Remove support for TCP and UDP services

2018-10-07 10:53:37 -03:00 · 2018-10-07 10:53:37 -03:00 · 44bdc7eb59
commit 44bdc7eb59
parent e8d81034b8
9 changed files with 4 additions and 273 deletions
--- a/cmd/nginx/flags.go
+++ b/cmd/nginx/flags.go
@ -65,19 +65,6 @@ Takes the form "namespace/name". When used together with update-status, the
 controller mirrors the address of this service's endpoints to the load-balancer
 status of all Ingress objects it satisfies.`)
 		tcpConfigMapName = flags.String("tcp-services-configmap", "",
 			`Name of the ConfigMap containing the definition of the TCP services to expose.
 The key in the map indicates the external port to be used. The value is a
 reference to a Service in the form "namespace/name:port", where "port" can
 either be a port number or name. TCP ports 80 and 443 are reserved by the
 controller for servicing HTTP traffic.`)
 		udpConfigMapName = flags.String("udp-services-configmap", "",
 			`Name of the ConfigMap containing the definition of the UDP services to expose.
 The key in the map indicates the external port to be used. The value is a
 reference to a Service in the form "namespace/name:port", where "port" can
 either be a port name or number.`)
 		resyncPeriod = flags.Duration("sync-period", 0,
 			`Period at which the controller forces the repopulation of its local object stores. Disabled by default.`)
@ -240,8 +227,6 @@ dynamic certificates functionality is enabled. Please check the flags --enable-s
 		DefaultService:              *defaultSvc,
 		Namespace:                   *watchNamespace,
 		ConfigMapName:               *configMap,
 		TCPConfigMapName:            *tcpConfigMapName,
 		UDPConfigMapName:            *udpConfigMapName,
 		DefaultSSLCertificate:       *defSSLCertificate,
 		DefaultHealthzURL:           *defHealthzURL,
 		PublishService:              *publishSvc,
--- a/internal/ingress/controller/config/config.go
+++ b/internal/ingress/controller/config/config.go
@ -692,8 +692,6 @@ type TemplateConfig struct {
 	Backends                    []*ingress.Backend
 	PassthroughBackends         []*ingress.SSLPassthroughBackend
 	Servers                     []*ingress.Server
 	TCPBackends                 []ingress.L4Service
 	UDPBackends                 []ingress.L4Service
 	HealthzURI                  string
 	CustomErrors                bool
 	Cfg                         Configuration
--- a/internal/ingress/controller/controller.go
+++ b/internal/ingress/controller/controller.go
@ -21,7 +21,6 @@ import (
 	"math/rand"
 	"sort"
 	"strconv"
 	"strings"
 	"time"
 	"github.com/golang/glog"
@ -61,11 +60,6 @@ type Configuration struct {
 	ForceNamespaceIsolation bool
 	// +optional
 	TCPConfigMapName string
 	// +optional
 	UDPConfigMapName string
 	DefaultHealthzURL     string
 	DefaultSSLCertificate string
@ -160,8 +154,6 @@ func (n *NGINXController) syncIngress(interface{}) error {
 	pcfg := &ingress.Configuration{
 		Backends:              upstreams,
 		Servers:               servers,
 		TCPEndpoints:          n.getStreamServices(n.cfg.TCPConfigMapName, apiv1.ProtocolTCP),
 		UDPEndpoints:          n.getStreamServices(n.cfg.UDPConfigMapName, apiv1.ProtocolUDP),
 		PassthroughBackends:   passUpstreams,
 		BackendConfigChecksum: n.store.GetBackendConfiguration().Checksum,
 	}
@ -225,136 +217,6 @@ func (n *NGINXController) syncIngress(interface{}) error {
 	return nil
 }
 func (n *NGINXController) getStreamServices(configmapName string, proto apiv1.Protocol) []ingress.L4Service {
 	if configmapName == "" {
 		return []ingress.L4Service{}
 	}
 	glog.V(3).Infof("Obtaining information about %v stream services from ConfigMap %q", proto, configmapName)
 	_, _, err := k8s.ParseNameNS(configmapName)
 	if err != nil {
 		glog.Errorf("Error parsing ConfigMap reference %q: %v", configmapName, err)
 		return []ingress.L4Service{}
 	}
 	configmap, err := n.store.GetConfigMap(configmapName)
 	if err != nil {
 		glog.Errorf("Error getting ConfigMap %q: %v", configmapName, err)
 		return []ingress.L4Service{}
 	}
 	var svcs []ingress.L4Service
 	var svcProxyProtocol ingress.ProxyProtocol
 	rp := []int{
 		n.cfg.ListenPorts.HTTP,
 		n.cfg.ListenPorts.HTTPS,
 		n.cfg.ListenPorts.SSLProxy,
 		n.cfg.ListenPorts.Status,
 		n.cfg.ListenPorts.Health,
 		n.cfg.ListenPorts.Default,
 	}
 	reserverdPorts := sets.NewInt(rp...)
