DevFW-CICD/ingress-nginx-helm
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Enabled the dynamic reload of GeoIP data (#2107)

Browse source 
* Moved geoip data into its own folder so it can be volume mounted

* Added FS watches for the geoip data

* Fixed single quotes issue (interpolation)

* Fixed gofmt errors

* Updated to directory crawl
This commit is contained in:
Karl Stoney 2018-02-17 20:24:50 +00:00 committed by Manuel Alejandro de Brito Fontes
parent ce8ba06208
commit d1b6f32981
3 changed files with 46 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
images/nginx/build.sh
View file

@ -95,14 +95,16 @@ if [[ ${ARCH} == "s390x" ]]; then
git config --global pack.threads "1" git config --global pack.threads "1"
fi fi
# download GeoIP databases # Get the GeoIP data
wget -O /etc/nginx/GeoIP.dat.gz https://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz || { echo 'Could not download GeoLiteCountry, exiting.' ; exit 1; } GEOIP_FOLDER=/etc/nginx/geoip
wget -O /etc/nginx/GeoLiteCity.dat.gz https://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz || { echo 'Could not download GeoLiteCity, exiting.' ; exit 1; } mkdir -p $GEOIP_FOLDER
wget -O /etc/nginx/GeoIPASNum.dat.gz http://download.maxmind.com/download/geoip/database/asnum/GeoIPASNum.dat.gz || { echo 'Could not download GeoLiteOrg, exiting.' ; exit 1; } function geoip_get {
wget -O $GEOIP_FOLDER/$1 $2 || { echo "Could not download $1, exiting." ; exit 1; }
gunzip /etc/nginx/GeoIP.dat.gz gunzip $GEOIP_FOLDER/$1
gunzip /etc/nginx/GeoLiteCity.dat.gz }
gunzip /etc/nginx/GeoIPASNum.dat.gz geoip_get "GeoIP.dat.gz" "https://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz"
geoip_get "GeoLiteCity.dat.gz" "https://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz"
geoip_get "GeoIPASNum.dat.gz" "http://download.maxmind.com/download/geoip/database/asnum/GeoIPASNum.dat.gz"
mkdir --verbose -p "$BUILD_PATH" mkdir --verbose -p "$BUILD_PATH"
cd "$BUILD_PATH" cd "$BUILD_PATH"

38
internal/ingress/controller/nginx.go
View file

@ -56,6 +56,7 @@ import (
"k8s.io/ingress-nginx/internal/net/ssl" "k8s.io/ingress-nginx/internal/net/ssl"
"k8s.io/ingress-nginx/internal/task" "k8s.io/ingress-nginx/internal/task"
"k8s.io/ingress-nginx/internal/watch" "k8s.io/ingress-nginx/internal/watch"
"path/filepath"
) )
type statusModule string type statusModule string
@ -69,6 +70,7 @@ const (
var ( var (
tmplPath = "/etc/nginx/template/nginx.tmpl" tmplPath = "/etc/nginx/template/nginx.tmpl"
geoipPath = "/etc/nginx/geoip"
cfgPath = "/etc/nginx/nginx.conf" cfgPath = "/etc/nginx/nginx.conf"
nginxBinary = "/usr/sbin/nginx" nginxBinary = "/usr/sbin/nginx"
) )
@ -152,8 +154,8 @@ func NewNGINXController(config *Configuration, fs file.Filesystem) *NGINXControl
glog.Warning("Update of ingress status is disabled (flag --update-status=false was specified)") glog.Warning("Update of ingress status is disabled (flag --update-status=false was specified)")
} }
var onChange func() var onTemplateChange func()
onChange = func() { onTemplateChange = func() {
template, err := ngx_template.NewTemplate(tmplPath, fs) template, err := ngx_template.NewTemplate(tmplPath, fs)
if err != nil { if err != nil {
// this error is different from the rest because it must be clear why nginx is not working // this error is different from the rest because it must be clear why nginx is not working
@ -179,12 +181,38 @@ Error loading new template : %v
// TODO: refactor // TODO: refactor
if _, ok := fs.(filesystem.DefaultFs); !ok { if _, ok := fs.(filesystem.DefaultFs); !ok {
watch.NewDummyFileWatcher(tmplPath, onChange) watch.NewDummyFileWatcher(tmplPath, onTemplateChange)
} else { } else {
_, err = watch.NewFileWatcher(tmplPath, onChange)
_, err = watch.NewFileWatcher(tmplPath, onTemplateChange)
if err != nil { if err != nil {
glog.Fatalf("unexpected error watching template %v: %v", tmplPath, err) glog.Fatalf("unexpected error creating file watcher: %v", err)
} }
filesToWatch := []string{}
err := filepath.Walk("/etc/nginx/geoip/", func(path string, info os.FileInfo, err error) error {
if info.IsDir() {
return nil
}
filesToWatch = append(filesToWatch, path)
return nil
})
if err != nil {
glog.Fatalf("unexpected error creating file watcher: %v", err)
}
for _, f := range filesToWatch {
_, err = watch.NewFileWatcher(f, func() {
glog.Info("file %v changed. Reloading NGINX", f)
n.SetForceReload(true)
})
if err != nil {
glog.Fatalf("unexpected error creating file watcher: %v", err)
}
}
} }
return n return n

6
rootfs/etc/nginx/template/nginx.tmpl
View file

@ -47,9 +47,9 @@ http {
{{/* databases used to determine the country depending on the client IP address */}} {{/* databases used to determine the country depending on the client IP address */}}
{{/* http://nginx.org/en/docs/http/ngx_http_geoip_module.html */}} {{/* http://nginx.org/en/docs/http/ngx_http_geoip_module.html */}}
{{/* this is require to calculate traffic for individual country using GeoIP in the status page */}} {{/* this is require to calculate traffic for individual country using GeoIP in the status page */}}
geoip_country /etc/nginx/GeoIP.dat; geoip_country /etc/nginx/geoip/GeoIP.dat;
geoip_city /etc/nginx/GeoLiteCity.dat; geoip_city /etc/nginx/geoip/GeoLiteCity.dat;
geoip_org /etc/nginx/GeoIPASNum.dat; geoip_org /etc/nginx/geoip/GeoIPASNum.dat;
geoip_proxy_recursive on; geoip_proxy_recursive on;
{{ if $cfg.EnableVtsStatus }} {{ if $cfg.EnableVtsStatus }}