DevFW-CICD/ingress-nginx-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add more directives and fix lint

Browse source
This commit is contained in:
Ricardo Katz 2024-07-21 22:38:57 +00:00
parent fce3efdb94
commit 6701e3211c
9 changed files with 117 additions and 53 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
internal/ingress/controller/template/crossplane/config.go
View file

@ -20,7 +20,7 @@ import (
ngx_crossplane "github.com/nginxinc/nginx-go-crossplane" ngx_crossplane "github.com/nginxinc/nginx-go-crossplane"
) )
func (c *CrossplaneTemplate) buildConfig() { func (c *Template) buildConfig() {
// Write basic directives // Write basic directives
config := &ngx_crossplane.Config{ config := &ngx_crossplane.Config{
Parsed: ngx_crossplane.Directives{ Parsed: ngx_crossplane.Directives{

10
internal/ingress/controller/template/crossplane/crossplane.go
View file

@ -34,16 +34,16 @@ Unsupported directives:
// On this case we will try to use the go ngx_crossplane to write the template instead of the template renderer // On this case we will try to use the go ngx_crossplane to write the template instead of the template renderer
type CrossplaneTemplate struct { type Template struct {
options *ngx_crossplane.BuildOptions options *ngx_crossplane.BuildOptions
config *ngx_crossplane.Config config *ngx_crossplane.Config
tplConfig *config.TemplateConfig tplConfig *config.TemplateConfig
mimeFile string mimeFile string
} }
func NewCrossplaneTemplate() *CrossplaneTemplate { func NewTemplate() *Template {
lua := ngx_crossplane.Lua{} lua := ngx_crossplane.Lua{}
return &CrossplaneTemplate{ return &Template{
mimeFile: "/etc/nginx/mime.types", mimeFile: "/etc/nginx/mime.types",
options: &ngx_crossplane.BuildOptions{ options: &ngx_crossplane.BuildOptions{
Builders: []ngx_crossplane.RegisterBuilder{ Builders: []ngx_crossplane.RegisterBuilder{
@ -53,11 +53,11 @@ func NewCrossplaneTemplate() *CrossplaneTemplate {
} }
} }
func (c *CrossplaneTemplate) SetMimeFile(file string) { func (c *Template) SetMimeFile(file string) {
c.mimeFile = file c.mimeFile = file
} }
func (c *CrossplaneTemplate) Write(conf *config.TemplateConfig) ([]byte, error) { func (c *Template) Write(conf *config.TemplateConfig) ([]byte, error) {
c.tplConfig = conf c.tplConfig = conf
// build root directives // build root directives

4
internal/ingress/controller/template/crossplane/crossplane_internal_test.go
View file

@ -48,7 +48,7 @@ func Test_Internal_buildEvents(t *testing.T) {
}, },
} }
cplane := NewCrossplaneTemplate() cplane := NewTemplate()
cplane.config = &c cplane.config = &c
cplane.tplConfig = tplConfig cplane.tplConfig = tplConfig
cplane.buildEvents() cplane.buildEvents()
@ -81,7 +81,7 @@ func Test_Internal_buildEvents(t *testing.T) {
}, },
} }
cplane := NewCrossplaneTemplate() cplane := NewTemplate()
cplane.config = &c cplane.config = &c
cplane.tplConfig = tplConfig cplane.tplConfig = tplConfig
cplane.buildEvents() cplane.buildEvents()

11
internal/ingress/controller/template/crossplane/crossplane_internal_utils_test.go
View file

@ -19,6 +19,7 @@ package crossplane
import ( import (
"testing" "testing"
ngx_crossplane "github.com/nginxinc/nginx-go-crossplane"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
"k8s.io/ingress-nginx/internal/ingress/controller/config" "k8s.io/ingress-nginx/internal/ingress/controller/config"
) )
@ -36,6 +37,16 @@ func Test_Internal_buildDirectives(t *testing.T) {
}) })
} }
func Test_Internal_buildMapDirectives(t *testing.T) {
t.Run("should be able to run build a map directive with empty block", func(t *testing.T) {
directive := buildMapDirective("somedirective", "bla", ngx_crossplane.Directives{buildDirective("something", "otherstuff")})
require.Equal(t, directive.Directive, "map")
require.Equal(t, directive.Args, []string{"somedirective", "bla"})
require.Equal(t, directive.Block[0].Directive, "something")
require.Equal(t, directive.Block[0].Args, []string{"otherstuff"})
})
}
func Test_Internal_boolToStr(t *testing.T) { func Test_Internal_boolToStr(t *testing.T) {
require.Equal(t, boolToStr(true), "on") require.Equal(t, boolToStr(true), "on")
require.Equal(t, boolToStr(false), "off") require.Equal(t, boolToStr(false), "off")