 	// svcRef format: <(str)namespace>/<(str)service>:<(intstr)port>[:<("PROXY")decode>:<("PROXY")encode>]
 	for port, svcRef := range configmap.Data {
 		externalPort, err := strconv.Atoi(port)
 		if err != nil {
 			glog.Warningf("%q is not a valid %v port number", port, proto)
 			continue
 		}
 		if reserverdPorts.Has(externalPort) {
 			glog.Warningf("Port %d cannot be used for %v stream services. It is reserved for the Ingress controller.", externalPort, proto)
 			continue
 		}
 		nsSvcPort := strings.Split(svcRef, ":")
 		if len(nsSvcPort) < 2 {
 			glog.Warningf("Invalid Service reference %q for %v port %d", svcRef, proto, externalPort)
 			continue
 		}
 		nsName := nsSvcPort[0]
 		svcPort := nsSvcPort[1]
 		svcProxyProtocol.Decode = false
 		svcProxyProtocol.Encode = false
 		// Proxy Protocol is only compatible with TCP Services
 		if len(nsSvcPort) >= 3 && proto == apiv1.ProtocolTCP {
 			if len(nsSvcPort) >= 3 && strings.ToUpper(nsSvcPort[2]) == "PROXY" {
 				svcProxyProtocol.Decode = true
 			}
 			if len(nsSvcPort) == 4 && strings.ToUpper(nsSvcPort[3]) == "PROXY" {
 				svcProxyProtocol.Encode = true
 			}
 		}
 		svcNs, svcName, err := k8s.ParseNameNS(nsName)
 		if err != nil {
 			glog.Warningf("%v", err)
 			continue
 		}
 		svc, err := n.store.GetService(nsName)
 		if err != nil {
 			glog.Warningf("Error getting Service %q: %v", nsName, err)
 			continue
 		}
 		var endps []ingress.Endpoint
 		targetPort, err := strconv.Atoi(svcPort)
 		if err != nil {
 			// not a port number, fall back to using port name
 			glog.V(3).Infof("Searching Endpoints with %v port name %q for Service %q", proto, svcPort, nsName)
 			for _, sp := range svc.Spec.Ports {
 				if sp.Name == svcPort {
 					if sp.Protocol == proto {
 						endps = getEndpoints(svc, &sp, proto, &healthcheck.Config{}, n.store.GetServiceEndpoints)
 						break
 					}
 				}
 			}
 		} else {
 			glog.V(3).Infof("Searching Endpoints with %v port number %d for Service %q", proto, targetPort, nsName)
 			for _, sp := range svc.Spec.Ports {
 				if sp.Port == int32(targetPort) {
 					if sp.Protocol == proto {
 						endps = getEndpoints(svc, &sp, proto, &healthcheck.Config{}, n.store.GetServiceEndpoints)
 						break
 					}
 				}
 			}
 		}
 		// stream services cannot contain empty upstreams and there is
 		// no default backend equivalent
 		if len(endps) == 0 {
 			glog.Warningf("Service %q does not have any active Endpoint for %v port %v", nsName, proto, svcPort)
 			continue
 		}
 		svcs = append(svcs, ingress.L4Service{
 			Port: externalPort,
 			Backend: ingress.L4Backend{
 				Name:          svcName,
 				Namespace:     svcNs,
 				Port:          intstr.FromString(svcPort),
 				Protocol:      proto,
 				ProxyProtocol: svcProxyProtocol,
 			},
 			Endpoints: endps,
 		})
 	}
 	// Keep upstream order sorted to reduce unnecessary nginx config reloads.
 	sort.SliceStable(svcs, func(i, j int) bool {
 		return svcs[i].Port < svcs[j].Port
 	})
 	return svcs
 }
 // getDefaultUpstream returns the upstream associated with the default backend.
 // Configures the upstream to return HTTP code 503 in case of error.
