Merge branch 'master' of https://github.com/kubernetes/ingress-nginx

2017-10-19 18:04:14 -07:00 · 2017-10-19 18:04:14 -07:00 · 6ea6921562
commit 6ea6921562
parent c0986f4a14 99a355f25d
9 changed files with 58 additions and 14 deletions
--- a/README.md
+++ b/README.md
@ -39,6 +39,7 @@ An Ingress Controller is a daemon, deployed as a Kubernetes Pod, that watches th
 - [Proxy Protocol](#proxy-protocol)
 - [ModSecurity Web Application Firewall](docs/user-guide/modsecurity.md)
 - [OpenTracing](docs/user-guide/opentracing.md)
+- [VTS and Prometheus metrics](docs/examples/customization/custom-vts-metrics-prometheus/README.md)
 - [Custom errors](docs/user-guide/custom-errors.md)
 - [NGINX status page](docs/user-guide/nginx-status-page.md)
 - [Running multiple ingress controllers](#running-multiple-ingress-controllers)
--- a/deploy/README.md
+++ b/deploy/README.md
@ -66,7 +66,7 @@ minikube addons enable ingress
 ### AWS

 In AWS we use an Elastic Load Balancer (ELB) to expose the NGINX Ingress controller behind a Service of `Type=LoadBalancer`.
-This setup requires to choose in wich layer (L4 or L7) we want to configure the ELB:
+This setup requires to choose in which layer (L4 or L7) we want to configure the ELB:

 - [Layer 4](https://en.wikipedia.org/wiki/OSI_model#Layer_4:_Transport_Layer): use TCP as the listener protocol for ports 80 and 443.
 - [Layer 7](https://en.wikipedia.org/wiki/OSI_model#Layer_7:_Application_Layer): use HTTP as the listener protocol for port 80 and terminate TLS in the ELB
--- a/deploy/provider/gce-gke/service.yaml
+++ b/deploy/provider/gce-gke/service.yaml
@ -16,4 +16,4 @@ spec:
    targetPort: http
  - name: https
    port: 443
-    targetPort: http
+    targetPort: https
--- a/docs/user-guide/annotations.md
+++ b/docs/user-guide/annotations.md
@ -28,6 +28,7 @@ The following annotations are supported:
 |[ingress.kubernetes.io/proxy-connect-timeout](#custom-timeouts)|number|
 |[ingress.kubernetes.io/proxy-send-timeout](#custom-timeouts)|number|
 |[ingress.kubernetes.io/proxy-read-timeout](#custom-timeouts)|number|
+|[ingress.kubernetes.io/proxy-next-upstream](#custom-timeouts)|string|
 |[ingress.kubernetes.io/proxy-request-buffering](#custom-timeouts)|string|
 |[ingress.kubernetes.io/rewrite-target](#rewrite)|URI|
 |[ingress.kubernetes.io/secure-backends](#secure-backends)|true or false|
@ -313,6 +314,7 @@ In some scenarios is required to have different values. To allow this we provide
 - `ingress.kubernetes.io/proxy-connect-timeout`
 - `ingress.kubernetes.io/proxy-send-timeout`
 - `ingress.kubernetes.io/proxy-read-timeout`
+- `ingress.kubernetes.io/proxy-next-upstream`
 - `ingress.kubernetes.io/proxy-request-buffering`

 ### Custom max body size
--- a/pkg/ingress/controller/controller.go
+++ b/pkg/ingress/controller/controller.go
@ -1219,7 +1219,7 @@ func (ic *GenericController) Start() {

 	time.Sleep(5 * time.Second)
 	// initial sync of secrets to avoid unnecessary reloads
-	glog.Info("running initial sync of secret")
+	glog.Info("running initial sync of secrets")
 	for _, obj := range ic.listers.Ingress.List() {
 		ing := obj.(*extensions.Ingress)

