diff --git a/controllers/nginx/README.md b/controllers/nginx/README.md index fbdd9ae65..2a4bb2c68 100644 --- a/controllers/nginx/README.md +++ b/controllers/nginx/README.md @@ -314,8 +314,8 @@ version to fully support Kube-Lego is nginx Ingress controller 0.8. ## Exposing TCP services -Ingress does not support TCP services (yet). For this reason this Ingress controller uses the flag `--tcp-services-configmap` to point to an existing config map where the key is the external port to use and the value is `:` -It is possible to use a number or the name of the port. +Ingress does not support TCP services (yet). For this reason this Ingress controller uses the flag `--tcp-services-configmap` to point to an existing config map where the key is the external port to use and the value is `::[PROXY]` +It is possible to use a number or the name of the port. The last field is optional. Adding `PROXY` in the last field we can enable Proxy Protocol in a TCP service. The next example shows how to expose the service `example-go` running in the namespace `default` in the port `8080` using the port `9000` ``` diff --git a/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl b/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl index 3817e3f5c..e95f2d53c 100644 --- a/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl +++ b/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl @@ -562,22 +562,22 @@ stream { # TCP services {{ range $i, $tcpServer := .TCPBackends }} - upstream tcp-{{ $tcpServer.Backend.Namespace }}-{{ $tcpServer.Backend.Name }}-{{ $tcpServer.Backend.Port }} { + upstream tcp-{{ $tcpServer.Port }}-{{ $tcpServer.Backend.Namespace }}-{{ $tcpServer.Backend.Name }}-{{ $tcpServer.Backend.Port }} { {{ range $j, $endpoint := $tcpServer.Endpoints }} server {{ $endpoint.Address }}:{{ $endpoint.Port }}; {{ end }} } - server { - listen {{ $tcpServer.Port }}; - {{ if $IsIPV6Enabled }}listen [::]:{{ $tcpServer.Port }};{{ end }} - proxy_pass tcp-{{ $tcpServer.Backend.Namespace }}-{{ $tcpServer.Backend.Name }}-{{ $tcpServer.Backend.Port }}; + listen {{ $tcpServer.Port }}{{ if $tcpServer.Backend.UseProxyProtocol }} proxy_protocol{{ end }}; + {{ if $IsIPV6Enabled }}listen [::]:{{ $tcpServer.Port }}{{ if $tcpServer.Backend.UseProxyProtocol }} proxy_protocol{{ end }};{{ end }} + proxy_pass tcp-{{ $tcpServer.Port }}-{{ $tcpServer.Backend.Namespace }}-{{ $tcpServer.Backend.Name }}-{{ $tcpServer.Backend.Port }}; } + {{ end }} # UDP services {{ range $i, $udpServer := .UDPBackends }} - upstream udp-{{ $udpServer.Backend.Namespace }}-{{ $udpServer.Backend.Name }}-{{ $udpServer.Backend.Port }} { + upstream udp-{{ $udpServer.Port }}-{{ $udpServer.Backend.Namespace }}-{{ $udpServer.Backend.Name }}-{{ $udpServer.Backend.Port }} { {{ range $j, $endpoint := $udpServer.Endpoints }} server {{ $endpoint.Address }}:{{ $endpoint.Port }}; {{ end }} @@ -587,7 +587,7 @@ stream { listen {{ $udpServer.Port }} udp; {{ if $IsIPV6Enabled }}listen [::]:{{ $udpServer.Port }} udp;{{ end }} proxy_responses 1; - proxy_pass udp-{{ $udpServer.Backend.Namespace }}-{{ $udpServer.Backend.Name }}-{{ $udpServer.Backend.Port }}; + proxy_pass udp-{{ $udpServer.Port }}-{{ $udpServer.Backend.Namespace }}-{{ $udpServer.Backend.Name }}-{{ $udpServer.Backend.Port }}; } {{ end }} } diff --git a/core/pkg/ingress/controller/controller.go b/core/pkg/ingress/controller/controller.go index 68eca2046..ff9e0ba0a 100644 --- a/core/pkg/ingress/controller/controller.go +++ b/core/pkg/ingress/controller/controller.go @@ -479,13 +479,21 @@ func (ic *GenericController) getStreamServices(configmapName string, proto api.P } nsSvcPort := strings.Split(v, ":") - if len(nsSvcPort) != 2 { - glog.Warningf("invalid format (namespace/name:port) '%v'", k) + if len(nsSvcPort) < 2 { + glog.Warningf("invalid format (namespace/name:port:[PROXY]) '%v'", k) continue } nsName := nsSvcPort[0] svcPort := nsSvcPort[1] + useProxyProtocol := false + + // Proxy protocol is possible if the service is TCP + if len(nsSvcPort) == 3 && proto == api.ProtocolTCP { + if strings.ToUpper(nsSvcPort[2]) == "PROXY" { + useProxyProtocol = true + } + } svcNs, svcName, err := k8s.ParseNameNS(nsName) if err != nil { @@ -537,10 +545,11 @@ func (ic *GenericController) getStreamServices(configmapName string, proto api.P svcs = append(svcs, ingress.L4Service{ Port: externalPort, Backend: ingress.L4Backend{ - Name: svcName, - Namespace: svcNs, - Port: intstr.FromString(svcPort), - Protocol: proto, + Name: svcName, + Namespace: svcNs, + Port: intstr.FromString(svcPort), + Protocol: proto, + UseProxyProtocol: useProxyProtocol, }, Endpoints: endps, }) diff --git a/core/pkg/ingress/types.go b/core/pkg/ingress/types.go index 789c6c824..163286003 100644 --- a/core/pkg/ingress/types.go +++ b/core/pkg/ingress/types.go @@ -319,4 +319,6 @@ type L4Backend struct { Name string `json:"name"` Namespace string `json:"namespace"` Protocol api.Protocol `json:"protocol"` + // +optional + UseProxyProtocol bool `json:"useProxyProtocol"` }