From c8f7cb052af9f6ddbcb3e92c677d88af13204889 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?L=C3=A1z=C3=A1r=20Gy=C3=B6rgy?=
 <55853197+lgyurci@users.noreply.github.com>
Date: Fri, 7 Jul 2023 01:39:04 +0200
Subject: [PATCH 1/3] Exposed continent data as  variable in the case of
 Maxmind city files (#10157)

---
 rootfs/etc/nginx/template/nginx.tmpl | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/rootfs/etc/nginx/template/nginx.tmpl b/rootfs/etc/nginx/template/nginx.tmpl
index 6ace87448..189c13d6c 100644
--- a/rootfs/etc/nginx/template/nginx.tmpl
+++ b/rootfs/etc/nginx/template/nginx.tmpl
@@ -224,6 +224,8 @@ http {
         $geoip2_subregion_code source=$remote_addr subdivisions 1 iso_code;
         $geoip2_subregion_name source=$remote_addr subdivisions 1 names en;
         $geoip2_subregion_geoname_id source=$remote_addr subdivisions 1 geoname_id;
+        $geoip2_city_continent_code source=$remote_addr continent code;
+        $geoip2_city_continent_name source=$remote_addr continent names en;
     }
     {{ end }}
 
@@ -245,6 +247,8 @@ http {
         $geoip2_subregion_code source=$remote_addr subdivisions 1 iso_code;
         $geoip2_subregion_name source=$remote_addr subdivisions 1 names en;
         $geoip2_subregion_geoname_id source=$remote_addr subdivisions 1 geoname_id;
+        $geoip2_city_continent_code source=$remote_addr continent code;
+        $geoip2_city_continent_name source=$remote_addr continent names en;
     }
     {{ end }}
 

From 125b3be6f9960f86174fbcb842912e87d5f530bd Mon Sep 17 00:00:00 2001
From: Alex Matchneer <machty@gmail.com>
Date: Thu, 6 Jul 2023 19:47:04 -0400
Subject: [PATCH 2/3] Clarify TCP/UDP service docs (#10146)

In the current state, the docs on TCP/UDP aren't really clear on exactly whether/how TCP/UDP traffic is supported. This is an attempt to clarify the limitations inherent to k8s Ingress resources vs what can be accomplished with this controller.
---
 docs/user-guide/exposing-tcp-udp-services.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/docs/user-guide/exposing-tcp-udp-services.md b/docs/user-guide/exposing-tcp-udp-services.md
index 63293f0e5..089511ff9 100644
--- a/docs/user-guide/exposing-tcp-udp-services.md
+++ b/docs/user-guide/exposing-tcp-udp-services.md
@@ -1,6 +1,8 @@
 # Exposing TCP and UDP services
 
-Ingress does not support TCP or UDP services. For this reason this Ingress controller uses the flags `--tcp-services-configmap` and `--udp-services-configmap` to point to an existing config map where the key is the external port to use and the value indicates the service to expose using the format:
+While the Kubernetes Ingress resource only officially supports routing external HTTP(s) traffic to services, ingress-nginx can be configured to receive external TCP/UDP traffic from non-HTTP protocols and route them to internal services using TCP/UDP port mappings that are specified within a ConfigMap.
+
+To support this, the `--tcp-services-configmap` and `--udp-services-configmap` flags can be used to point to an existing config map where the key is the external port to use and the value indicates the service to expose using the format:
 `<namespace/service name>:<service port>:[PROXY]:[PROXY]`
 
 It is also possible to use a number or the name of the port. The two last fields are optional.

From 6d55e1f3c42925db5e99f61457695778a681c8be Mon Sep 17 00:00:00 2001
From: David Goffredo <david.goffredo@datadoghq.com>
Date: Thu, 6 Jul 2023 19:51:04 -0400
Subject: [PATCH 3/3] revise Datadog trace sampling configuration (#10151)

* datadog: sample_rate omitted by default

* config: use *float32 with nil instead of float32 with sentinel value

* change some names

* gofmt -s -w internal/ingress/controller/nginx.go
---
 internal/ingress/controller/config/config.go | 14 +---
 internal/ingress/controller/nginx.go         | 80 ++++++++++++--------
 2 files changed, 52 insertions(+), 42 deletions(-)

diff --git a/internal/ingress/controller/config/config.go b/internal/ingress/controller/config/config.go
index 000bfc730..345ce89b4 100644
--- a/internal/ingress/controller/config/config.go
+++ b/internal/ingress/controller/config/config.go
@@ -706,16 +706,9 @@ type Configuration struct {
 	// Default: nginx.handle
 	DatadogOperationNameOverride string `json:"datadog-operation-name-override"`
 
-	// DatadogPrioritySampling specifies to use client-side sampling
-	// If true disables client-side sampling (thus ignoring sample_rate) and enables distributed
-	// priority sampling, where traces are sampled based on a combination of user-assigned
-	// Default: true
-	DatadogPrioritySampling bool `json:"datadog-priority-sampling"`
-
 	// DatadogSampleRate specifies sample rate for any traces created.
-	// This is effective only when datadog-priority-sampling is false
-	// Default: 1.0
-	DatadogSampleRate float32 `json:"datadog-sample-rate"`
+	// Default: use a dynamic rate instead
+	DatadogSampleRate *float32 `json:"datadog-sample-rate",omitempty`
 
