnShutdown: *updateStatusOnShutdown,
|
||||
SortBackends: *sortBackends,
|
||||
UseNodeInternalIP: *useNodeInternalIP,
|
||||
SyncRateLimit: *syncRateLimit,
|
||||
DynamicConfigurationEnabled: *dynamicConfigurationEnabled,
|
||||
DisableLua: disableLua,
|
||||
DynamicCertificatesEnabled: *dynamicCertificatesEnabled,
|
||||
APIServerHost: *apiserverHost,
|
||||
KubeConfigFile: *kubeConfigFile,
|
||||
UpdateStatus: *updateStatus,
|
||||
ElectionID: *electionID,
|
||||
EnableProfiling: *profiling,
|
||||
EnableSSLPassthrough: *enableSSLPassthrough,
|
||||
EnableSSLChainCompletion: *enableSSLChainCompletion,
|
||||
ResyncPeriod: *resyncPeriod,
|
||||
DefaultService: *defaultSvc,
|
||||
Namespace: *watchNamespace,
|
||||
ConfigMapName: *configMap,
|
||||
DefaultSSLCertificate: *defSSLCertificate,
|
||||
DefaultHealthzURL: *defHealthzURL,
|
||||
PublishService: *publishSvc,
|
||||
PublishStatusAddress: *publishStatusAddress,
|
||||
ForceNamespaceIsolation: *forceIsolation,
|
||||
UpdateStatusOnShutdown: *updateStatusOnShutdown,
|
||||
SortBackends: *sortBackends,
|
||||
UseNodeInternalIP: *useNodeInternalIP,
|
||||
SyncRateLimit: *syncRateLimit,
|
||||
DynamicCertificatesEnabled: *dynamicCertificatesEnabled,
|
||||
ListenPorts: &ngx_config.ListenPorts{
|
||||
Default: *defServerPort,
|
||||
Health: *healthzPort,
|
||||
|
|
|
|||
|
|
@ -44,15 +44,13 @@ func (n *NGINXController) Check(_ *http.Request) error {
|
|||
return fmt.Errorf("ingress controller is not healthy")
|
||||
}
|
||||
|
||||
if n.cfg.DynamicConfigurationEnabled {
|
||||
res, err := http.Get(fmt.Sprintf("http://127.0.0.1:%v/is-dynamic-lb-initialized", n.cfg.ListenPorts.Status))
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
defer res.Body.Close()
|
||||
if res.StatusCode != 200 {
|
||||
return fmt.Errorf("dynamic load balancer not started")
|
||||
}
|
||||
res, err = http.Get(fmt.Sprintf("http://127.0.0.1:%v/is-dynamic-lb-initialized", n.cfg.ListenPorts.Status))
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
defer res.Body.Close()
|
||||
if res.StatusCode != 200 {
|
||||
return fmt.Errorf("dynamic load balancer not started")
|
||||
}
|
||||
|
||||
// check the nginx master process is running
|
||||
|
|
|
|||
|
|
@ -685,26 +685,24 @@ func (cfg Configuration) BuildLogFormatUpstream() string {
|
|||
|
||||
// TemplateConfig contains the nginx configuration to render the file nginx.conf
|
||||
type TemplateConfig struct {
|
||||
ProxySetHeaders map[string]string
|
||||
AddHeaders map[string]string
|
||||
MaxOpenFiles int
|
||||
BacklogSize int
|
||||
Backends []*ingress.Backend
|
||||
PassthroughBackends []*ingress.SSLPassthroughBackend
|
||||
Servers []*ingress.Server
|
||||
HealthzURI string
|
||||
CustomErrors bool
|
||||
Cfg Configuration
|
||||
IsIPV6Enabled bool
|
||||
IsSSLPassthroughEnabled bool
|
||||
NginxStatusIpv4Whitelist []string
|
||||
NginxStatusIpv6Whitelist []string
|
||||
RedirectServers map[string]string
|
||||
ListenPorts *ListenPorts
|
||||
PublishService *apiv1.Service
|
||||
DynamicConfigurationEnabled bool
|
||||
DynamicCertificatesEnabled bool
|
||||
DisableLua bool
|
||||
ProxySetHeaders map[string]string
|
||||
AddHeaders map[string]string
|
||||
MaxOpenFiles int
|
||||
BacklogSize int
|
||||
Backends []*ingress.Backend
|
||||
PassthroughBackends []*ingress.SSLPassthroughBackend
|
||||
Servers []*ingress.Server
|
||||
HealthzURI string
|
||||
CustomErrors bool
|
||||
Cfg Configuration
|
||||
IsIPV6Enabled bool
|
||||
IsSSLPassthroughEnabled bool
|
||||
NginxStatusIpv4Whitelist []string
|
||||
NginxStatusIpv6Whitelist []string
|
||||
RedirectServers map[string]string
|
||||
ListenPorts *ListenPorts
|
||||
PublishService *apiv1.Service
|
||||
DynamicCertificatesEnabled bool
|
||||
}
|
||||
|
||||
// ListenPorts describe the ports required to run the
|
||||
|
|
|
|||
|
|
@ -86,10 +86,6 @@ type Configuration struct {
|
|||
|
||||
SyncRateLimit float32
|
||||
|
||||
DynamicConfigurationEnabled bool
|
||||
|
||||
DisableLua bool
|
||||
|
||||
DynamicCertificatesEnabled bool
|
||||
}
|
||||
|
||||
|
|
@ -162,9 +158,7 @@ func (n *NGINXController) syncIngress(interface{}) error {
|
|||
return nil
|
||||
}
|
||||
|
||||
if n.cfg.DynamicConfigurationEnabled && n.IsDynamicConfigurationEnough(pcfg) {
|
||||
glog.Infof("Changes handled by the dynamic configuration, skipping backend reload.")
|
||||
} else {
|
||||
if !n.IsDynamicConfigurationEnough(pcfg) {
|
||||
glog.Infof("Configuration changes detected, backend reload required.")