4
internal/ingress/controller/template/crossplane/crossplane_test.go
View file

@ -36,7 +36,7 @@ types {
} }
` `
// TestCrossplaneTemplate should be a roundtrip test. // TestTemplate should be a roundtrip test.
// We should initialize the scenarios based on the template configuration // We should initialize the scenarios based on the template configuration
// Then Parse and write a crossplane configuration, and roundtrip/parse back to check // Then Parse and write a crossplane configuration, and roundtrip/parse back to check
// if the directives matches // if the directives matches
@ -69,7 +69,7 @@ func TestCrossplaneTemplate(t *testing.T) {
} }
tplConfig.Cfg.DefaultSSLCertificate = defaultCertificate tplConfig.Cfg.DefaultSSLCertificate = defaultCertificate
tpl := crossplane.NewCrossplaneTemplate() tpl := crossplane.NewTemplate()
tpl.SetMimeFile(mimeFile.Name()) tpl.SetMimeFile(mimeFile.Name())
content, err := tpl.Write(tplConfig) content, err := tpl.Write(tplConfig)
require.NoError(t, err) require.NoError(t, err)

2
internal/ingress/controller/template/crossplane/events.go
View file

@ -20,7 +20,7 @@ import (
ngx_crossplane "github.com/nginxinc/nginx-go-crossplane" ngx_crossplane "github.com/nginxinc/nginx-go-crossplane"
) )
func (c *CrossplaneTemplate) buildEvents() { func (c *Template) buildEvents() {
events := &ngx_crossplane.Directive{ events := &ngx_crossplane.Directive{
Directive: "events", Directive: "events",
Block: ngx_crossplane.Directives{ Block: ngx_crossplane.Directives{

