Remove support for TCP and UDP services
This commit is contained in:
Manuel Alejandro de Brito Fontes
parent
e8d81034b8
commit
44bdc7eb59
9 changed files with 4 additions and 273 deletions
|
|
@ -65,19 +65,6 @@ Takes the form "namespace/name". When used together with update-status, the
|
|||
controller mirrors the address of this service's endpoints to the load-balancer
|
||||
status of all Ingress objects it satisfies.`)
|
||||
|
||||
tcpConfigMapName = flags.String("tcp-services-configmap", "",
|
||||
`Name of the ConfigMap containing the definition of the TCP services to expose.
|
||||
The key in the map indicates the external port to be used. The value is a
|
||||
reference to a Service in the form "namespace/name:port", where "port" can
|
||||
either be a port number or name. TCP ports 80 and 443 are reserved by the
|
||||
controller for servicing HTTP traffic.`)
|
||||
|
||||
udpConfigMapName = flags.String("udp-services-configmap", "",
|
||||
`Name of the ConfigMap containing the definition of the UDP services to expose.
|
||||
The key in the map indicates the external port to be used. The value is a
|
||||
reference to a Service in the form "namespace/name:port", where "port" can
|
||||
either be a port name or number.`)
|
||||
|
||||
resyncPeriod = flags.Duration("sync-period", 0,
|
||||
`Period at which the controller forces the repopulation of its local object stores. Disabled by default.`)
|
||||
|
||||
|
|
@ -240,8 +227,6 @@ dynamic certificates functionality is enabled. Please check the flags --enable-s
|
|||
DefaultService: *defaultSvc,
|
||||
Namespace: *watchNamespace,
|
||||
ConfigMapName: *configMap,
|
||||
TCPConfigMapName: *tcpConfigMapName,
|
||||
UDPConfigMapName: *udpConfigMapName,
|
||||
DefaultSSLCertificate: *defSSLCertificate,
|
||||
DefaultHealthzURL: *defHealthzURL,
|
||||
PublishService: *publishSvc,
|
||||
|
|
|
|||
|
|
@ -692,8 +692,6 @@ type TemplateConfig struct {
|
|||
Backends []*ingress.Backend
|
||||
PassthroughBackends []*ingress.SSLPassthroughBackend
|
||||
Servers []*ingress.Server
|
||||
TCPBackends []ingress.L4Service
|
||||
UDPBackends []ingress.L4Service
|
||||
HealthzURI string
|
||||
CustomErrors bool
|
||||
Cfg Configuration
|
||||
|
|
|
|||
|
|
@ -21,7 +21,6 @@ import (
|
|||
"math/rand"
|
||||
"sort"
|
||||
"strconv"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/golang/glog"
|
||||
|
|
@ -61,11 +60,6 @@ type Configuration struct {
|
|||
|
||||
ForceNamespaceIsolation bool
|
||||
|
||||
// +optional
|
||||
TCPConfigMapName string
|
||||
// +optional
|
||||
UDPConfigMapName string
|
||||
|
||||
DefaultHealthzURL string
|
||||
DefaultSSLCertificate string
|
||||
|
||||
|
|
@ -160,8 +154,6 @@ func (n *NGINXController) syncIngress(interface{}) error {
|
|||
pcfg := &ingress.Configuration{
|
||||
Backends: upstreams,
|
||||
Servers: servers,
|
||||
TCPEndpoints: n.getStreamServices(n.cfg.TCPConfigMapName, apiv1.ProtocolTCP),
|
||||
UDPEndpoints: n.getStreamServices(n.cfg.UDPConfigMapName, apiv1.ProtocolUDP),
|
||||
PassthroughBackends: passUpstreams,
|
||||
BackendConfigChecksum: n.store.GetBackendConfiguration().Checksum,
|
||||
}
|
||||
|
|
@ -225,136 +217,6 @@ func (n *NGINXController) syncIngress(interface{}) error {
|
|||
return nil
|
||||
}
|
||||
|
||||
func (n *NGINXController) getStreamServices(configmapName string, proto apiv1.Protocol) []ingress.L4Service {
|
||||
if configmapName == "" {
|
||||
return []ingress.L4Service{}
|
||||
}
|
||||
glog.V(3).Infof("Obtaining information about %v stream services from ConfigMap %q", proto, configmapName)
|
||||
|
||||
_, _, err := k8s.ParseNameNS(configmapName)
|
||||
if err != nil {
|
||||
glog.Errorf("Error parsing ConfigMap reference %q: %v", configmapName, err)
|
||||
return []ingress.L4Service{}
|
||||
}
|
||||
|
||||
configmap, err := n.store.GetConfigMap(configmapName)
|
||||
if err != nil {
|
||||
glog.Errorf("Error getting ConfigMap %q: %v", configmapName, err)
|
||||
return []ingress.L4Service{}
|
||||
}
|
||||
|
||||
var svcs []ingress.L4Service
|
||||
var svcProxyProtocol ingress.ProxyProtocol
|
||||
|
||||
rp := []int{
|
||||
n.cfg.ListenPorts.HTTP,
|
||||
n.cfg.ListenPorts.HTTPS,
|
||||
n.cfg.ListenPorts.SSLProxy,
|
||||
n.cfg.ListenPorts.Status,
|
||||
n.cfg.ListenPorts.Health,
|
||||
n.cfg.ListenPorts.Default,
|
||||
}
|
||||
reserverdPorts := sets.NewInt(rp...)
