Add Backends.SSLPassthrough attribute
This commit is contained in:
Joao Morais
parent
02cd3ce885
commit
b59d49a4a7
2 changed files with 37 additions and 0 deletions
|
|
@ -414,6 +414,7 @@ func (ic *GenericController) sync(key interface{}) error {
|
|||
|
||||
for _, loc := range server.Locations {
|
||||
if loc.Path != rootLocation {
|
||||
glog.Warningf("ignoring path %v of ssl passthrough host %v", loc.Path, server.Hostname)
|
||||
continue
|
||||
}
|
||||
passUpstreams = append(passUpstreams, &ingress.SSLPassthroughBackend{
|
||||
|
|
@ -683,6 +684,40 @@ func (ic *GenericController) getBackendServers() ([]*ingress.Backend, []*ingress
|
|||
}
|
||||
}
|
||||
|
||||
// Configure Backends[].SSLPassthrough
|
||||
for _, upstream := range upstreams {
|
||||
isHTTP := false
|
||||
isHTTPSfrom := []*ingress.Server{}
|
||||
for _, server := range servers {
|
||||
for _, location := range server.Locations {
|
||||
if upstream.Name == location.Backend {
|
||||
if server.SSLPassthrough {
|
||||
if location.Path == rootLocation {
|
||||
if location.Backend == defUpstreamName {
|
||||
glog.Warningf("ignoring ssl passthrough of %v as it doesn't have a default backend (root context)", server.Hostname)
|
||||
} else {
|
||||
isHTTPSfrom = append(isHTTPSfrom, server)
|
||||
}
|
||||
}
|
||||
} else {
|
||||
isHTTP = true
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
if len(isHTTPSfrom) > 0 {
|
||||
if isHTTP {
|
||||
for _, server := range isHTTPSfrom {
|
||||
glog.Warningf("backend type mismatch on %v, assuming HTTP on ssl passthrough host %v", upstream.Name, server.Hostname)
|
||||
// removing this server from the PassthroughBackends slice
|
||||
server.SSLPassthrough = false
|
||||
}
|
||||
} else {
|
||||
upstream.SSLPassthrough = true
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// TODO: find a way to make this more readable
|
||||
// The structs must be ordered to always generate the same file
|
||||
// if the content does not change.
|
||||
|
|
|
|||
|
|
@ -155,6 +155,8 @@ type Backend struct {
|
|||
// The certificate used in the endpoint cannot be a self signed certificate
|
||||
// TODO: add annotation to allow the load of ca certificate
|
||||
Secure bool `json:"secure"`
|
||||
// SSLPassthrough indicates that Ingress controller will delegate TLS termination to the endpoints.
|
||||
SSLPassthrough bool `json:"sslPassthrough"`
|
||||
// Endpoints contains the list of endpoints currently running
|
||||
Endpoints []Endpoint `json:"endpoints"`
|
||||
// StickySession contains the StickyConfig object with stickness configuration
|
||||
|
|
|
|||
Loading…
Reference in a new issue