|
||||
|
||||
hash, _ := hashstructure.Hash(pcfg, &hashstructure.HashOptions{
|
||||
|
|
@ -189,23 +183,21 @@ func (n *NGINXController) syncIngress(interface{}) error {
|
|||
n.metricCollector.SetSSLExpireTime(servers)
|
||||
}
|
||||
|
||||
if n.cfg.DynamicConfigurationEnabled {
|
||||
isFirstSync := n.runningConfig.Equal(&ingress.Configuration{})
|
||||
go func(isFirstSync bool) {
|
||||
if isFirstSync {
|
||||
glog.Infof("Initial synchronization of the NGINX configuration.")
|
||||
isFirstSync := n.runningConfig.Equal(&ingress.Configuration{})
|
||||
go func(isFirstSync bool) {
|
||||
if isFirstSync {
|
||||
glog.Infof("Initial synchronization of the NGINX configuration.")
|
||||
|
||||
// it takes time for NGINX to start listening on the configured ports
|
||||
time.Sleep(1 * time.Second)
|
||||
}
|
||||
err := configureDynamically(pcfg, n.cfg.ListenPorts.Status, n.cfg.DynamicCertificatesEnabled)
|
||||
if err == nil {
|
||||
glog.Infof("Dynamic reconfiguration succeeded.")
|
||||
} else {
|
||||
glog.Warningf("Dynamic reconfiguration failed: %v", err)
|
||||
}
|
||||
}(isFirstSync)
|
||||
}
|
||||
// it takes time for NGINX to start listening on the configured ports
|
||||
time.Sleep(1 * time.Second)
|
||||
}
|
||||
err := configureDynamically(pcfg, n.cfg.ListenPorts.Status, n.cfg.DynamicCertificatesEnabled)
|
||||
if err == nil {
|
||||
glog.Infof("Dynamic reconfiguration succeeded.")
|
||||
} else {
|
||||
glog.Warningf("Dynamic reconfiguration failed: %v", err)
|
||||
}
|
||||
}(isFirstSync)
|
||||
|
||||
ri := getRemovedIngresses(n.runningConfig, pcfg)
|
||||
re := getRemovedHosts(n.runningConfig, pcfg)
|
||||
|
|
|
|||
|
|
@ -571,26 +571,24 @@ func (n *NGINXController) OnUpdate(ingressCfg ingress.Configuration) error {
|
|||
cfg.SSLDHParam = sslDHParam
|
||||
|
||||
tc := ngx_config.TemplateConfig{
|
||||
ProxySetHeaders: setHeaders,
|
||||
AddHeaders: addHeaders,
|
||||
MaxOpenFiles: maxOpenFiles,
|
||||
BacklogSize: sysctlSomaxconn(),
|
||||
Backends: ingressCfg.Backends,
|
||||
PassthroughBackends: ingressCfg.PassthroughBackends,
|
||||
Servers: ingressCfg.Servers,
|
||||
HealthzURI: ngxHealthPath,
|
||||
CustomErrors: len(cfg.CustomHTTPErrors) > 0,
|
||||
Cfg: cfg,
|
||||
IsIPV6Enabled: n.isIPV6Enabled && !cfg.DisableIpv6,
|
||||
NginxStatusIpv4Whitelist: cfg.NginxStatusIpv4Whitelist,
|
||||
NginxStatusIpv6Whitelist: cfg.NginxStatusIpv6Whitelist,
|
||||
RedirectServers: redirectServers,
|
||||
IsSSLPassthroughEnabled: n.cfg.EnableSSLPassthrough,
|
||||
ListenPorts: n.cfg.ListenPorts,
|
||||
PublishService: n.GetPublishService(),
|
||||
DynamicConfigurationEnabled: n.cfg.DynamicConfigurationEnabled,
|
||||
DynamicCertificatesEnabled: n.cfg.DynamicCertificatesEnabled,
|
||||
DisableLua: n.cfg.DisableLua,
|
||||
ProxySetHeaders: setHeaders,
|
||||
AddHeaders: addHeaders,
|
||||
MaxOpenFiles: maxOpenFiles,
|
||||
BacklogSize: sysctlSomaxconn(),
|
||||
Backends: ingressCfg.Backends,
|
||||
PassthroughBackends: ingressCfg.PassthroughBackends,
|
||||
Servers: ingressCfg.Servers,
|
||||
HealthzURI: ngxHealthPath,
|
||||
CustomErrors: len(cfg.CustomHTTPErrors) > 0,
|
||||
Cfg: cfg,
|
||||
IsIPV6Enabled: n.isIPV6Enabled && !cfg.DisableIpv6,
|
||||
NginxStatusIpv4Whitelist: cfg.NginxStatusIpv4Whitelist,
|
||||
NginxStatusIpv6Whitelist: cfg.NginxStatusIpv6Whitelist,
|
||||
RedirectServers: redirectServers,
|
||||
IsSSLPassthroughEnabled: n.cfg.EnableSSLPassthrough,
|
||||
ListenPorts: n.cfg.ListenPorts,
|
||||
PublishService: n.GetPublishService(),
|
||||
DynamicCertificatesEnabled: n.cfg.DynamicCertificatesEnabled,
|
||||
}
|
||||
|
||||
tc.Cfg.Checksum = ingressCfg.ConfigurationChecksum
|
||||
|
|
|
|||
|
|
@ -198,24 +198,20 @@ func shouldConfigureLuaRestyWAF(disableLuaRestyWAF bool, mode string) bool {
|
|||
return false
|
||||
}
|
||||
|
||||
func buildLuaSharedDictionaries(s interface{}, dynamicConfigurationEnabled bool, disableLuaRestyWAF bool) string {
|
||||
func buildLuaSharedDictionaries(s interface{}, disableLuaRestyWAF bool) string {
|
||||
servers, ok := s.([]*ingress.Server)
|
||||
if !ok {
|
||||
glog.Errorf("expected an '[]*ingress.Server' type but %T was returned", s)
|
||||
return ""
|
||||
}
|
||||
|
||||
out := []string{}
|
||||
|
||||
if dynamicConfigurationEnabled {
|
||||
out = append(out,
|
||||
"lua_shared_dict configuration_data 5M",
|
||||
"lua_shared_dict certificate_data 16M",
|
||||
"lua_shared_dict locks 512k",
|
||||
"lua_shared_dict balancer_ewma 1M",
|
||||
"lua_shared_dict balancer_ewma_last_touched_at 1M",
|
||||
"lua_shared_dict sticky_sessions 1M",
|
||||
)
|
||||
out := []string{
|
||||