|
||||
|
||||
// svcRef format: <(str)namespace>/<(str)service>:<(intstr)port>[:<("PROXY")decode>:<("PROXY")encode>]
|
||||
for port, svcRef := range configmap.Data {
|
||||
externalPort, err := strconv.Atoi(port)
|
||||
if err != nil {
|
||||
glog.Warningf("%q is not a valid %v port number", port, proto)
|
||||
continue
|
||||
}
|
||||
|
||||
if reserverdPorts.Has(externalPort) {
|
||||
glog.Warningf("Port %d cannot be used for %v stream services. It is reserved for the Ingress controller.", externalPort, proto)
|
||||
continue
|
||||
}
|
||||
|
||||
nsSvcPort := strings.Split(svcRef, ":")
|
||||
if len(nsSvcPort) < 2 {
|
||||
glog.Warningf("Invalid Service reference %q for %v port %d", svcRef, proto, externalPort)
|
||||
continue
|
||||
}
|
||||
|
||||
nsName := nsSvcPort[0]
|
||||
svcPort := nsSvcPort[1]
|
||||
svcProxyProtocol.Decode = false
|
||||
svcProxyProtocol.Encode = false
|
||||
|
||||
// Proxy Protocol is only compatible with TCP Services
|
||||
if len(nsSvcPort) >= 3 && proto == apiv1.ProtocolTCP {
|
||||
if len(nsSvcPort) >= 3 && strings.ToUpper(nsSvcPort[2]) == "PROXY" {
|
||||
svcProxyProtocol.Decode = true
|
||||
}
|
||||
if len(nsSvcPort) == 4 && strings.ToUpper(nsSvcPort[3]) == "PROXY" {
|
||||
svcProxyProtocol.Encode = true
|
||||
}
|
||||
}
|
||||
|
||||
svcNs, svcName, err := k8s.ParseNameNS(nsName)
|
||||
if err != nil {
|
||||
glog.Warningf("%v", err)
|
||||
continue
|
||||
}
|
||||
|
||||
svc, err := n.store.GetService(nsName)
|
||||
if err != nil {
|
||||
glog.Warningf("Error getting Service %q: %v", nsName, err)
|
||||
continue
|
||||
}
|
||||
|
||||
var endps []ingress.Endpoint
|
||||
targetPort, err := strconv.Atoi(svcPort)
|
||||
if err != nil {
|
||||
// not a port number, fall back to using port name
|
||||
glog.V(3).Infof("Searching Endpoints with %v port name %q for Service %q", proto, svcPort, nsName)
|
||||
for _, sp := range svc.Spec.Ports {
|
||||
if sp.Name == svcPort {
|
||||
if sp.Protocol == proto {
|
||||
endps = getEndpoints(svc, &sp, proto, &healthcheck.Config{}, n.store.GetServiceEndpoints)
|
||||
break
|
||||
}
|
||||
}
|
||||
}
|
||||
} else {
|
||||
glog.V(3).Infof("Searching Endpoints with %v port number %d for Service %q", proto, targetPort, nsName)
|
||||
for _, sp := range svc.Spec.Ports {
|
||||
if sp.Port == int32(targetPort) {
|
||||
if sp.Protocol == proto {
|
||||
endps = getEndpoints(svc, &sp, proto, &healthcheck.Config{}, n.store.GetServiceEndpoints)
|
||||
break
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// stream services cannot contain empty upstreams and there is
|
||||
// no default backend equivalent
|
||||
if len(endps) == 0 {
|
||||
glog.Warningf("Service %q does not have any active Endpoint for %v port %v", nsName, proto, svcPort)
|
||||
continue
|
||||
}
|
||||
|
||||
svcs = append(svcs, ingress.L4Service{
|
||||
Port: externalPort,
|
||||
Backend: ingress.L4Backend{
|
||||
Name: svcName,
|
||||
Namespace: svcNs,
|
||||
Port: intstr.FromString(svcPort),
|
||||
Protocol: proto,
|
||||
ProxyProtocol: svcProxyProtocol,
|
||||
},
|
||||
Endpoints: endps,
|
||||
})
|
||||
}
|
||||
|
||||
// Keep upstream order sorted to reduce unnecessary nginx config reloads.
