Add Backends.SSLPassthrough attribute
This commit is contained in:
Joao Morais
parent
02cd3ce885
commit
b59d49a4a7
2 changed files with 37 additions and 0 deletions
|
|
@ -414,6 +414,7 @@ func (ic *GenericController) sync(key interface{}) error {
|
||||||
|
|
||||||
for _, loc := range server.Locations {
|
for _, loc := range server.Locations {
|
||||||
if loc.Path != rootLocation {
|
if loc.Path != rootLocation {
|
||||||
|
glog.Warningf("ignoring path %v of ssl passthrough host %v", loc.Path, server.Hostname)
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
passUpstreams = append(passUpstreams, &ingress.SSLPassthroughBackend{
|
passUpstreams = append(passUpstreams, &ingress.SSLPassthroughBackend{
|
||||||
|
|
@ -683,6 +684,40 @@ func (ic *GenericController) getBackendServers() ([]*ingress.Backend, []*ingress
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Configure Backends[].SSLPassthrough
|
||||||
|
for _, upstream := range upstreams {
|
||||||
|
isHTTP := false
|
||||||
|
isHTTPSfrom := []*ingress.Server{}
|
||||||
|
for _, server := range servers {
|
||||||
|
for _, location := range server.Locations {
|
||||||
|
if upstream.Name == location.Backend {
|
||||||
|
if server.SSLPassthrough {
|
||||||
|
if location.Path == rootLocation {
|
||||||
|
if location.Backend == defUpstreamName {
|
||||||
|
glog.Warningf("ignoring ssl passthrough of %v as it doesn't have a default backend (root context)", server.Hostname)
|
||||||
|
} else {
|
||||||
|
isHTTPSfrom = append(isHTTPSfrom, server)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
isHTTP = true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if len(isHTTPSfrom) > 0 {
|
||||||
|
if isHTTP {
|
||||||
|
for _, server := range isHTTPSfrom {
|
||||||
|
glog.Warningf("backend type mismatch on %v, assuming HTTP on ssl passthrough host %v", upstream.Name, server.Hostname)
|
||||||
|
// removing this server from the PassthroughBackends slice
|
||||||
|
server.SSLPassthrough = false
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
upstream.SSLPassthrough = true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// TODO: find a way to make this more readable
|
// TODO: find a way to make this more readable
|
||||||
// The structs must be ordered to always generate the same file
|
// The structs must be ordered to always generate the same file
|
||||||
// if the content does not change.
|
// if the content does not change.
|
||||||
|
|
|
||||||
|
|
@ -155,6 +155,8 @@ type Backend struct {
|
||||||
// The certificate used in the endpoint cannot be a self signed certificate
|
// The certificate used in the endpoint cannot be a self signed certificate
|
||||||
// TODO: add annotation to allow the load of ca certificate
|
// TODO: add annotation to allow the load of ca certificate
|
||||||
Secure bool `json:"secure"`
|
Secure bool `json:"secure"`
|
||||||
|
// SSLPassthrough indicates that Ingress controller will delegate TLS termination to the endpoints.
|
||||||
|
SSLPassthrough bool `json:"sslPassthrough"`
|
||||||
// Endpoints contains the list of endpoints currently running
|
// Endpoints contains the list of endpoints currently running
|
||||||
Endpoints []Endpoint `json:"endpoints"`
|
Endpoints []Endpoint `json:"endpoints"`
|
||||||
// StickySession contains the StickyConfig object with stickness configuration
|
// StickySession contains the StickyConfig object with stickness configuration
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue