DevFW-CICD/ingress-nginx-helm
12
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

keep zones unique per ingress resource

Browse source
This commit is contained in:
Seth Pollack 2017-08-22 14:53:53 -04:00
parent ed3803cf58
commit a3594f6c4c
2 changed files with 11 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
controllers/nginx/pkg/template/template.go
View file

@ -133,6 +133,7 @@ var (
"buildAuthResponseHeaders": buildAuthResponseHeaders, "buildAuthResponseHeaders": buildAuthResponseHeaders,
"buildProxyPass": buildProxyPass, "buildProxyPass": buildProxyPass,
"buildWhitelistVariable": buildWhitelistVariable, "buildWhitelistVariable": buildWhitelistVariable,
"whitelistExists": whitelistExists,
"buildRateLimitZones": buildRateLimitZones, "buildRateLimitZones": buildRateLimitZones,
"buildRateLimit": buildRateLimit, "buildRateLimit": buildRateLimit,
"buildResolvers": buildResolvers, "buildResolvers": buildResolvers,
@ -340,6 +341,11 @@ var (
whitelistVarMap = map[string]string{} whitelistVarMap = map[string]string{}
) )
func whitelistExists(s string) bool {
_, ok := whitelistVarMap[s]
return ok
}
func buildWhitelistVariable(s string) string { func buildWhitelistVariable(s string) string {
if _, ok := whitelistVarMap[s]; !ok { if _, ok := whitelistVarMap[s]; !ok {
whitelistVarMap[s] = buildRandomUUID() whitelistVarMap[s] = buildRandomUUID()
@ -360,8 +366,7 @@ func buildRateLimitZones(input interface{}) []string {
for _, server := range servers { for _, server := range servers {
for _, loc := range server.Locations { for _, loc := range server.Locations {
lrn := fmt.Sprintf("%v_%v", server.Hostname, loc.RateLimit.Name) whitelistVar := buildWhitelistVariable(loc.RateLimit.Name)
whitelistVar := buildWhitelistVariable(lrn)
if loc.RateLimit.Connections.Limit > 0 { if loc.RateLimit.Connections.Limit > 0 {
zone := fmt.Sprintf("limit_conn_zone $limit_%s zone=%v:%vm;", zone := fmt.Sprintf("limit_conn_zone $limit_%s zone=%v:%vm;",

7
controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl
View file

@ -292,22 +292,23 @@ http {
{{ end }} {{ end }}
{{ if ne $location.RateLimit.Name "" }} {{ if ne $location.RateLimit.Name "" }}
{{ if ne (whitelistExists $location.RateLimit.Name) true }}
# Ratelimit {{ $location.RateLimit.Name }} # Ratelimit {{ $location.RateLimit.Name }}
{{ $rln := (print $server.Hostname "_" $location.RateLimit.Name) }} geo $whitelist_{{ buildWhitelistVariable $location.RateLimit.Name }} {
geo $whitelist_{{ buildWhitelistVariable $rln }} {
default 0; default 0;
{{ range $ip := $location.RateLimit.Whitelist }} {{ range $ip := $location.RateLimit.Whitelist }}
{{ $ip }} 1;{{ end }} {{ $ip }} 1;{{ end }}
} }
# Ratelimit {{ $location.RateLimit.Name }} # Ratelimit {{ $location.RateLimit.Name }}
map $whitelist_{{ buildWhitelistVariable $rln }} $limit_{{ buildWhitelistVariable $rln }} { map $whitelist_{{ buildWhitelistVariable $location.RateLimit.Name }} $limit_{{ buildWhitelistVariable $location.RateLimit.Name }} {
0 {{ $cfg.LimitConnZoneVariable }}; 0 {{ $cfg.LimitConnZoneVariable }};
1 ""; 1 "";
} }
{{ end }} {{ end }}
{{ end }} {{ end }}
{{ end }} {{ end }}
{{ end }}
{{/* build all the required rate limit zones. Each annotation requires a dedicated zone */}} {{/* build all the required rate limit zones. Each annotation requires a dedicated zone */}}
{{/* 1MB -> 16 thousand 64-byte states or about 8 thousand 128-byte states */}} {{/* 1MB -> 16 thousand 64-byte states or about 8 thousand 128-byte states */}}