"lua_shared_dict configuration_data 5M",
|
||||
"lua_shared_dict certificate_data 16M",
|
||||
"lua_shared_dict locks 512k",
|
||||
"lua_shared_dict balancer_ewma 1M",
|
||||
"lua_shared_dict balancer_ewma_last_touched_at 1M",
|
||||
"lua_shared_dict sticky_sessions 1M",
|
||||
}
|
||||
|
||||
if !disableLuaRestyWAF {
|
||||
|
|
@ -439,7 +435,7 @@ func buildLoadBalancingConfig(b interface{}, fallbackLoadBalancing string) strin
|
|||
// (specified through the nginx.ingress.kubernetes.io/rewrite-target annotation)
|
||||
// If the annotation nginx.ingress.kubernetes.io/add-base-url:"true" is specified it will
|
||||
// add a base tag in the head of the response from the service
|
||||
func buildProxyPass(host string, b interface{}, loc interface{}, dynamicConfigurationEnabled bool) string {
|
||||
func buildProxyPass(host string, b interface{}, loc interface{}) string {
|
||||
backends, ok := b.([]*ingress.Backend)
|
||||
if !ok {
|
||||
glog.Errorf("expected an '[]*ingress.Backend' type but %T was returned", b)
|
||||
|
|
@ -473,10 +469,6 @@ func buildProxyPass(host string, b interface{}, loc interface{}, dynamicConfigur
|
|||
|
||||
upstreamName := "upstream_balancer"
|
||||
|
||||
if !dynamicConfigurationEnabled {
|
||||
upstreamName = location.Backend
|
||||
}
|
||||
|
||||
for _, backend := range backends {
|
||||
if backend.Name == location.Backend {
|
||||
if backend.SSLPassthrough {
|
||||
|
|
@ -487,10 +479,6 @@ func buildProxyPass(host string, b interface{}, loc interface{}, dynamicConfigur
|
|||
}
|
||||
}
|
||||
|
||||
if !dynamicConfigurationEnabled && isSticky(host, location, backend.SessionAffinity.CookieSessionAffinity.Locations) {
|
||||
upstreamName = fmt.Sprintf("sticky-%v", upstreamName)
|
||||
}
|
||||
|
||||
break
|
||||
}
|
||||
}
|
||||
|
|
@ -724,14 +712,7 @@ func buildDenyVariable(a interface{}) string {
|
|||
return fmt.Sprintf("$deny_%v", denyPathSlugMap[l])
|
||||
}
|
||||
|
||||
func buildUpstreamName(host string, b interface{}, loc interface{}, dynamicConfigurationEnabled bool) string {
|
||||
|
||||
backends, ok := b.([]*ingress.Backend)
|
||||
if !ok {
|
||||
glog.Errorf("expected an '[]*ingress.Backend' type but %T was returned", b)
|
||||
return ""
|
||||
}
|
||||
|
||||
func buildUpstreamName(loc interface{}) string {
|
||||
location, ok := loc.(*ingress.Location)
|
||||
if !ok {
|
||||
glog.Errorf("expected a '*ingress.Location' type but %T was returned", loc)
|
||||
|
|
@ -740,19 +721,6 @@ func buildUpstreamName(host string, b interface{}, loc interface{}, dynamicConfi
|
|||
|
||||
upstreamName := location.Backend
|
||||
|
||||
if !dynamicConfigurationEnabled {
|
||||
for _, backend := range backends {
|
||||
if backend.Name == location.Backend {
|
||||
if backend.SessionAffinity.AffinityType == "cookie" &&
|
||||
isSticky(host, location, backend.SessionAffinity.CookieSessionAffinity.Locations) {
|
||||
upstreamName = fmt.Sprintf("sticky-%v", upstreamName)
|
||||
}
|
||||
|
||||
break
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return upstreamName
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -40,41 +40,26 @@ import (
|
|||
var (
|
||||
// TODO: add tests for SSLPassthrough
|
||||
tmplFuncTestcases = map[string]struct {
|
||||
Path string
|
||||
Target string
|
||||
Location string
|
||||
ProxyPass string
|
||||
AddBaseURL bool
|
||||
BaseURLScheme string
|
||||
Sticky bool
|
||||
XForwardedPrefix bool
|
||||
DynamicConfigurationEnabled bool
|
||||
SecureBackend bool
|
||||
enforceRegex bool
|
||||
Path string
|
||||
Target string
|
||||
Location string
|
||||
ProxyPass string
|
||||
AddBaseURL bool
|
||||
BaseURLScheme string
|
||||
Sticky bool
|
||||
XForwardedPrefix bool
|
||||
SecureBackend bool
|
||||
enforceRegex bool
|
||||
}{
|
||||
"when secure backend enabled": {
|
||||
"/",
|
||||
"/",
|
||||
"/",
|
||||
"proxy_pass https://upstream-name;",
|
||||
"proxy_pass https://upstream_balancer;",
|
||||
false,
|
||||
"",
|
||||
false,
|
||||
false,
|
||||
false,
|
||||
true,
|
||||
false,
|
||||
},
|
||||
"when secure backend and stickeness enabled": {
|
||||
"/",
|
||||
"/",
|
||||
"/",
|
||||
"proxy_pass https://sticky-upstream-name;",
|
||||
false,
|
||||
"",
|
||||
true,
|
||||
false,
|
||||
false,
|
||||
true,
|
||||
false,
|
||||
},
|
||||
|
|
@ -88,8 +73,8 @@ var (
|
|||
false,
|
||||
false,
|
||||
true,
|
||||
true,
|
||||
false},
|
||||
false,
|
||||
},
|
||||
"when secure backend, stickeness and dynamic config enabled": {
|
||||
"/",
|
||||
"/",
|
||||
|
|
@ -100,7 +85,6 @@ var (
|
|||
true,
|
||||
false,
|
||||
true,
|
||||
true,
|
||||
false,
|
||||
},
|
||||
