DevFW-CICD/ingress-nginx-helm
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #5262 from foxdalas/geoip2_isp

Browse source 
Add Maxmind Editions support
This commit is contained in:
Kubernetes Prow Robot 2020-03-19 11:48:36 -07:00 committed by GitHub
commit 84619d7b08
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 110 additions and 30 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
cmd/nginx/flags.go
View file

@ -186,6 +186,7 @@ Takes the form "<host>:port". If not provided, no admission controller is starte
flags.StringVar(&nginx.MaxmindLicenseKey, "maxmind-license-key", "", `Maxmind license key to download GeoLite2 Databases.
https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases`)
flags.StringVar(&nginx.MaxmindEditionIDs, "maxmind-edition-ids", "GeoLite2-City,GeoLite2-ASN", `Maxmind edition ids to download GeoLite2 Databases.`)
flag.Set("logtostderr", "true")
@ -310,12 +311,15 @@ https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-g
config.RootCAFile = *rootCAFile
}
if nginx.MaxmindLicenseKey != "" {
if nginx.MaxmindLicenseKey != "" && nginx.MaxmindEditionIDs != "" {
if err := nginx.ValidateGeoLite2DBEditions(); err != nil {
return false, nil, err
}
klog.Info("downloading maxmind GeoIP2 databases...")
err := nginx.DownloadGeoLite2DB()
if err != nil {
if err := nginx.DownloadGeoLite2DB(); err != nil {
klog.Errorf("unexpected error downloading GeoIP2 database: %v", err)
}
config.MaxmindEditionFiles = nginx.MaxmindEditionFiles
}
return false, config, nil

13
cmd/nginx/flags_test.go
View file

@ -75,3 +75,16 @@ func TestFlagConflict(t *testing.T) {
t.Fatalf("Expected an error parsing flags but none returned")
}
}
func TestMaxmindEdition(t *testing.T) {
resetForTesting(func() { t.Fatal("Parsing failed") })
oldArgs := os.Args
defer func() { os.Args = oldArgs }()
os.Args = []string{"cmd", "--publish-service", "namespace/test", "--http-port", "0", "--https-port", "0", "--maxmind-license-key", "0000000", "--maxmind-edition-ids", "GeoLite2-City, TestCheck"}
_, _, err := parseFlags()
if err == nil {
t.Fatalf("Expected an error parsing flags but none returned")
}
}

1
internal/ingress/controller/config/config.go
View file

@ -826,6 +826,7 @@ type TemplateConfig struct {
ListenPorts *ListenPorts
PublishService *apiv1.Service
EnableMetrics bool
MaxmindEditionFiles []string
PID string
StatusPath string

3
internal/ingress/controller/controller.go
View file

@ -98,7 +98,8 @@ type Configuration struct {
ValidationWebhookCertPath string
ValidationWebhookKeyPath string
GlobalExternalAuth *ngx_config.GlobalExternalAuth
GlobalExternalAuth *ngx_config.GlobalExternalAuth
MaxmindEditionFiles []string
}
// GetPublishService returns the Service used to set the load-balancer status of Ingresses.

12
internal/ingress/controller/nginx.go
View file

@ -615,12 +615,12 @@ func (n NGINXController) generateTemplate(cfg ngx_config.Configuration, ingressC
ListenPorts: n.cfg.ListenPorts,
PublishService: n.GetPublishService(),
EnableMetrics: n.cfg.EnableMetrics,
HealthzURI: nginx.HealthPath,
PID: nginx.PID,
StatusPath: nginx.StatusPath,
StatusPort: nginx.StatusPort,
StreamPort: nginx.StreamPort,
MaxmindEditionFiles: n.cfg.MaxmindEditionFiles,
HealthzURI: nginx.HealthPath,
PID: nginx.PID,
StatusPath: nginx.StatusPath,
StatusPort: nginx.StatusPort,
StreamPort: nginx.StreamPort,
}
tc.Cfg.Checksum = ingressCfg.ConfigurationChecksum