72
internal/ingress/controller/template/crossplane/http.go
View file

@ -24,7 +24,7 @@ import (
ngx_crossplane "github.com/nginxinc/nginx-go-crossplane" ngx_crossplane "github.com/nginxinc/nginx-go-crossplane"
) )
func (c *CrossplaneTemplate) initHTTPDirectives() ngx_crossplane.Directives { func (c *Template) initHTTPDirectives() ngx_crossplane.Directives {
cfg := c.tplConfig.Cfg cfg := c.tplConfig.Cfg
httpBlock := ngx_crossplane.Directives{ httpBlock := ngx_crossplane.Directives{
buildDirective("lua_package_path", "/etc/nginx/lua/?.lua;;"), buildDirective("lua_package_path", "/etc/nginx/lua/?.lua;;"),
@ -81,7 +81,7 @@ func (c *CrossplaneTemplate) initHTTPDirectives() ngx_crossplane.Directives {
return httpBlock return httpBlock
} }
func (c *CrossplaneTemplate) buildHTTP() { func (c *Template) buildHTTP() {
cfg := c.tplConfig.Cfg cfg := c.tplConfig.Cfg
httpBlock := c.initHTTPDirectives() httpBlock := c.initHTTPDirectives()
httpBlock = append(httpBlock, buildLuaSharedDictionaries(&c.tplConfig.Cfg)...) httpBlock = append(httpBlock, buildLuaSharedDictionaries(&c.tplConfig.Cfg)...)
@ -147,18 +147,12 @@ func (c *CrossplaneTemplate) buildHTTP() {
httpBlock = append(httpBlock, buildDirective("log_format", "upstreaminfo", escape, cfg.LogFormatUpstream)) httpBlock = append(httpBlock, buildDirective("log_format", "upstreaminfo", escape, cfg.LogFormatUpstream))
// buildMap directive loggableMap := make(ngx_crossplane.Directives, 0)
mapLogDirective := &ngx_crossplane.Directive{
Directive: "map",
Args: []string{"$request_uri", "$loggable"},
Block: make(ngx_crossplane.Directives, 0),
}
for k := range cfg.SkipAccessLogURLs { for k := range cfg.SkipAccessLogURLs {
mapLogDirective.Block = append(mapLogDirective.Block, buildDirective(cfg.SkipAccessLogURLs[k], "0")) loggableMap = append(loggableMap, buildDirective(cfg.SkipAccessLogURLs[k], "0"))
} }
mapLogDirective.Block = append(mapLogDirective.Block, buildDirective("default", "1")) loggableMap = append(loggableMap, buildDirective("default", "1"))
httpBlock = append(httpBlock, mapLogDirective) httpBlock = append(httpBlock, buildMapDirective("$request_uri", "$loggable", loggableMap))
// end of build mapLog
if cfg.DisableAccessLog || cfg.DisableHTTPAccessLog { if cfg.DisableAccessLog || cfg.DisableHTTPAccessLog {
httpBlock = append(httpBlock, buildDirective("access_log", "off")) httpBlock = append(httpBlock, buildDirective("access_log", "off"))
@ -181,6 +175,60 @@ func (c *CrossplaneTemplate) buildHTTP() {
httpBlock = append(httpBlock, buildDirective("error_log", cfg.ErrorLogPath, cfg.ErrorLogLevel)) httpBlock = append(httpBlock, buildDirective("error_log", cfg.ErrorLogPath, cfg.ErrorLogLevel))
} }
if cfg.SSLSessionCache {
httpBlock = append(httpBlock,
buildDirective("ssl_session_cache", fmt.Sprintf("shared:SSL:%s", cfg.SSLSessionCacheSize)),
buildDirective("ssl_session_timeout", cfg.SSLSessionTimeout),
)
}
if cfg.SSLSessionTicketKey != "" {
httpBlock = append(httpBlock, buildDirective("ssl_session_ticket_key", "/etc/ingress-controller/tickets.key"))
}
if cfg.SSLCiphers != "" {
httpBlock = append(httpBlock,
buildDirective("ssl_ciphers", cfg.SSLCiphers),
buildDirective("ssl_prefer_server_ciphers", "on"),
)
}
if cfg.SSLDHParam != "" {
httpBlock = append(httpBlock, buildDirective("ssl_dhparam", cfg.SSLDHParam))
}
if len(cfg.CustomHTTPErrors) > 0 && !cfg.DisableProxyInterceptErrors {
httpBlock = append(httpBlock, buildDirective("proxy_intercept_errors", "on"))
}
httpUpgradeMap := ngx_crossplane.Directives{buildDirective("default", "upgrade")}
if cfg.UpstreamKeepaliveConnections < 1 {
httpUpgradeMap = append(httpUpgradeMap, buildDirective("", "close"))
}
httpBlock = append(httpBlock, buildMapDirective("$http_upgrade", "$connection_upgrade", httpUpgradeMap))
reqIDMap := ngx_crossplane.Directives{buildDirective("default", "$http_x_request_id")}
if cfg.GenerateRequestID {
reqIDMap = append(reqIDMap, buildDirective("", "$request_id"))
}
httpBlock = append(httpBlock, buildMapDirective("$http_x_request_id", "$req_id", reqIDMap))
if cfg.UseForwardedHeaders && cfg.ComputeFullForwardedFor {
forwardForMap := make(ngx_crossplane.Directives, 0)
if cfg.UseProxyProtocol {
forwardForMap = append(forwardForMap,
buildDirective("default", "$http_x_forwarded_for, $proxy_protocol_addr"),
buildDirective("", "$http_x_forwarded_for, $proxy_protocol_addr"),
)
} else {
forwardForMap = append(forwardForMap,
buildDirective("default", "$http_x_forwarded_for, $realip_remote_addr"),
buildDirective("", "$realip_remote_addr"),
)
}
httpBlock = append(httpBlock, buildMapDirective("$http_x_forwarded_for", "$full_x_forwarded_for", forwardForMap))
}
c.config.Parsed = append(c.config.Parsed, &ngx_crossplane.Directive{ c.config.Parsed = append(c.config.Parsed, &ngx_crossplane.Directive{
Directive: "http", Directive: "http",
Block: httpBlock, Block: httpBlock,

54
internal/ingress/controller/template/crossplane/testdata/nginx.tmpl vendored
View file

@ -10,6 +10,7 @@
# MIGRATED # MIGRATED
pid {{ .PID }}; pid {{ .PID }};
# MODULES ARE NOT MIGRATED YET!
{{ if $cfg.EnableBrotli }} {{ if $cfg.EnableBrotli }}
load_module /etc/nginx/modules/ngx_http_brotli_filter_module.so; load_module /etc/nginx/modules/ngx_http_brotli_filter_module.so;
load_module /etc/nginx/modules/ngx_http_brotli_static_module.so; load_module /etc/nginx/modules/ngx_http_brotli_static_module.so;
@ -23,10 +24,9 @@ load_module /etc/nginx/modules/ngx_http_auth_digest_module.so;
load_module /etc/nginx/modules/otel_ngx_module.so; load_module /etc/nginx/modules/otel_ngx_module.so;
{{ end }} {{ end }}
# MIGRATED # MIGRATED 1
daemon off; daemon off;
# MIGRATED 1
worker_processes {{ $cfg.WorkerProcesses }}; worker_processes {{ $cfg.WorkerProcesses }};
{{ if gt (len $cfg.WorkerCPUAffinity) 0 }} {{ if gt (len $cfg.WorkerCPUAffinity) 0 }}
worker_cpu_affinity {{ $cfg.WorkerCPUAffinity }}; worker_cpu_affinity {{ $cfg.WorkerCPUAffinity }};
@ -38,9 +38,6 @@ worker_rlimit_nofile {{ $cfg.MaxWorkerOpenFiles }};
{{/* avoid waiting too long during a reload */}} {{/* avoid waiting too long during a reload */}}
worker_shutdown_timeout {{ $cfg.WorkerShutdownTimeout }} ; worker_shutdown_timeout {{ $cfg.WorkerShutdownTimeout }} ;
# END MIGRATED 1
# MIGRATED EVENTS
events { events {
multi_accept {{ if $cfg.EnableMultiAccept }}on{{ else }}off{{ end }}; multi_accept {{ if $cfg.EnableMultiAccept }}on{{ else }}off{{ end }};
worker_connections {{ $cfg.MaxWorkerConnections }}; worker_connections {{ $cfg.MaxWorkerConnections }};
@ -49,7 +46,8 @@ events {
debug_connection {{ $v }}; debug_connection {{ $v }};
{{ end }} {{ end }}
} }
# END MIGRATED EVENTS
# END MIGRATED 1
http { http {
{{ if (shouldLoadOpentelemetryModule $cfg $servers) }} {{ if (shouldLoadOpentelemetryModule $cfg $servers) }}
@ -129,7 +127,7 @@ http {
plugins.run() plugins.run()
} }
# MIGRATED REALIP # MIGRATED VARIOUS 1
{{/* Enable the real_ip module only if we use either X-Forwarded headers or Proxy Protocol. */}} {{/* Enable the real_ip module only if we use either X-Forwarded headers or Proxy Protocol. */}}
{{/* we use the value of the real IP for the geo_ip module */}} {{/* we use the value of the real IP for the geo_ip module */}}
{{ if or (or $cfg.UseForwardedHeaders $cfg.UseProxyProtocol) $cfg.EnableRealIP }} {{ if or (or $cfg.UseForwardedHeaders $cfg.UseProxyProtocol) $cfg.EnableRealIP }}
@ -144,9 +142,7 @@ http {
set_real_ip_from {{ $trusted_ip }}; set_real_ip_from {{ $trusted_ip }};
{{ end }} {{ end }}
{{ end }} {{ end }}
# END MIGRATED REAL IP
# MIGRATED VARIOUS 1
aio threads; aio threads;
{{ if $cfg.EnableAioWrite }} {{ if $cfg.EnableAioWrite }}
@ -287,17 +283,6 @@ http {
proxy_ssl_session_reuse on; proxy_ssl_session_reuse on;
# END MIGRATED VARIOUS 1
{{ buildOpentelemetry $cfg $servers }}
{{ if $cfg.EnableBrotli }}
brotli on;
brotli_comp_level {{ $cfg.BrotliLevel }};
brotli_min_length {{ $cfg.BrotliMinLength }};