"invalid redirect / to / with dynamic config enabled": {
|
||||
|
|
@ -112,7 +96,6 @@ var (
|
|||
"",
|
||||
false,
|
||||
false,
|
||||
true,
|
||||
false,
|
||||
false,
|
||||
},
|
||||
|
|
@ -120,14 +103,13 @@ var (
|
|||
"/",
|
||||
"/",
|
||||
"/",
|
||||
"proxy_pass http://upstream-name;",
|
||||
"proxy_pass http://upstream_balancer;",
|
||||
false,
|
||||
"",
|
||||
false,
|
||||
false,
|
||||
false,
|
||||
false,
|
||||
false,
|
||||
},
|
||||
"redirect / to /jenkins": {
|
||||
"/",
|
||||
|
|
@ -136,14 +118,13 @@ var (
|
|||
`
|
||||
rewrite "(?i)/(.*)" /jenkins/$1 break;
|
||||
rewrite "(?i)/$" /jenkins/ break;
|
||||
proxy_pass http://upstream-name;
|
||||
proxy_pass http://upstream_balancer;
|
||||
`,
|
||||
false,
|
||||
"",
|
||||
false,
|
||||
false,
|
||||
false,
|
||||
false,
|
||||
true,
|
||||
},
|
||||
"redirect /something to /": {
|
||||
|
|
@ -153,14 +134,13 @@ proxy_pass http://upstream-name;
|
|||
`
|
||||
rewrite "(?i)/something/(.*)" /$1 break;
|
||||
rewrite "(?i)/something$" / break;
|
||||
proxy_pass http://upstream-name;
|
||||
proxy_pass http://upstream_balancer;
|
||||
`,
|
||||
false,
|
||||
"",
|
||||
false,
|
||||
false,
|
||||
false,
|
||||
false,
|
||||
true,
|
||||
},
|
||||
"redirect /end-with-slash/ to /not-root": {
|
||||
|
|
@ -170,14 +150,13 @@ proxy_pass http://upstream-name;
|
|||
`
|
||||
rewrite "(?i)/end-with-slash/(.*)" /not-root/$1 break;
|
||||
rewrite "(?i)/end-with-slash/$" /not-root/ break;
|
||||
proxy_pass http://upstream-name;
|
||||
proxy_pass http://upstream_balancer;
|
||||
`,
|
||||
false,
|
||||
"",
|
||||
false,
|
||||
false,
|
||||
false,
|
||||
false,
|
||||
true,
|
||||
},
|
||||
"redirect /something-complex to /not-root": {
|
||||
|
|
@ -187,14 +166,13 @@ proxy_pass http://upstream-name;
|
|||
`
|
||||
rewrite "(?i)/something-complex/(.*)" /not-root/$1 break;
|
||||
rewrite "(?i)/something-complex$" /not-root/ break;
|
||||
proxy_pass http://upstream-name;
|
||||
proxy_pass http://upstream_balancer;
|
||||
`,
|
||||
false,
|
||||
"",
|
||||
false,
|
||||
false,
|
||||
false,
|
||||
false,
|
||||
true,
|
||||
},
|
||||
"redirect / to /jenkins and rewrite": {
|
||||
|
|
@ -204,7 +182,7 @@ proxy_pass http://upstream-name;
|
|||
`
|
||||
rewrite "(?i)/(.*)" /jenkins/$1 break;
|
||||
rewrite "(?i)/$" /jenkins/ break;
|
||||
proxy_pass http://upstream-name;
|
||||
proxy_pass http://upstream_balancer;
|
||||
|
||||
set_escape_uri $escaped_base_uri $baseuri;
|
||||
subs_filter '(<(?:H|h)(?:E|e)(?:A|a)(?:D|d)(?:[^">]|"[^"]*")*>)' '$1<base href="$scheme://$http_host/$escaped_base_uri">' ro;
|
||||
|
|
@ -214,7 +192,6 @@ subs_filter '(<(?:H|h)(?:E|e)(?:A|a)(?:D|d)(?:[^">]|"[^"]*")*>)' '$1<base href="
|
|||
false,
|
||||
false,
|
||||
false,
|
||||
false,
|
||||
true,
|
||||
},
|
||||
"redirect /something to / and rewrite": {
|
||||
|
|
@ -224,7 +201,7 @@ subs_filter '(<(?:H|h)(?:E|e)(?:A|a)(?:D|d)(?:[^">]|"[^"]*")*>)' '$1<base href="
|
|||
`
|
||||
rewrite "(?i)/something/(.*)" /$1 break;
|
||||
rewrite "(?i)/something$" / break;
|
||||
proxy_pass http://upstream-name;
|
||||
proxy_pass http://upstream_balancer;
|
||||
|
||||
set_escape_uri $escaped_base_uri $baseuri;
|
||||
subs_filter '(<(?:H|h)(?:E|e)(?:A|a)(?:D|d)(?:[^">]|"[^"]*")*>)' '$1<base href="$scheme://$http_host/something/$escaped_base_uri">' ro;
|
||||
|
|
@ -234,7 +211,6 @@ subs_filter '(<(?:H|h)(?:E|e)(?:A|a)(?:D|d)(?:[^">]|"[^"]*")*>)' '$1<base href="
|
|||
false,
|
||||
false,
|
||||
false,
|
||||
false,
|
||||
true,
|
||||
},
|
||||
"redirect /end-with-slash/ to /not-root and rewrite": {
|
||||
|
|
@ -244,7 +220,7 @@ subs_filter '(<(?:H|h)(?:E|e)(?:A|a)(?:D|d)(?:[^">]|"[^"]*")*>)' '$1<base href="
|
|||
`
|
||||
rewrite "(?i)/end-with-slash/(.*)" /not-root/$1 break;
|
||||
rewrite "(?i)/end-with-slash/$" /not-root/ break;
|
||||
proxy_pass http://upstream-name;
|
||||
proxy_pass http://upstream_balancer;
|
||||
|
||||
set_escape_uri $escaped_base_uri $baseuri;
|
||||
subs_filter '(<(?:H|h)(?:E|e)(?:A|a)(?:D|d)(?:[^">]|"[^"]*")*>)' '$1<base href="$scheme://$http_host/end-with-slash/$escaped_base_uri">' ro;
|
||||
|
|
@ -254,7 +230,6 @@ subs_filter '(<(?:H|h)(?:E|e)(?:A|a)(?:D|d)(?:[^">]|"[^"]*")*>)' '$1<base href="
|
|||
false,
|
||||
false,
|
||||
false,
|
||||
false,
|
||||
true,
|
||||
},
|
||||
"redirect /something-complex to /not-root and rewrite": {
|
||||
|
|
@ -264,7 +239,7 @@ subs_filter '(<(?:H|h)(?:E|e)(?:A|a)(?:D|d)(?:[^">]|"[^"]*")*>)' '$1<base href="
|
|||
`
|
||||
rewrite "(?i)/something-complex/(.*)" /not-root/$1 break;
|
||||
rewrite "(?i)/something-complex$" /not-root/ break;
|
||||
proxy_pass http://upstream-name;
|
||||
proxy_pass http://upstream_balancer;
|
||||
|
||||
set_escape_uri $escaped_base_uri $baseuri;
|
||||
subs_filter '(<(?:H|h)(?:E|e)(?:A|a)(?:D|d)(?:[^">]|"[^"]*")*>)' '$1<base href="$scheme://$http_host/something-complex/$escaped_base_uri">' ro;
|
||||
|
|
@ -274,7 +249,6 @@ subs_filter '(<(?:H|h)(?:E|e)(?:A|a)(?:D|d)(?:[^">]|"[^"]*")*>)' '$1<base href="
|
|||
false,
|
||||
false,
|
||||
false,
|
||||
false,
|
||||
true,
|
||||
},
|
||||
"redirect /something to / and rewrite with specific scheme": {
|
||||
|
|
@ -284,7 +258,7 @@ subs_filter '(<(?:H|h)(?:E|e)(?:A|a)(?:D|d)(?:[^">]|"[^"]*")*>)' '$1<base href="
|
|||
`
|
||||
rewrite "(?i)/something/(.*)" /$1 break;
|
||||
rewrite "(?i)/something$" / break;
|
||||
proxy_pass http://upstream-name;
|
||||
proxy_pass http://upstream_balancer;
|
||||
|
||||
set_escape_uri $escaped_base_uri $baseuri;
|
||||
subs_filter '(<(?:H|h)(?:E|e)(?:A|a)(?:D|d)(?:[^">]|"[^"]*")*>)' '$1<base href="http://$http_host/something/$escaped_base_uri">' ro;
|
||||
|
|
@ -294,7 +268,6 @@ subs_filter '(<(?:H|h)(?:E|e)(?:A|a)(?:D|d)(?:[^">]|"[^"]*")*>)' '$1<base href="
|
|||
false,
|
||||
false,
|
||||
false,
|
||||
false,
|
||||
true,
|
||||
},
|
||||
"redirect / to /something with sticky enabled": {
|
||||
|
|
@ -304,14 +277,13 @@ subs_filter '(<(?:H|h)(?:E|e)(?:A|a)(?:D|d)(?:[^">]|"[^"]*")*>)' '$1<base href="
|
|||
`
|
||||
rewrite "(?i)/(.*)" /something/$1 break;
|
||||
rewrite "(?i)/$" /something/ break;
|
||||
proxy_pass http://sticky-upstream-name;
|
||||
proxy_pass http://upstream_balancer;
|
||||
`,
|
||||
false,
|
||||
"http",
|
||||
true,
|
||||
false,
|
||||
false,
|
||||
false,
|
||||
true,
|
||||
},
|
||||
"redirect / to /something with sticky and dynamic config enabled": {
|
||||
|
|
@ -327,7 +299,6 @@ proxy_pass http://upstream_balancer;
|
|||
"http",
|
||||
true,
|
||||
false,
|
||||
true,
|
||||
false,
|
||||
true,
|
||||
},
|
||||
|
|
@ -339,27 +310,25 @@ proxy_pass http://upstream_balancer;
|
|||
rewrite "(?i)/there/(.*)" /something/$1 break;
|
||||
rewrite "(?i)/there$" /something/ break;
|
||||
proxy_set_header X-Forwarded-Prefix "/there/";
|
||||
proxy_pass http://sticky-upstream-name;
|
||||
proxy_pass http://upstream_balancer;
|
||||
`,
|
||||
false,
|
||||
"http",
|
||||
true,
|
||||
true,
|
||||
false,
|
||||
false,
|
||||
true,
|
||||
},
|
||||
"use ~* location modifier when ingress does not use rewrite/regex target but at least one other ingress does": {
|
||||
"/something",
|
||||
"/something",
|
||||
`~* "^/something"`,
|
||||
"proxy_pass http://upstream-name;",
|
||||
"proxy_pass http://upstream_balancer;",
|
||||
false,
|
||||
"",
|
||||
false,
|
||||
false,
|
||||
false,
|
||||
false,
|
||||
true,
|
||||
},
|
||||
}
|
||||
|
|
@ -377,11 +346,7 @@ func TestBuildLuaSharedDictionaries(t *testing.T) {
|
|||
},
|
||||
}
|
||||
|
||||
config := buildLuaSharedDictionaries(servers, false, false)
|
||||
if config != "" {
|
||||
t.Errorf("expected to not configure any lua shared dictionary, but generated %s", config)
|
||||
}
|
||||
config = buildLuaSharedDictionaries(servers, true, false)
|
||||
config := buildLuaSharedDictionaries(servers, false)
|
||||
if !strings.Contains(config, "lua_shared_dict configuration_data") {
|
||||
t.Errorf("expected to include 'configuration_data' but got %s", config)
|
||||
}
|
||||
|
|
@ -390,19 +355,10 @@ func TestBuildLuaSharedDictionaries(t *testing.T) {
|
|||
}
|
||||
|
||||
servers[1].Locations[0].LuaRestyWAF = luarestywaf.Config{Mode: "ACTIVE"}
|
||||
config = buildLuaSharedDictionaries(servers, false, false)
|
||||
config = buildLuaSharedDictionaries(servers, false)
|
||||
if !strings.Contains(config, "lua_shared_dict waf_storage") {
|
||||
t.Errorf("expected to configure 'waf_storage', but got %s", config)
|
||||
}
|
||||
config = buildLuaSharedDictionaries(servers, true, false)
|
||||
if !strings.Contains(config, "lua_shared_dict waf_storage") {
|
||||
t.Errorf("expected to configure 'waf_storage', but got %s", config)
|
||||
}
|
||||
|
||||
config = buildLuaSharedDictionaries(servers, false, true)
|
||||
if config != "" {
|
||||
t.Errorf("expected to not configure any lua shared dictionary, but generated %s", config)
|
||||
}
|
||||
}
|
||||
|
||||
func TestFormatIP(t *testing.T) {
|
||||
|
|
@ -471,7 +427,7 @@ func TestBuildProxyPass(t *testing.T) {
|
|||
|
||||
backends := []*ingress.Backend{backend}
|
||||
|
||||
pp := buildProxyPass(defaultHost, backends, loc, tc.DynamicConfigurationEnabled)
|
||||
pp := buildProxyPass(defaultHost, backends, loc)
|
||||
if !strings.EqualFold(tc.ProxyPass, pp) {
|
||||
t.Errorf("%s: expected \n'%v'\nbut returned \n'%v'", k, tc.ProxyPass, pp)
|
||||
}
|
||||
|
|
@ -836,10 +792,6 @@ func TestBuildUpstreamName(t *testing.T) {
|
|||
expected := defaultBackend
|
||||
|
||||
if tc.Sticky {
|
||||
if !tc.DynamicConfigurationEnabled {
|
||||
expected = fmt.Sprintf("sticky-" + expected)
|
||||
}
|
||||
|
||||
backend.SessionAffinity = ingress.SessionAffinityConfig{
|
||||
AffinityType: "cookie",
|
||||
CookieSessionAffinity: ingress.CookieSessionAffinity{
|
||||
|
|
@ -850,9 +802,7 @@ func TestBuildUpstreamName(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
backends := []*ingress.Backend{backend}
|
||||
|
||||
pp := buildUpstreamName(defaultHost, backends, loc, tc.DynamicConfigurationEnabled)
|
||||
pp := buildUpstreamName(loc)
|
||||
if !strings.EqualFold(expected, pp) {
|
||||
t.Errorf("%s: expected \n'%v'\nbut returned \n'%v'", k, expected, pp)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -46,11 +46,10 @@ events {
|
|||
}
|
||||
|
||||
http {
|
||||
{{ if not $all.DisableLua }}
|
||||
lua_package_cpath "/usr/local/lib/lua/?.so;/usr/lib/lua-platform-path/lua/5.1/?.so;;";
|
||||
lua_package_path "/etc/nginx/lua/?.lua;/etc/nginx/lua/vendor/?.lua;/usr/local/lib/lua/?.lua;;";
|
||||
|
||||
{{ buildLuaSharedDictionaries $servers $all.DynamicConfigurationEnabled $all.Cfg.DisableLuaRestyWAF }}
|
||||
{{ buildLuaSharedDictionaries $servers $all.Cfg.DisableLuaRestyWAF }}
|
||||
|
||||
init_by_lua_block {
|
||||
require("resty.core")
|
||||
|
|
@ -59,7 +58,6 @@ http {
|
|||
local lua_resty_waf = require("resty.waf")
|
||||
lua_resty_waf.init()
|
||||
|
||||
{{ if $all.DynamicConfigurationEnabled }}
|
||||
-- init modules
|
||||
local ok, res
|
||||
|
||||
|
|
@ -77,7 +75,6 @@ http {
|
|||
else
|
||||
balancer = res
|
||||
end
|
||||
{{ end }}
|
||||
|
||||
ok, res = pcall(require, "monitor")
|
||||
if not ok then
|
||||
|
|
@ -96,13 +93,10 @@ http {
|
|||
{{ end }}
|
||||
}
|
||||
|
||||
{{ if $all.DynamicConfigurationEnabled }}
|
||||
init_worker_by_lua_block {
|
||||
balancer.init_worker()
|
||||
monitor.init_worker()
|
||||
}
|
||||
{{ end }}
|
||||
{{ end }}
|
||||
|
||||
{{/* Enable the real_ip module only if we use either X-Forwarded headers or Proxy Protocol. */}}
|
||||
{{/* we use the value of the real IP for the geo_ip module */}}
|
||||
|
|
@ -413,35 +407,6 @@ http {
|
|||
{{ $cfg.HTTPSnippet }}
|
||||
{{ end }}
|
||||
|
||||
{{ if not $all.DynamicConfigurationEnabled }}
|
||||
{{ range $upstream := $backends }}
|
||||
{{ if eq $upstream.SessionAffinity.AffinityType "cookie" }}
|
||||
upstream sticky-{{ $upstream.Name }} {
|
||||
sticky hash={{ $upstream.SessionAffinity.CookieSessionAffinity.Hash }} name={{ $upstream.SessionAffinity.CookieSessionAffinity.Name }}{{if eq (len $upstream.SessionAffinity.CookieSessionAffinity.Locations) 1 }}{{ range $locationName, $locationPaths := $upstream.SessionAffinity.CookieSessionAffinity.Locations }}{{ if eq (len $locationPaths) 1 }} path={{ index $locationPaths 0 }}{{ end }}{{ end }}{{ end }} httponly;
|
||||
|
||||
{{ if (gt $cfg.UpstreamKeepaliveConnections 0) }}
|
||||
keepalive {{ $cfg.UpstreamKeepaliveConnections }};
|
||||
{{ end }}
|
||||
|
||||
{{ range $server := $upstream.Endpoints }}server {{ $server.Address | formatIP }}:{{ $server.Port }};
|
||||
{{ end }}
|
||||
}
|
||||
{{ end }}
|
||||
|
||||
upstream {{ $upstream.Name }} {
|
||||
{{ buildLoadBalancingConfig $upstream $cfg.LoadBalanceAlgorithm }}
|
||||
|
||||
{{ if (gt $cfg.UpstreamKeepaliveConnections 0) }}
|
||||
keepalive {{ $cfg.UpstreamKeepaliveConnections }};
|
||||
{{ end }}
|
||||
|
||||
{{ range $server := $upstream.Endpoints }}server {{ $server.Address | formatIP }}:{{ $server.Port }};
|
||||
{{ end }}
|
||||
}
|
||||
{{ end }}
|
||||
{{ end }}
|
||||
|
||||
{{ if $all.DynamicConfigurationEnabled }}
|
||||
upstream upstream_balancer {
|
||||
server 0.0.0.1; # placeholder
|
||||
|
||||
|
|
@ -453,7 +418,6 @@ http {
|
|||
keepalive {{ $cfg.UpstreamKeepaliveConnections }};
|
||||
{{ end }}
|
||||
}
|
||||
{{ end }}
|
||||
|
||||
{{/* build the maps that will be use to validate the Whitelist */}}
|
||||
{{ range $server := $servers }}
|
||||
|
|
@ -625,7 +589,7 @@ http {
|
|||
access_log off;
|
||||
return 200;
|
||||
}
|
||||
{{ if not $all.DisableLua }}
|
||||
|
||||
location /is-dynamic-lb-initialized {
|
||||
{{ if $cfg.EnableOpentracing }}
|
||||
opentracing off;
|
||||
|
|
@ -644,7 +608,7 @@ http {
|
|||
ngx.exit(ngx.HTTP_OK)
|
||||
}
|
||||
}
|
||||
{{ end }}
|
||||
|
||||
location /nginx_status {
|
||||
set $proxy_upstream_name "internal";
|
||||
{{ if $cfg.EnableOpentracing }}