--- a/pkg/ingress/controller/launch.go
+++ b/pkg/ingress/controller/launch.go
@ -109,6 +109,9 @@ func NewIngressController(backend ingress.Controller) *GenericController {
 	flags.AddGoFlagSet(flag.CommandLine)
 	backend.ConfigureFlags(flags)
 	flags.Parse(os.Args)
+	// Workaround for this issue:
+	// https://github.com/kubernetes/kubernetes/issues/17162
+	flag.CommandLine.Parse([]string{})
 	backend.OverrideFlags(flags)

 	flag.Set("logtostderr", "true")
--- a/pkg/nginx/template/template.go
+++ b/pkg/nginx/template/template.go
@ -44,6 +44,7 @@ import (

 const (
 	slash         = "/"
+	nonIdempotent = "non_idempotent"
 	defBufferSize = 65535
 )

@ -548,20 +549,30 @@ func isSticky(host string, loc *ingress.Location, stickyLocations map[string][]s
 	return false
 }

-func buildNextUpstream(input interface{}) string {
-	nextUpstream, ok := input.(string)
+func buildNextUpstream(i, r interface{}) string {
+	nextUpstream, ok := i.(string)
 	if !ok {
-		glog.Errorf("expected a 'string' type but %T was returned", input)
+		glog.Errorf("expected a 'string' type but %T was returned", i)
 		return ""
 	}

+	retryNonIdempotent := r.(bool)
+
 	parts := strings.Split(nextUpstream, " ")

 	nextUpstreamCodes := make([]string, 0, len(parts))
 	for _, v := range parts {
-		if v != "" && v != "non_idempotent" {
+		if v != "" && v != nonIdempotent {
 			nextUpstreamCodes = append(nextUpstreamCodes, v)
 		}
+
+		if v == nonIdempotent {
+			retryNonIdempotent = true
+		}
+	}
+
+	if retryNonIdempotent {
+		nextUpstreamCodes = append(nextUpstreamCodes, nonIdempotent)
 	}

 	return strings.Join(nextUpstreamCodes, " ")
--- a/pkg/nginx/template/template_test.go
+++ b/pkg/nginx/template/template_test.go
@ -311,13 +311,40 @@ func TestBuildResolvers(t *testing.T) {
 }

 func TestBuildNextUpstream(t *testing.T) {
-	nextUpstream := "timeout http_500 http_502 non_idempotent"
-	validNextUpstream := "timeout http_500 http_502"
+	cases := map[string]struct {
+		NextUpstream  string
+		NonIdempotent bool
+		Output        string
+	}{
+		"default": {
+			"timeout http_500 http_502",
+			false,
+			"timeout http_500 http_502",
+		},
+		"global": {
+			"timeout http_500 http_502",
+			true,
+			"timeout http_500 http_502 non_idempotent",
+		},
+		"local": {
+			"timeout http_500 http_502 non_idempotent",
+			false,
+			"timeout http_500 http_502 non_idempotent",
+		},
+	}

-	buildNextUpstream := buildNextUpstream(nextUpstream)
-
-	if buildNextUpstream != validNextUpstream {
-		t.Errorf("Expected '%v' but returned '%v'", validNextUpstream, buildNextUpstream)
+	for k, tc := range cases {
+		nextUpstream := buildNextUpstream(tc.NextUpstream, tc.NonIdempotent)
+		if nextUpstream != tc.Output {
+			t.Errorf(
+				"%s: called buildNextUpstream('%s', %v); expected '%v' but returned '%v'",
+				k,
+				tc.NextUpstream,
+				tc.NonIdempotent,
+				tc.Output,
+				nextUpstream,
+			)
+		}
 	}
 }

--- a/rootfs/etc/nginx/template/nginx.tmpl
+++ b/rootfs/etc/nginx/template/nginx.tmpl
@ -798,7 +798,7 @@ stream {
            proxy_cookie_path                       {{ $location.Proxy.CookiePath }};

            # In case of errors try the next upstream server before returning an error
-            proxy_next_upstream                     {{ buildNextUpstream $location.Proxy.NextUpstream }}{{ if $all.Cfg.RetryNonIdempotent }} non_idempotent{{ end }};
+            proxy_next_upstream                     {{ buildNextUpstream $location.Proxy.NextUpstream $all.Cfg.RetryNonIdempotent }};

            {{/* rewrite only works if the content is not compressed */}}
            {{ if $location.Rewrite.AddBaseURL }}