DevFW-CICD/ingress-nginx-helm
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #1248 from aledbf/pprof

Browse source 
Improve nginx controller performance
This commit is contained in:
Manuel Alejandro de Brito Fontes 2017-08-26 08:56:06 -04:00 committed by GitHub
commit 9e7c542519
2 changed files with 27 additions and 31 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
controllers/nginx/pkg/cmd/controller/nginx.go
View file

@ -164,6 +164,8 @@ type NGINXController struct {
proxy *proxy proxy *proxy
ports *config.ListenPorts ports *config.ListenPorts
backendDefaults defaults.Backend
} }
// Start start a new NGINX master process running in foreground. // Start start a new NGINX master process running in foreground.
@ -223,12 +225,7 @@ func (n *NGINXController) start(cmd *exec.Cmd, done chan error) {
// BackendDefaults returns the nginx defaults // BackendDefaults returns the nginx defaults
func (n NGINXController) BackendDefaults() defaults.Backend { func (n NGINXController) BackendDefaults() defaults.Backend {
if n.configmap == nil { return n.backendDefaults
d := config.NewDefault()
return d.Backend
}
return ngx_template.ReadConfig(n.configmap.Data).Backend
} }
// printDiff returns the difference between the running configuration // printDiff returns the difference between the running configuration
@ -423,6 +420,7 @@ func (n *NGINXController) SetConfig(cmap *api_v1.ConfigMap) {
n.isProxyProtocolEnabled = false n.isProxyProtocolEnabled = false
if cmap == nil { if cmap == nil {
n.backendDefaults = config.NewDefault().Backend
return return
} }
@ -434,6 +432,8 @@ func (n *NGINXController) SetConfig(cmap *api_v1.ConfigMap) {
return return
} }
} }
n.backendDefaults = ngx_template.ReadConfig(n.configmap.Data).Backend
} }
// SetListers sets the configured store listers in the generic ingress controller // SetListers sets the configured store listers in the generic ingress controller

46
core/pkg/ingress/controller/controller.go
View file

@ -19,7 +19,6 @@ package controller
import ( import (
"fmt" "fmt"
"math/rand" "math/rand"
"os"
"reflect" "reflect"
"sort" "sort"
"strconv" "strconv"
@ -42,7 +41,6 @@ import (
"k8s.io/client-go/tools/cache" "k8s.io/client-go/tools/cache"
"k8s.io/client-go/tools/record" "k8s.io/client-go/tools/record"
"k8s.io/client-go/util/flowcontrol" "k8s.io/client-go/util/flowcontrol"
"k8s.io/ingress/core/pkg/file"
"k8s.io/ingress/core/pkg/ingress" "k8s.io/ingress/core/pkg/ingress"
"k8s.io/ingress/core/pkg/ingress/annotations/class" "k8s.io/ingress/core/pkg/ingress/annotations/class"
"k8s.io/ingress/core/pkg/ingress/annotations/healthcheck" "k8s.io/ingress/core/pkg/ingress/annotations/healthcheck"
@ -62,12 +60,17 @@ const (
defUpstreamName = "upstream-default-backend" defUpstreamName = "upstream-default-backend"
defServerName = "_" defServerName = "_"
rootLocation = "/" rootLocation = "/"
fakeCertificate = "default-fake-certificate"
) )
var ( var (
// list of ports that cannot be used by TCP or UDP services // list of ports that cannot be used by TCP or UDP services
reservedPorts = []string{"80", "443", "8181", "18080"} reservedPorts = []string{"80", "443", "8181", "18080"}
fakeCertificatePath = ""
fakeCertificateSHA = ""
cloner = conversion.NewCloner() cloner = conversion.NewCloner()
) )
@ -1051,32 +1054,12 @@ func (ic *GenericController) createServers(data []interface{},
NextUpstream: bdef.ProxyNextUpstream, NextUpstream: bdef.ProxyNextUpstream,
} }
// This adds the Default Certificate to Default Backend (or generates a new self signed one) defaultPemFileName := fakeCertificatePath
var defaultPemFileName, defaultPemSHA string defaultPemSHA := fakeCertificateSHA
// Tries to fetch the default Certificate. If it does not exists, generate a new self signed one. // Tries to fetch the default Certificate. If it does not exists, generate a new self signed one.
defaultCertificate, err := ic.getPemCertificate(ic.cfg.DefaultSSLCertificate) defaultCertificate, err := ic.getPemCertificate(ic.cfg.DefaultSSLCertificate)
if err != nil { if err == nil {
// This means the Default Secret does not exists, so we will create a new one.
fakeCertificate := "default-fake-certificate"
fakeCertificatePath := fmt.Sprintf("%v/%v.pem", ingress.DefaultSSLDirectory, fakeCertificate)
// Only generates a new certificate if it doesn't exists physically
_, err = os.Stat(fakeCertificatePath)
if err != nil {
glog.V(3).Infof("No Default SSL Certificate found. Generating a new one")
defCert, defKey := ssl.GetFakeSSLCert()
defaultCertificate, err = ssl.AddOrUpdateCertAndKey(fakeCertificate, defCert, defKey, []byte{})
if err != nil {
glog.Fatalf("Error generating self signed certificate: %v", err)
}
defaultPemFileName = defaultCertificate.PemFileName
defaultPemSHA = defaultCertificate.PemSHA
} else {
defaultPemFileName = fakeCertificatePath
defaultPemSHA = file.SHA1(fakeCertificatePath)
}
} else {
defaultPemFileName = defaultCertificate.PemFileName defaultPemFileName = defaultCertificate.PemFileName
defaultPemSHA = defaultCertificate.PemSHA defaultPemSHA = defaultCertificate.PemSHA
} }
@ -1362,6 +1345,8 @@ func (ic GenericController) Start() {
} }
} }
createDefaultSSLCertificate()
go ic.syncQueue.Run(time.Second, ic.stopCh) go ic.syncQueue.Run(time.Second, ic.stopCh)
if ic.syncStatus != nil { if ic.syncStatus != nil {
@ -1370,3 +1355,14 @@ func (ic GenericController) Start() {
<-ic.stopCh <-ic.stopCh
} }
func createDefaultSSLCertificate() {
defCert, defKey := ssl.GetFakeSSLCert()
c, err := ssl.AddOrUpdateCertAndKey(fakeCertificate, defCert, defKey, []byte{})
if err != nil {
glog.Fatalf("Error generating self signed certificate: %v", err)
}
fakeCertificateSHA = c.PemSHA
fakeCertificatePath = c.PemFileName
}