|
||||
|
|
@ -654,7 +618,7 @@ http {
|
|||
access_log off;
|
||||
stub_status on;
|
||||
}
|
||||
{{ if $all.DynamicConfigurationEnabled }}
|
||||
|
||||
location /configuration {
|
||||
access_log off;
|
||||
{{ if $cfg.EnableOpentracing }}
|
||||
|
|
@ -675,18 +639,15 @@ http {
|
|||
configuration.call()
|
||||
}
|
||||
}
|
||||
{{ end }}
|
||||
|
||||
location / {
|
||||
{{ if .CustomErrors }}
|
||||
proxy_set_header X-Code 404;
|
||||
{{ end }}
|
||||
set $proxy_upstream_name "upstream-default-backend";
|
||||
proxy_set_header Host $best_http_host;
|
||||
{{ if $all.DynamicConfigurationEnabled }}
|
||||
|
||||
proxy_pass http://upstream_balancer;
|
||||
{{ else }}
|
||||
proxy_pass http://upstream-default-backend;
|
||||
{{ end }}
|
||||
}
|
||||
|
||||
{{ template "CUSTOM_ERRORS" $all }}
|
||||
|
|
@ -707,9 +668,7 @@ stream {
|
|||
|
||||
{{/* definition of templates to avoid repetitions */}}
|
||||
{{ define "CUSTOM_ERRORS" }}
|
||||
{{ $dynamicConfig := .DynamicConfigurationEnabled}}
|
||||
{{ $proxySetHeaders := .ProxySetHeaders }}
|
||||
{{ $isLuaDisabled := .DisableLua }}
|
||||
{{ range $errCode := .Cfg.CustomHTTPErrors }}
|
||||
location @custom_{{ $errCode }} {
|
||||
internal;
|
||||
|
|
@ -729,16 +688,10 @@ stream {
|
|||
|
||||
rewrite (.*) / break;
|
||||
|
||||
{{ if $dynamicConfig }}
|
||||
proxy_pass http://upstream_balancer;
|
||||
{{ else }}
|
||||
proxy_pass http://upstream-default-backend;
|
||||
{{ end }}
|
||||
{{ if not $isLuaDisabled }}
|
||||
log_by_lua_block {
|
||||
monitor.call()
|
||||
}
|
||||
{{ end }}
|
||||
}
|
||||
{{ end }}
|
||||
{{ end }}
|
||||
|
|
@ -808,7 +761,7 @@ stream {
|
|||
ssl_stapling_verify on;
|
||||
{{ end }}
|
||||
|
||||
{{ if and (not $all.DisableLua) $all.DynamicCertificatesEnabled}}
|
||||
{{ if $all.DynamicCertificatesEnabled}}
|
||||
ssl_certificate_by_lua_block {
|
||||
certificate.call()
|
||||
}
|
||||
|
|
@ -857,7 +810,7 @@ stream {
|
|||
# ngx_auth_request module overrides variables in the parent request,
|
||||
# therefore we have to explicitly set this variable again so that when the parent request
|
||||
# resumes it has the correct value set for this variable so that Lua can pick backend correctly
|
||||
set $proxy_upstream_name "{{ buildUpstreamName $server.Hostname $all.Backends $location $all.DynamicConfigurationEnabled }}";
|
||||
set $proxy_upstream_name "{{ buildUpstreamName $location }}";
|
||||
|
||||
proxy_pass_request_body off;
|
||||
proxy_set_header Content-Length "";
|
||||
|
|
@ -925,11 +878,8 @@ stream {
|
|||
opentracing_propagate_context;
|
||||
{{ end }}
|
||||
|
||||
{{ if not $all.DisableLua }}
|
||||
rewrite_by_lua_block {
|
||||
{{ if $all.DynamicConfigurationEnabled}}
|
||||
balancer.rewrite()
|
||||
{{ end }}
|
||||
}
|
||||
{{ if shouldConfigureLuaRestyWAF $all.Cfg.DisableLuaRestyWAF $location.LuaRestyWAF.Mode }}
|
||||
access_by_lua_block {
|
||||
|
|
@ -970,17 +920,14 @@ stream {
|
|||
local waf = lua_resty_waf:new()
|
||||
waf:exec()
|
||||
}
|
||||
{{ end }}
|
||||
|
||||
log_by_lua_block {
|
||||
{{ if shouldConfigureLuaRestyWAF $all.Cfg.DisableLuaRestyWAF $location.LuaRestyWAF.Mode }}
|
||||
local lua_resty_waf = require "resty.waf"
|
||||
local waf = lua_resty_waf:new()
|
||||
waf:exec()
|
||||
{{ end }}
|
||||
{{ if $all.DynamicConfigurationEnabled}}
|
||||
balancer.log()
|
||||
{{ end }}
|
||||
|
||||
monitor.call()
|
||||
}
|
||||
{{ end }}
|
||||
|
|
@ -1002,7 +949,7 @@ stream {
|
|||
|
||||
port_in_redirect {{ if $location.UsePortInRedirects }}on{{ else }}off{{ end }};
|
||||
|
||||
set $proxy_upstream_name "{{ buildUpstreamName $server.Hostname $all.Backends $location $all.DynamicConfigurationEnabled }}";
|
||||
set $proxy_upstream_name "{{ buildUpstreamName $location }}";
|
||||
|
||||
{{/* redirect to HTTPS can be achieved forcing the redirect or having a SSL Certificate configured for the server */}}
|
||||
{{ if (or $location.Rewrite.ForceSSLRedirect (and (not (empty $server.SSLCert.PemFileName)) $location.Rewrite.SSLRedirect)) }}
|
||||
|
|
@ -1182,7 +1129,7 @@ stream {
|
|||
{{ end }}
|
||||
|
||||
{{ if not (empty $location.Backend) }}
|
||||
{{ buildProxyPass $server.Hostname $all.Backends $location $all.DynamicConfigurationEnabled }}
|
||||
{{ buildProxyPass $server.Hostname $all.Backends $location }}
|
||||
{{ if (or (eq $location.Proxy.ProxyRedirectFrom "default") (eq $location.Proxy.ProxyRedirectFrom "off")) }}
|
||||
proxy_redirect {{ $location.Proxy.ProxyRedirectFrom }};
|
||||
{{ else if not (eq $location.Proxy.ProxyRedirectTo "off") }}
|
||||
|
|
|
|||
|
|
@ -16,22 +16,13 @@ limitations under the License.