60
internal/nginx/maxmind.go
View file

@ -30,12 +30,14 @@ import (
// MaxmindLicenseKey maxmind license key to download databases
var MaxmindLicenseKey = ""
// MaxmindEditionIDs maxmind editions (GeoLite2-City, GeoLite2-Country, GeoIP2-ISP, etc)
var MaxmindEditionIDs = ""
// MaxmindEditionFiles maxmind databases on disk
var MaxmindEditionFiles []string
const (
geoIPPath = "/etc/nginx/geoip"
geoLiteCityDB = "GeoLite2-City"
geoLiteASNDB = "GeoLite2-ASN"
geoIPPath = "/etc/nginx/geoip"
dbExtension = ".mmdb"
maxmindURL = "https://download.maxmind.com/app/geoip_download?license_key=%v&edition_id=%v&suffix=tar.gz"
@ -44,12 +46,10 @@ const (
// GeoLite2DBExists checks if the required databases for
// the GeoIP2 NGINX module are present in the filesystem
func GeoLite2DBExists() bool {
if !fileExists(path.Join(geoIPPath, geoLiteASNDB+dbExtension)) {
return false
}
if !fileExists(path.Join(geoIPPath, geoLiteCityDB+dbExtension)) {
return false
for _, dbName := range strings.Split(MaxmindEditionIDs, ",") {
if !fileExists(path.Join(geoIPPath, dbName+dbExtension)) {
return false
}
}
return true
@ -58,16 +58,13 @@ func GeoLite2DBExists() bool {
// DownloadGeoLite2DB downloads the required databases by the
// GeoIP2 NGINX module using a license key from MaxMind.
func DownloadGeoLite2DB() error {
err := downloadDatabase(geoLiteCityDB)
if err != nil {
return err
for _, dbName := range strings.Split(MaxmindEditionIDs, ",") {
err := downloadDatabase(dbName)
if err != nil {
return err
}
MaxmindEditionFiles = append(MaxmindEditionFiles, dbName+dbExtension)
}
err = downloadDatabase(geoLiteASNDB)
if err != nil {
return err
}
return nil
}
@ -133,6 +130,29 @@ func downloadDatabase(dbName string) error {
fmt.Sprintf(maxmindURL, "XXXXXXX", dbName), mmdbFile)
}
// ValidateGeoLite2DBEditions check provided Maxmind database editions names
func ValidateGeoLite2DBEditions() error {
allowedEditions := map[string]bool{
"GeoIP2-Anonymous-IP": true,
"GeoIP2-Country": true,
"GeoIP2-City": true,
"GeoIP2-Connection-Type": true,
"GeoIP2-Domain": true,
"GeoIP2-ISP": true,
"GeoIP2-ASN": true,
"GeoLite2-ASN": true,
"GeoLite2-Country": true,
"GeoLite2-City": true,
}
for _, edition := range strings.Split(MaxmindEditionIDs, ",") {
if !allowedEditions[edition] {
return fmt.Errorf("unknown Maxmind GeoIP2 edition name: '%s'", edition)
}
}
return nil
}
func fileExists(filePath string) bool {
info, err := os.Stat(filePath)
if os.IsNotExist(err) {

41
rootfs/etc/nginx/template/nginx.tmpl
View file

@ -159,6 +159,8 @@ http {
{{ if $cfg.UseGeoIP2 }}
# https://github.com/leev/ngx_http_geoip2_module#example-usage
{{ range $index, $file := $all.MaxmindEditionFiles }}
{{ if eq $file "GeoLite2-City.mmdb" }}
geoip2 /etc/nginx/geoip/GeoLite2-City.mmdb {
$geoip2_city_country_code source=$remote_addr country iso_code;
$geoip2_city_country_name source=$remote_addr country names en;
@ -171,13 +173,52 @@ http {
$geoip2_region_code source=$remote_addr subdivisions 0 iso_code;
$geoip2_region_name source=$remote_addr subdivisions 0 names en;
}
{{ end }}
{{ if eq $file "GeoIP2-City.mmdb" }}
geoip2 /etc/nginx/geoip/GeoIP2-City.mmdb {
$geoip2_city_country_code source=$remote_addr country iso_code;
$geoip2_city_country_name source=$remote_addr country names en;
$geoip2_city source=$remote_addr city names en;
$geoip2_postal_code source=$remote_addr postal code;
$geoip2_dma_code source=$remote_addr location metro_code;
$geoip2_latitude source=$remote_addr location latitude;
$geoip2_longitude source=$remote_addr location longitude;
$geoip2_time_zone source=$remote_addr location time_zone;
$geoip2_region_code source=$remote_addr subdivisions 0 iso_code;
$geoip2_region_name source=$remote_addr subdivisions 0 names en;
}
{{ end }}
{{ if eq $file "GeoLite2-ASN.mmdb" }}
geoip2 /etc/nginx/geoip/GeoLite2-ASN.mmdb {
$geoip2_asn source=$remote_addr autonomous_system_number;
$geoip2_org source=$remote_addr autonomous_system_organization;
}
{{ end }}
{{ if eq $file "GeoIP2-ASN.mmdb" }}
geoip2 /etc/nginx/geoip/GeoIP2-ASN.mmdb {
$geoip2_asn source=$remote_addr autonomous_system_number;
$geoip2_org source=$remote_addr autonomous_system_organization;
}
{{ end }}
{{ if eq $file "GeoIP2-ISP.mmdb" }}
geoip2 /etc/nginx/geoip/GeoIP2-ISP.mmdb {
$geoip2_isp isp;
$geoip2_isp_org organization;
}
{{ end }}
{{ if eq $file "GeoIP2-Connection-Type.mmdb" }}
geoip2 /etc/nginx/geoip/GeoIP2-Connection-Type.mmdb {
$geoip2_connection_type connection_type;
}
{{ end }}
{{ end }}
{{ end }}
aio threads;
aio_write on;