DevFW-CICD/ingress-nginx-helm
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add support for proxy protocol in TCP services

Browse source
This commit is contained in:
Manuel de Brito Fontes 2017-07-02 16:46:15 -04:00
parent 24d78cae8e
commit 6a4679b028
4 changed files with 26 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
controllers/nginx/README.md
View file

@ -314,8 +314,8 @@ version to fully support Kube-Lego is nginx Ingress controller 0.8.
## Exposing TCP services ## Exposing TCP services
Ingress does not support TCP services (yet). For this reason this Ingress controller uses the flag `--tcp-services-configmap` to point to an existing config map where the key is the external port to use and the value is `<namespace/service name>:<service port>` Ingress does not support TCP services (yet). For this reason this Ingress controller uses the flag `--tcp-services-configmap` to point to an existing config map where the key is the external port to use and the value is `<namespace/service name>:<service port>:[PROXY]`
It is possible to use a number or the name of the port. It is possible to use a number or the name of the port. The last field is optional. Adding `PROXY` in the last field we can enable Proxy Protocol in a TCP service.
The next example shows how to expose the service `example-go` running in the namespace `default` in the port `8080` using the port `9000` The next example shows how to expose the service `example-go` running in the namespace `default` in the port `8080` using the port `9000`
``` ```

14
controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl
View file

@ -562,22 +562,22 @@ stream {
# TCP services # TCP services
{{ range $i, $tcpServer := .TCPBackends }} {{ range $i, $tcpServer := .TCPBackends }}
upstream tcp-{{ $tcpServer.Backend.Namespace }}-{{ $tcpServer.Backend.Name }}-{{ $tcpServer.Backend.Port }} { upstream tcp-{{ $tcpServer.Port }}-{{ $tcpServer.Backend.Namespace }}-{{ $tcpServer.Backend.Name }}-{{ $tcpServer.Backend.Port }} {
{{ range $j, $endpoint := $tcpServer.Endpoints }} {{ range $j, $endpoint := $tcpServer.Endpoints }}
server {{ $endpoint.Address }}:{{ $endpoint.Port }}; server {{ $endpoint.Address }}:{{ $endpoint.Port }};
{{ end }} {{ end }}
} }
server { server {
listen {{ $tcpServer.Port }}; listen {{ $tcpServer.Port }}{{ if $tcpServer.Backend.UseProxyProtocol }} proxy_protocol{{ end }};
{{ if $IsIPV6Enabled }}listen [::]:{{ $tcpServer.Port }};{{ end }} {{ if $IsIPV6Enabled }}listen [::]:{{ $tcpServer.Port }}{{ if $tcpServer.Backend.UseProxyProtocol }} proxy_protocol{{ end }};{{ end }}
proxy_pass tcp-{{ $tcpServer.Backend.Namespace }}-{{ $tcpServer.Backend.Name }}-{{ $tcpServer.Backend.Port }}; proxy_pass tcp-{{ $tcpServer.Port }}-{{ $tcpServer.Backend.Namespace }}-{{ $tcpServer.Backend.Name }}-{{ $tcpServer.Backend.Port }};
} }
{{ end }} {{ end }}
# UDP services # UDP services
{{ range $i, $udpServer := .UDPBackends }} {{ range $i, $udpServer := .UDPBackends }}
upstream udp-{{ $udpServer.Backend.Namespace }}-{{ $udpServer.Backend.Name }}-{{ $udpServer.Backend.Port }} { upstream udp-{{ $udpServer.Port }}-{{ $udpServer.Backend.Namespace }}-{{ $udpServer.Backend.Name }}-{{ $udpServer.Backend.Port }} {
{{ range $j, $endpoint := $udpServer.Endpoints }} {{ range $j, $endpoint := $udpServer.Endpoints }}
server {{ $endpoint.Address }}:{{ $endpoint.Port }}; server {{ $endpoint.Address }}:{{ $endpoint.Port }};
{{ end }} {{ end }}
@ -587,7 +587,7 @@ stream {
listen {{ $udpServer.Port }} udp; listen {{ $udpServer.Port }} udp;
{{ if $IsIPV6Enabled }}listen [::]:{{ $udpServer.Port }} udp;{{ end }} {{ if $IsIPV6Enabled }}listen [::]:{{ $udpServer.Port }} udp;{{ end }}
proxy_responses 1; proxy_responses 1;
proxy_pass udp-{{ $udpServer.Backend.Namespace }}-{{ $udpServer.Backend.Name }}-{{ $udpServer.Backend.Port }}; proxy_pass udp-{{ $udpServer.Port }}-{{ $udpServer.Backend.Namespace }}-{{ $udpServer.Backend.Name }}-{{ $udpServer.Backend.Port }};
} }
{{ end }} {{ end }}
} }

21
core/pkg/ingress/controller/controller.go
View file

@ -479,13 +479,21 @@ func (ic *GenericController) getStreamServices(configmapName string, proto api.P
} }
nsSvcPort := strings.Split(v, ":") nsSvcPort := strings.Split(v, ":")
if len(nsSvcPort) != 2 { if len(nsSvcPort) < 2 {
glog.Warningf("invalid format (namespace/name:port) '%v'", k) glog.Warningf("invalid format (namespace/name:port:[PROXY]) '%v'", k)
continue continue
} }
nsName := nsSvcPort[0] nsName := nsSvcPort[0]
svcPort := nsSvcPort[1] svcPort := nsSvcPort[1]
useProxyProtocol := false
// Proxy protocol is possible if the service is TCP
if len(nsSvcPort) == 3 && proto == api.ProtocolTCP {
if strings.ToUpper(nsSvcPort[2]) == "PROXY" {
useProxyProtocol = true
}
}
svcNs, svcName, err := k8s.ParseNameNS(nsName) svcNs, svcName, err := k8s.ParseNameNS(nsName)
if err != nil { if err != nil {
@ -537,10 +545,11 @@ func (ic *GenericController) getStreamServices(configmapName string, proto api.P
svcs = append(svcs, ingress.L4Service{ svcs = append(svcs, ingress.L4Service{
Port: externalPort, Port: externalPort,
Backend: ingress.L4Backend{ Backend: ingress.L4Backend{
Name: svcName, Name: svcName,
Namespace: svcNs, Namespace: svcNs,
Port: intstr.FromString(svcPort), Port: intstr.FromString(svcPort),
Protocol: proto, Protocol: proto,
UseProxyProtocol: useProxyProtocol,
}, },
Endpoints: endps, Endpoints: endps,
}) })

2
core/pkg/ingress/types.go
View file

@ -319,4 +319,6 @@ type L4Backend struct {
Name string `json:"name"` Name string `json:"name"`
Namespace string `json:"namespace"` Namespace string `json:"namespace"`
Protocol api.Protocol `json:"protocol"` Protocol api.Protocol `json:"protocol"`
// +optional
UseProxyProtocol bool `json:"useProxyProtocol"`
} }