 func (n *NGINXController) getDefaultUpstream() *ingress.Backend {
--- a/internal/ingress/controller/nginx.go
+++ b/internal/ingress/controller/nginx.go
@ -112,8 +112,6 @@ func NewNGINXController(config *Configuration, mc metric.Collector, fs file.File
 		config.EnableSSLChainCompletion,
 		config.Namespace,
 		config.ConfigMapName,
 		config.TCPConfigMapName,
 		config.UDPConfigMapName,
 		config.DefaultSSLCertificate,
 		config.ResyncPeriod,
 		config.Client,
@ -580,8 +578,6 @@ func (n *NGINXController) OnUpdate(ingressCfg ingress.Configuration) error {
 		Backends:                    ingressCfg.Backends,
 		PassthroughBackends:         ingressCfg.PassthroughBackends,
 		Servers:                     ingressCfg.Servers,
 		TCPBackends:                 ingressCfg.TCPEndpoints,
 		UDPBackends:                 ingressCfg.UDPEndpoints,
 		HealthzURI:                  ngxHealthPath,
 		CustomErrors:                len(cfg.CustomHTTPErrors) > 0,
 		Cfg:                         cfg,
--- a/internal/ingress/controller/store/store.go
+++ b/internal/ingress/controller/store/store.go
@ -218,7 +218,7 @@ type k8sStore struct {
 // New creates a new object store to be used in the ingress controller
 func New(checkOCSP bool,
-	namespace, configmap, tcp, udp, defaultSSLCertificate string,
+	namespace, configmap, defaultSSLCertificate string,
 	resyncPeriod time.Duration,
 	client clientset.Interface,
 	fs file.Filesystem,
@ -473,7 +473,7 @@ func New(checkOCSP bool,
 			cm := obj.(*corev1.ConfigMap)
 			key := k8s.MetaNamespaceKey(cm)
 			// updates to configuration configmaps can trigger an update
-			if key == configmap || key == tcp || key == udp {
+			if key == configmap {
 				recorder.Eventf(cm, corev1.EventTypeNormal, "CREATE", fmt.Sprintf("ConfigMap %v", key))
 				if key == configmap {
 					store.setConfig(cm)
@ -489,7 +489,7 @@ func New(checkOCSP bool,
 				cm := cur.(*corev1.ConfigMap)
 				key := k8s.MetaNamespaceKey(cm)
 				// updates to configuration configmaps can trigger an update
-				if key == configmap || key == tcp || key == udp {
+				if key == configmap {
 					recorder.Eventf(cm, corev1.EventTypeNormal, "UPDATE", fmt.Sprintf("ConfigMap %v", key))
 					if key == configmap {
 						store.setConfig(cm)
--- a/internal/ingress/controller/store/store_test.go
+++ b/internal/ingress/controller/store/store_test.go
@ -32,6 +32,7 @@ import (
 	"encoding/base64"
 	"io/ioutil"
 	"k8s.io/api/core/v1"
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/kubernetes/fake"
@ -62,8 +63,6 @@ func TestStore(t *testing.T) {
 		storer := New(true,
 			ns,
 			fmt.Sprintf("%v/config", ns),
 			fmt.Sprintf("%v/tcp", ns),
 			fmt.Sprintf("%v/udp", ns),
 			"",
 			10*time.Minute,
 			clientSet,
@ -150,8 +149,6 @@ func TestStore(t *testing.T) {
 		storer := New(true,
 			ns,
 			fmt.Sprintf("%v/config", ns),
 			fmt.Sprintf("%v/tcp", ns),
 			fmt.Sprintf("%v/udp", ns),
 			"",
 			10*time.Minute,
 			clientSet,
@ -298,8 +295,6 @@ func TestStore(t *testing.T) {
 		storer := New(true,
 			ns,
 			fmt.Sprintf("%v/config", ns),
 			fmt.Sprintf("%v/tcp", ns),
 			fmt.Sprintf("%v/udp", ns),
 			"",
 			10*time.Minute,
 			clientSet,
@ -387,8 +382,6 @@ func TestStore(t *testing.T) {
 		storer := New(true,
 			ns,
 			fmt.Sprintf("%v/config", ns),
 			fmt.Sprintf("%v/tcp", ns),
 			fmt.Sprintf("%v/udp", ns),
 			"",
 			10*time.Minute,
 			clientSet,
@ -499,8 +492,6 @@ func TestStore(t *testing.T) {
 		storer := New(true,
 			ns,
 			fmt.Sprintf("%v/config", ns),
 			fmt.Sprintf("%v/tcp", ns),
 			fmt.Sprintf("%v/udp", ns),
 			"",
 			10*time.Minute,
 			clientSet,
--- a/internal/ingress/types.go
+++ b/internal/ingress/types.go
@ -53,12 +53,6 @@ type Configuration struct {
 	Backends []*Backend `json:"backends,omitempty"`
 	// Servers
 	Servers []*Server `json:"servers,omitempty"`
 	// TCPEndpoints contain endpoints for tcp streams handled by this backend
 	// +optional
 	TCPEndpoints []L4Service `json:"tcpEndpoints,omitempty"`
 	// UDPEndpoints contain endpoints for udp streams handled by this backend
 	// +optional
 	UDPEndpoints []L4Service `json:"udpEndpoints,omitempty"`
 	// PassthroughBackend contains the backends used for SSL passthrough.
 	// It contains information about the associated Server Name Indication (SNI).