|
||||
sort.SliceStable(svcs, func(i, j int) bool {
|
||||
return svcs[i].Port < svcs[j].Port
|
||||
})
|
||||
|
||||
return svcs
|
||||
}
|
||||
|
||||
// getDefaultUpstream returns the upstream associated with the default backend.
|
||||
// Configures the upstream to return HTTP code 503 in case of error.
|
||||
func (n *NGINXController) getDefaultUpstream() *ingress.Backend {
|
||||
|
|
|
|||
|
|
@ -112,8 +112,6 @@ func NewNGINXController(config *Configuration, mc metric.Collector, fs file.File
|
|||
config.EnableSSLChainCompletion,
|
||||
config.Namespace,
|
||||
config.ConfigMapName,
|
||||
config.TCPConfigMapName,
|
||||
config.UDPConfigMapName,
|
||||
config.DefaultSSLCertificate,
|
||||
config.ResyncPeriod,
|
||||
config.Client,
|
||||
|
|
@ -580,8 +578,6 @@ func (n *NGINXController) OnUpdate(ingressCfg ingress.Configuration) error {
|
|||
Backends: ingressCfg.Backends,
|
||||
PassthroughBackends: ingressCfg.PassthroughBackends,
|
||||
Servers: ingressCfg.Servers,
|
||||
TCPBackends: ingressCfg.TCPEndpoints,
|
||||
UDPBackends: ingressCfg.UDPEndpoints,
|
||||
HealthzURI: ngxHealthPath,
|
||||
CustomErrors: len(cfg.CustomHTTPErrors) > 0,
|
||||
Cfg: cfg,
|
||||
|
|
|
|||
|
|
@ -218,7 +218,7 @@ type k8sStore struct {
|
|||
|
||||
// New creates a new object store to be used in the ingress controller
|
||||
func New(checkOCSP bool,
|
||||
namespace, configmap, tcp, udp, defaultSSLCertificate string,
|
||||
namespace, configmap, defaultSSLCertificate string,
|
||||
resyncPeriod time.Duration,
|
||||
client clientset.Interface,
|
||||
fs file.Filesystem,
|
||||
|
|
@ -473,7 +473,7 @@ func New(checkOCSP bool,
|
|||
cm := obj.(*corev1.ConfigMap)
|
||||
key := k8s.MetaNamespaceKey(cm)
|
||||
// updates to configuration configmaps can trigger an update
|
||||
if key == configmap || key == tcp || key == udp {
|
||||
if key == configmap {
|
||||
recorder.Eventf(cm, corev1.EventTypeNormal, "CREATE", fmt.Sprintf("ConfigMap %v", key))
|
||||
if key == configmap {
|
||||
store.setConfig(cm)
|
||||
|
|
@ -489,7 +489,7 @@ func New(checkOCSP bool,
|
|||
cm := cur.(*corev1.ConfigMap)
|
||||
key := k8s.MetaNamespaceKey(cm)
|
||||
// updates to configuration configmaps can trigger an update
|
||||
if key == configmap || key == tcp || key == udp {
|
||||
if key == configmap {
|
||||
recorder.Eventf(cm, corev1.EventTypeNormal, "UPDATE", fmt.Sprintf("ConfigMap %v", key))
|
||||
if key == configmap {
|
||||
store.setConfig(cm)
|
||||
|
|
|
|||
|
|
@ -32,6 +32,7 @@ import (
|
|||
|
||||
"encoding/base64"
|
||||
"io/ioutil"
|
||||
|
||||
"k8s.io/api/core/v1"
|
||||
"k8s.io/client-go/kubernetes"
|
||||
"k8s.io/client-go/kubernetes/fake"
|
||||
|
|
@ -62,8 +63,6 @@ func TestStore(t *testing.T) {
|
|||
storer := New(true,
|
||||
ns,
|
||||
fmt.Sprintf("%v/config", ns),
|
||||