 	// MainSnippet adds custom configuration to the main section of the nginx configuration
 	MainSnippet string `json:"main-snippet"`
@@ -1001,8 +994,7 @@ func NewDefault() Configuration {
 		DatadogEnvironment:                     "prod",
 		DatadogCollectorPort:                   8126,
 		DatadogOperationNameOverride:           "nginx.handle",
-		DatadogSampleRate:                      1.0,
-		DatadogPrioritySampling:                true,
+		DatadogSampleRate:                      nil,
 		LimitReqStatusCode:                     503,
 		LimitConnStatusCode:                    503,
 		SyslogPort:                             514,
diff --git a/internal/ingress/controller/nginx.go b/internal/ingress/controller/nginx.go
index 4a5a07625..6c25aa34f 100644
--- a/internal/ingress/controller/nginx.go
+++ b/internal/ingress/controller/nginx.go
@@ -1011,16 +1011,6 @@ const jaegerTmpl = `{
   }
 }`
 
-const datadogTmpl = `{
-  "service": "{{ .DatadogServiceName }}",
-  "agent_host": "{{ .DatadogCollectorHost }}",
-  "agent_port": {{ .DatadogCollectorPort }},
-  "environment": "{{ .DatadogEnvironment }}",
-  "operation_name_override": "{{ .DatadogOperationNameOverride }}",
-  "sample_rate": {{ .DatadogSampleRate }},
-  "dd.priority.sampling": {{ .DatadogPrioritySampling }}
-}`
-
 const otelTmpl = `
 exporter = "otlp"
 processor = "batch"
@@ -1044,37 +1034,65 @@ ratio = {{ .OtelSamplerRatio }}
 parent_based = {{ .OtelSamplerParentBased }}
 `
 
-func createOpentracingCfg(cfg ngx_config.Configuration) error {
-	var tmpl *template.Template
-	var err error
+func datadogOpentracingCfg(cfg ngx_config.Configuration) (string, error) {
+	m := map[string]interface{}{
+		"service":                 cfg.DatadogServiceName,
+		"agent_host":              cfg.DatadogCollectorHost,
+		"agent_port":              cfg.DatadogCollectorPort,
+		"environment":             cfg.DatadogEnvironment,
+		"operation_name_override": cfg.DatadogOperationNameOverride,
+	}
 
-	if cfg.ZipkinCollectorHost != "" {
-		tmpl, err = template.New("zipkin").Parse(zipkinTmpl)
-		if err != nil {
-			return err
-		}
-	} else if cfg.JaegerCollectorHost != "" || cfg.JaegerEndpoint != "" {
-		tmpl, err = template.New("jaeger").Parse(jaegerTmpl)
-		if err != nil {
-			return err
-		}
-	} else if cfg.DatadogCollectorHost != "" {
-		tmpl, err = template.New("datadog").Parse(datadogTmpl)
-		if err != nil {
-			return err
-		}
-	} else {
-		tmpl, _ = template.New("empty").Parse("{}")
+	// Omit "sample_rate" if the configuration's sample rate is unset (nil).
+	// Omitting "sample_rate" from the plugin JSON indicates to the tracer that
+	// it should use dynamic rates instead of a configured rate.
+	if cfg.DatadogSampleRate != nil {
+		m["sample_rate"] = *cfg.DatadogSampleRate
+	}
+
+	buf, err := json.Marshal(m)
+	if err != nil {
+		return "", err
+	}
+
+	return string(buf), nil
+}
+
+func opentracingCfgFromTemplate(cfg ngx_config.Configuration, tmplName string, tmplText string) (string, error) {
+	tmpl, err := template.New(tmplName).Parse(tmplText)
+	if err != nil {
+		return "", err
 	}
 
 	tmplBuf := bytes.NewBuffer(make([]byte, 0))
 	err = tmpl.Execute(tmplBuf, cfg)
+	if err != nil {
+		return "", err
+	}
+
+	return tmplBuf.String(), nil
+}
+
+func createOpentracingCfg(cfg ngx_config.Configuration) error {
+	var configData string
+	var err error
+
+	if cfg.ZipkinCollectorHost != "" {
+		configData, err = opentracingCfgFromTemplate(cfg, "zipkin", zipkinTmpl)
+	} else if cfg.JaegerCollectorHost != "" || cfg.JaegerEndpoint != "" {
+		configData, err = opentracingCfgFromTemplate(cfg, "jaeger", jaegerTmpl)
+	} else if cfg.DatadogCollectorHost != "" {
+		configData, err = datadogOpentracingCfg(cfg)
+	} else {
+		configData = "{}"
+	}
+
 	if err != nil {
 		return err
 	}
 
 	// Expand possible environment variables before writing the configuration to file.
-	expanded := os.ExpandEnv(tmplBuf.String())
+	expanded := os.ExpandEnv(configData)
 
 	return os.WriteFile("/etc/nginx/opentracing.json", []byte(expanded), file.ReadWriteByUser)
 }