 	// +optional
--- a/internal/ingress/types_equals.go
+++ b/internal/ingress/types_equals.go
@ -53,44 +53,6 @@ func (c1 *Configuration) Equal(c2 *Configuration) bool {
 		}
 	}
 	if len(c1.TCPEndpoints) != len(c2.TCPEndpoints) {
 		return false
 	}
 	for _, tcp1 := range c1.TCPEndpoints {
 		found := false
 		for _, tcp2 := range c2.TCPEndpoints {
 			if (&tcp1).Equal(&tcp2) {
 				found = true
 				break
 			}
 		}
 		if !found {
 			return false
 		}
 	}
 	if len(c1.UDPEndpoints) != len(c2.UDPEndpoints) {
 		return false
 	}
 	for _, udp1 := range c1.UDPEndpoints {
 		found := false
 		for _, udp2 := range c2.UDPEndpoints {
 			if (&udp1).Equal(&udp2) {
 				found = true
 				break
 			}
 		}
 		if !found {
 			return false
 		}
 	}
 	if len(c1.PassthroughBackends) != len(c2.PassthroughBackends) {
 		return false
 	}
 	for _, ptb1 := range c1.PassthroughBackends {
 		found := false
 		for _, ptb2 := range c2.PassthroughBackends {
--- a/rootfs/etc/nginx/template/nginx.tmpl
+++ b/rootfs/etc/nginx/template/nginx.tmpl
@ -697,63 +697,6 @@ stream {
    {{ end }}
    error_log  {{ $cfg.ErrorLogPath }};
    # TCP services
    {{ range $tcpServer := .TCPBackends }}
    upstream tcp-{{ $tcpServer.Port }}-{{ $tcpServer.Backend.Namespace }}-{{ $tcpServer.Backend.Name }}-{{ $tcpServer.Backend.Port }} {
    {{ range $endpoint := $tcpServer.Endpoints }}
        server                  {{ $endpoint.Address | formatIP }}:{{ $endpoint.Port }};
    {{ end }}
    }
    server {
        {{ range $address := $all.Cfg.BindAddressIpv4 }}
        listen                  {{ $address }}:{{ $tcpServer.Port }}{{ if $tcpServer.Backend.ProxyProtocol.Decode }} proxy_protocol{{ end }};
        {{ else }}
        listen                  {{ $tcpServer.Port }}{{ if $tcpServer.Backend.ProxyProtocol.Decode }} proxy_protocol{{ end }};
        {{ end }}
        {{ if $IsIPV6Enabled }}
        {{ range $address := $all.Cfg.BindAddressIpv6 }}
        listen                  {{ $address }}:{{ $tcpServer.Port }}{{ if $tcpServer.Backend.ProxyProtocol.Decode }} proxy_protocol{{ end }};
        {{ else }}
        listen                  [::]:{{ $tcpServer.Port }}{{ if $tcpServer.Backend.ProxyProtocol.Decode }} proxy_protocol{{ end }};
        {{ end }}
        {{ end }}
        proxy_timeout           {{ $cfg.ProxyStreamTimeout }};
        proxy_pass              tcp-{{ $tcpServer.Port }}-{{ $tcpServer.Backend.Namespace }}-{{ $tcpServer.Backend.Name }}-{{ $tcpServer.Backend.Port }};
        {{ if $tcpServer.Backend.ProxyProtocol.Encode }}
        proxy_protocol          on;
        {{ end }}
    }
    {{ end }}
    # UDP services
    {{ range $udpServer := .UDPBackends }}
    upstream udp-{{ $udpServer.Port }}-{{ $udpServer.Backend.Namespace }}-{{ $udpServer.Backend.Name }}-{{ $udpServer.Backend.Port }} {
    {{ range $endpoint := $udpServer.Endpoints }}
        server                  {{ $endpoint.Address | formatIP }}:{{ $endpoint.Port }};
    {{ end }}
    }
    server {
        {{ range $address := $all.Cfg.BindAddressIpv4 }}
        listen                  {{ $address }}:{{ $udpServer.Port }} udp;
        {{ else }}
        listen                  {{ $udpServer.Port }} udp;
        {{ end }}
        {{ if $IsIPV6Enabled }}
        {{ range $address := $all.Cfg.BindAddressIpv6 }}
        listen                  {{ $address }}:{{ $udpServer.Port }} udp;
        {{ else }}
        listen                  [::]:{{ $udpServer.Port }} udp;
        {{ end }}
        {{ end }}
        proxy_responses         {{ $cfg.ProxyStreamResponses }};
        proxy_timeout           {{ $cfg.ProxyStreamTimeout }};
        proxy_pass              udp-{{ $udpServer.Port }}-{{ $udpServer.Backend.Namespace }}-{{ $udpServer.Backend.Name }}-{{ $udpServer.Backend.Port }};
    }
    {{ end }}
 }
 {{/* definition of templates to avoid repetitions */}}