fmt.Sprintf("%v/tcp", ns),
|
||||
fmt.Sprintf("%v/udp", ns),
|
||||
"",
|
||||
10*time.Minute,
|
||||
clientSet,
|
||||
|
|
@ -150,8 +149,6 @@ func TestStore(t *testing.T) {
|
|||
storer := New(true,
|
||||
ns,
|
||||
fmt.Sprintf("%v/config", ns),
|
||||
fmt.Sprintf("%v/tcp", ns),
|
||||
fmt.Sprintf("%v/udp", ns),
|
||||
"",
|
||||
10*time.Minute,
|
||||
clientSet,
|
||||
|
|
@ -298,8 +295,6 @@ func TestStore(t *testing.T) {
|
|||
storer := New(true,
|
||||
ns,
|
||||
fmt.Sprintf("%v/config", ns),
|
||||
fmt.Sprintf("%v/tcp", ns),
|
||||
fmt.Sprintf("%v/udp", ns),
|
||||
"",
|
||||
10*time.Minute,
|
||||
clientSet,
|
||||
|
|
@ -387,8 +382,6 @@ func TestStore(t *testing.T) {
|
|||
storer := New(true,
|
||||
ns,
|
||||
fmt.Sprintf("%v/config", ns),
|
||||
fmt.Sprintf("%v/tcp", ns),
|
||||
fmt.Sprintf("%v/udp", ns),
|
||||
"",
|
||||
10*time.Minute,
|
||||
clientSet,
|
||||
|
|
@ -499,8 +492,6 @@ func TestStore(t *testing.T) {
|
|||
storer := New(true,
|
||||
ns,
|
||||
fmt.Sprintf("%v/config", ns),
|
||||
fmt.Sprintf("%v/tcp", ns),
|
||||
fmt.Sprintf("%v/udp", ns),
|
||||
"",
|
||||
10*time.Minute,
|
||||
clientSet,
|
||||
|
|
|
|||
|
|
@ -53,12 +53,6 @@ type Configuration struct {
|
|||
Backends []*Backend `json:"backends,omitempty"`
|
||||
// Servers
|
||||
Servers []*Server `json:"servers,omitempty"`
|
||||
// TCPEndpoints contain endpoints for tcp streams handled by this backend
|
||||
// +optional
|
||||
TCPEndpoints []L4Service `json:"tcpEndpoints,omitempty"`
|
||||
// UDPEndpoints contain endpoints for udp streams handled by this backend
|
||||
// +optional
|
||||
UDPEndpoints []L4Service `json:"udpEndpoints,omitempty"`
|
||||
// PassthroughBackend contains the backends used for SSL passthrough.
|
||||
// It contains information about the associated Server Name Indication (SNI).
|
||||
// +optional
|
||||
|
|
|
|||
|
|
@ -53,44 +53,6 @@ func (c1 *Configuration) Equal(c2 *Configuration) bool {
|
|||
}
|
||||
}
|
||||
|
||||
if len(c1.TCPEndpoints) != len(c2.TCPEndpoints) {
|
||||
return false
|
||||
}
|
||||
|
||||
for _, tcp1 := range c1.TCPEndpoints {
|
||||
found := false
|
||||
for _, tcp2 := range c2.TCPEndpoints {
|
||||
if (&tcp1).Equal(&tcp2) {
|
||||
found = true
|
||||
break
|
||||
}
|
||||
}
|
||||
if !found {
|
||||
return false
|
||||
}
|
||||
}
|
||||
|
||||
if len(c1.UDPEndpoints) != len(c2.UDPEndpoints) {
|
||||
return false
|
||||
}
|
||||
|
||||
for _, udp1 := range c1.UDPEndpoints {
|
||||
found := false
|
||||
for _, udp2 := range c2.UDPEndpoints {
|
||||
if (&udp1).Equal(&udp2) {
|
||||
found = true
|
||||
break
|
||||
}
|
||||
}
|
||||
if !found {
|
||||
return false
|
||||
}
|
||||
}
|
||||
|
||||
if len(c1.PassthroughBackends) != len(c2.PassthroughBackends) {
|
||||
return false
|
||||
}
|
||||
|
||||
for _, ptb1 := range c1.PassthroughBackends {
|