|
|||
|
||||
package annotations
|
||||
|
||||
/*
|
||||
import (
|
||||
"fmt"
|
||||
"net/http"
|
||||
"strings"
|
||||
|
||||
. "github.com/onsi/ginkgo"
|
||||
. "github.com/onsi/gomega"
|
||||
"github.com/parnurzeal/gorequest"
|
||||
|
||||
v1beta1 "k8s.io/api/extensions/v1beta1"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/util/intstr"
|
||||
|
||||
"k8s.io/ingress-nginx/test/e2e/framework"
|
||||
)
|
||||
|
||||
|
||||
// TODO(elvinefendi) merge this with Affinity tests in test/e2e/lua/dynamic_configuration.go
|
||||
var _ = framework.IngressNginxDescribe("Annotations - Affinity", func() {
|
||||
f := framework.NewDefaultFramework("affinity")
|
||||
|
|
@ -196,3 +187,4 @@ var _ = framework.IngressNginxDescribe("Annotations - Affinity", func() {
|
|||
Expect(resp.Header.Get("Set-Cookie")).Should(ContainSubstring("Path=/;"))
|
||||
})
|
||||
})
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -438,19 +438,3 @@ func newSingleIngress(name, path, host, ns, service string, port int, annotation
|
|||
|
||||
return ing
|
||||
}
|
||||
|
||||
// DisableDynamicConfiguration disables dynamic configuration
|
||||
func (f *Framework) DisableDynamicConfiguration() error {
|
||||
return UpdateDeployment(f.KubeClientSet, f.IngressController.Namespace, "nginx-ingress-controller", 1,
|
||||
func(deployment *appsv1beta1.Deployment) error {
|
||||
args := deployment.Spec.Template.Spec.Containers[0].Args
|
||||
args = append(args, "--enable-dynamic-configuration=false")
|
||||
deployment.Spec.Template.Spec.Containers[0].Args = args
|
||||
_, err := f.KubeClientSet.AppsV1beta1().Deployments(f.IngressController.Namespace).Update(deployment)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return nil
|
||||
})
|
||||
}
|
||||
|
|
|
|||
|
|
@ -110,7 +110,6 @@ var _ = framework.IngressNginxDescribe("Dynamic Certificate", func() {
|
|||
By("skipping Nginx reload")
|
||||
Expect(restOfLogs).ToNot(ContainSubstring(logRequireBackendReload))
|
||||
Expect(restOfLogs).ToNot(ContainSubstring(logBackendReloadSuccess))
|
||||
Expect(restOfLogs).To(ContainSubstring(logSkipBackendReload))
|
||||
})
|
||||
|
||||
Context("given an ingress with TLS correctly configured", func() {
|
||||
|
|
@ -181,7 +180,6 @@ var _ = framework.IngressNginxDescribe("Dynamic Certificate", func() {
|
|||
By("skipping Nginx reload")
|
||||
Expect(restOfLogs).ToNot(ContainSubstring(logRequireBackendReload))
|
||||
Expect(restOfLogs).ToNot(ContainSubstring(logBackendReloadSuccess))
|
||||
Expect(restOfLogs).To(ContainSubstring(logSkipBackendReload))
|
||||
})
|
||||
|
||||
It("falls back to using default certificate when secret gets deleted without reloading", func() {
|
||||
|
|
@ -217,7 +215,6 @@ var _ = framework.IngressNginxDescribe("Dynamic Certificate", func() {
|
|||
By("skipping Nginx reload")
|
||||
Expect(restOfLogs).ToNot(ContainSubstring(logRequireBackendReload))
|
||||
Expect(restOfLogs).ToNot(ContainSubstring(logBackendReloadSuccess))
|
||||
Expect(restOfLogs).To(ContainSubstring(logSkipBackendReload))
|
||||
})
|
||||
|
||||
It("picks up a non-certificate only change", func() {
|
||||
|
|
|
|||
|
|
@ -39,7 +39,6 @@ const (
|
|||
logDynamicConfigFailure = "Dynamic reconfiguration failed"
|
||||
logRequireBackendReload = "Configuration changes detected, backend reload required"
|
||||
logBackendReloadSuccess = "Backend successfully reloaded"
|
||||
logSkipBackendReload = "Changes handled by the dynamic configuration, skipping backend reload"
|
||||
logInitialConfigSync = "Initial synchronization of the NGINX configuration"
|
||||
waitForLuaSync = 5 * time.Second
|
||||
)
|
||||
|
|
|
|||
Loading…
Reference in a new issue