brotli_types {{ $cfg.BrotliTypes }};
{{ end }}
# See https://www.nginx.com/blog/websocket-nginx # See https://www.nginx.com/blog/websocket-nginx
map $http_upgrade $connection_upgrade { map $http_upgrade $connection_upgrade {
default upgrade; default upgrade;
@ -318,6 +303,9 @@ http {
{{ end }} {{ end }}
} }
# Cache for internal auth checks
proxy_cache_path /tmp/nginx/nginx-cache-auth levels=1:2 keys_zone=auth_cache:10m max_size=128m inactive=30m use_temp_path=off;
{{ if and $cfg.UseForwardedHeaders $cfg.ComputeFullForwardedFor }} {{ if and $cfg.UseForwardedHeaders $cfg.ComputeFullForwardedFor }}
# We can't use $proxy_add_x_forwarded_for because the realip module # We can't use $proxy_add_x_forwarded_for because the realip module
# replaces the remote_addr too soon # replaces the remote_addr too soon
@ -333,12 +321,6 @@ http {
{{ end }} {{ end }}
# Create a variable that contains the literal $ character.
# This works because the geo module will not resolve variables.
geo $literal_dollar {
default "$";
}
# turn on session caching to drastically improve performance # turn on session caching to drastically improve performance
{{ if $cfg.SSLSessionCache }} {{ if $cfg.SSLSessionCache }}
ssl_session_cache shared:SSL:{{ $cfg.SSLSessionCacheSize }}; ssl_session_cache shared:SSL:{{ $cfg.SSLSessionCacheSize }};
@ -364,6 +346,23 @@ http {
proxy_intercept_errors on; proxy_intercept_errors on;
{{ end }} {{ end }}
# END MIGRATED VARIOUS 1
{{ buildOpentelemetry $cfg $servers }}
{{ if $cfg.EnableBrotli }}
brotli on;
brotli_comp_level {{ $cfg.BrotliLevel }};
brotli_min_length {{ $cfg.BrotliMinLength }};
brotli_types {{ $cfg.BrotliTypes }};
{{ end }}
# Create a variable that contains the literal $ character.
# This works because the geo module will not resolve variables.
geo $literal_dollar {
default "$";
}
{{ range $errCode := $cfg.CustomHTTPErrors }} {{ range $errCode := $cfg.CustomHTTPErrors }}
error_page {{ $errCode }} = @custom_upstream-default-backend_{{ $errCode }};{{ end }} error_page {{ $errCode }} = @custom_upstream-default-backend_{{ $errCode }};{{ end }}
@ -410,9 +409,6 @@ http {
{{ $zone }} {{ $zone }}
{{ end }} {{ end }}
# Cache for internal auth checks
proxy_cache_path /tmp/nginx/nginx-cache-auth levels=1:2 keys_zone=auth_cache:10m max_size=128m inactive=30m use_temp_path=off;
# Global filters # Global filters
{{ range $ip := $cfg.BlockCIDRs }}deny {{ trimSpace $ip }}; {{ range $ip := $cfg.BlockCIDRs }}deny {{ trimSpace $ip }};
{{ end }} {{ end }}

9
internal/ingress/controller/template/crossplane/utils.go
View file

@ -85,6 +85,15 @@ func buildResolversInternal(res []net.IP, disableIpv6 bool) []string {
return r return r
} }
// buildMapDirective is used to build a map directive
func buildMapDirective(name, variable string, block ngx_crossplane.Directives) *ngx_crossplane.Directive {
return &ngx_crossplane.Directive{
Directive: "map",
Args: []string{name, variable},
Block: block,
}
}
func boolToStr(b bool) string { func boolToStr(b bool) string {
if b { if b {
return "on" return "on"