||||
found := false
|
||||
for _, ptb2 := range c2.PassthroughBackends {
|
||||
|
|
|
|||
|
|
@ -697,63 +697,6 @@ stream {
|
|||
{{ end }}
|
||||
|
||||
error_log {{ $cfg.ErrorLogPath }};
|
||||
|
||||
# TCP services
|
||||
{{ range $tcpServer := .TCPBackends }}
|
||||
upstream tcp-{{ $tcpServer.Port }}-{{ $tcpServer.Backend.Namespace }}-{{ $tcpServer.Backend.Name }}-{{ $tcpServer.Backend.Port }} {
|
||||
{{ range $endpoint := $tcpServer.Endpoints }}
|
||||
server {{ $endpoint.Address | formatIP }}:{{ $endpoint.Port }};
|
||||
{{ end }}
|
||||
}
|
||||
server {
|
||||
{{ range $address := $all.Cfg.BindAddressIpv4 }}
|
||||
listen {{ $address }}:{{ $tcpServer.Port }}{{ if $tcpServer.Backend.ProxyProtocol.Decode }} proxy_protocol{{ end }};
|
||||
{{ else }}
|
||||
listen {{ $tcpServer.Port }}{{ if $tcpServer.Backend.ProxyProtocol.Decode }} proxy_protocol{{ end }};
|
||||
{{ end }}
|
||||
{{ if $IsIPV6Enabled }}
|
||||
{{ range $address := $all.Cfg.BindAddressIpv6 }}
|
||||
listen {{ $address }}:{{ $tcpServer.Port }}{{ if $tcpServer.Backend.ProxyProtocol.Decode }} proxy_protocol{{ end }};
|
||||
{{ else }}
|
||||
listen [::]:{{ $tcpServer.Port }}{{ if $tcpServer.Backend.ProxyProtocol.Decode }} proxy_protocol{{ end }};
|
||||
{{ end }}
|
||||
{{ end }}
|
||||
proxy_timeout {{ $cfg.ProxyStreamTimeout }};
|
||||
proxy_pass tcp-{{ $tcpServer.Port }}-{{ $tcpServer.Backend.Namespace }}-{{ $tcpServer.Backend.Name }}-{{ $tcpServer.Backend.Port }};
|
||||
{{ if $tcpServer.Backend.ProxyProtocol.Encode }}
|
||||
proxy_protocol on;
|
||||
{{ end }}
|
||||
}
|
||||
|
||||
{{ end }}
|
||||
|
||||
# UDP services
|
||||
{{ range $udpServer := .UDPBackends }}
|
||||
upstream udp-{{ $udpServer.Port }}-{{ $udpServer.Backend.Namespace }}-{{ $udpServer.Backend.Name }}-{{ $udpServer.Backend.Port }} {
|
||||
{{ range $endpoint := $udpServer.Endpoints }}
|
||||
server {{ $endpoint.Address | formatIP }}:{{ $endpoint.Port }};
|
||||
{{ end }}
|
||||
}
|
||||
|
||||
server {
|
||||
{{ range $address := $all.Cfg.BindAddressIpv4 }}
|
||||
listen {{ $address }}:{{ $udpServer.Port }} udp;
|
||||
{{ else }}
|
||||
listen {{ $udpServer.Port }} udp;
|
||||
{{ end }}
|
||||
{{ if $IsIPV6Enabled }}
|
||||
{{ range $address := $all.Cfg.BindAddressIpv6 }}
|
||||
listen {{ $address }}:{{ $udpServer.Port }} udp;
|
||||
{{ else }}
|
||||
listen [::]:{{ $udpServer.Port }} udp;
|
||||
{{ end }}
|
||||
{{ end }}
|
||||
proxy_responses {{ $cfg.ProxyStreamResponses }};
|
||||
proxy_timeout {{ $cfg.ProxyStreamTimeout }};
|
||||
proxy_pass udp-{{ $udpServer.Port }}-{{ $udpServer.Backend.Namespace }}-{{ $udpServer.Backend.Name }}-{{ $udpServer.Backend.Port }};
|
||||
}
|
||||
|
||||
{{ end }}
|
||||
}
|
||||
|
||||
{{/* definition of templates to avoid repetitions */}}
|
||||
|
|
|
|||
Loading…
Reference in a new issue