DevFW-CICD/ingress-nginx-helm
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix ports collision when hostNetwork=true (#4617)

Browse source
This commit is contained in:
Manuel Alejandro de Brito Fontes 2019-09-28 17:30:57 -03:00 committed by GitHub
parent 9ecec0de63
commit d5d2b4037c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 40 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
cmd/nginx/flags.go
View file

@ -149,9 +149,9 @@ Requires the update-status parameter.`)
metricsPerHost = flags.Bool("metrics-per-host", true, metricsPerHost = flags.Bool("metrics-per-host", true,
`Export metrics per-host`) `Export metrics per-host`)
httpPort = flags.Int("http-port", 80, `Port to use for servicing HTTP traffic.`) httpPort = flags.Int("http-port", 80, `Port to use for servicing HTTP traffic.`)
httpsPort = flags.Int("https-port", 443, `Port to use for servicing HTTPS traffic.`) httpsPort = flags.Int("https-port", 443, `Port to use for servicing HTTPS traffic.`)
_ = flags.Int("status-port", 18080, `Port to use for exposing NGINX status pages.`)
sslProxyPort = flags.Int("ssl-passthrough-proxy-port", 442, `Port to use internally for SSL Passthrough.`) sslProxyPort = flags.Int("ssl-passthrough-proxy-port", 442, `Port to use internally for SSL Passthrough.`)
defServerPort = flags.Int("default-server-port", 8181, `Port to use for exposing the default server (catch-all).`) defServerPort = flags.Int("default-server-port", 8181, `Port to use for exposing the default server (catch-all).`)
healthzPort = flags.Int("healthz-port", 10254, "Port to use for the healthz endpoint.") healthzPort = flags.Int("healthz-port", 10254, "Port to use for the healthz endpoint.")
@ -166,9 +166,13 @@ Takes the form "<host>:port". If not provided, no admission controller is starte
`The path of the validating webhook certificate PEM.`) `The path of the validating webhook certificate PEM.`)
validationWebhookKey = flags.String("validating-webhook-key", "", validationWebhookKey = flags.String("validating-webhook-key", "",
`The path of the validating webhook key PEM.`) `The path of the validating webhook key PEM.`)
statusPort = flags.Int("status-port", 10246, `Port to use for the lua HTTP endpoint configuration.`)
streamPort = flags.Int("stream-port", 10247, "Port to use for the lua TCP/UDP endpoint configuration.")
profilerPort = flags.Int("profiler-port", 10245, "Port to use for expose the ingress controller Go profiler when it is enabled.")
) )
flags.MarkDeprecated("status-port", `The status port is a unix socket now.`)
flags.MarkDeprecated("force-namespace-isolation", `This flag doesn't do anything.`) flags.MarkDeprecated("force-namespace-isolation", `This flag doesn't do anything.`)
flags.MarkDeprecated("enable-dynamic-certificates", `Only dynamic mode is supported`) flags.MarkDeprecated("enable-dynamic-certificates", `Only dynamic mode is supported`)
@ -215,6 +219,22 @@ Takes the form "<host>:port". If not provided, no admission controller is starte
return false, nil, fmt.Errorf("port %v is already in use. Please check the flag --default-server-port", *defServerPort) return false, nil, fmt.Errorf("port %v is already in use. Please check the flag --default-server-port", *defServerPort)
} }
if !ing_net.IsPortAvailable(*statusPort) {
return false, nil, fmt.Errorf("port %v is already in use. Please check the flag --status-port", *statusPort)
}
if !ing_net.IsPortAvailable(*streamPort) {
return false, nil, fmt.Errorf("port %v is already in use. Please check the flag --stream-port", *streamPort)
}
if !ing_net.IsPortAvailable(*profilerPort) {
return false, nil, fmt.Errorf("port %v is already in use. Please check the flag --profiler-port", *profilerPort)
}
nginx.StatusPort = *statusPort
nginx.StreamPort = *streamPort
nginx.ProfilerPort = *profilerPort
if *enableSSLPassthrough && !ing_net.IsPortAvailable(*sslProxyPort) { if *enableSSLPassthrough && !ing_net.IsPortAvailable(*sslProxyPort) {
return false, nil, fmt.Errorf("port %v is already in use. Please check the flag --ssl-passthrough-proxy-port", *sslProxyPort) return false, nil, fmt.Errorf("port %v is already in use. Please check the flag --ssl-passthrough-proxy-port", *sslProxyPort)
} }

3
cmd/nginx/main.go
View file

@ -44,6 +44,7 @@ import (
"k8s.io/ingress-nginx/internal/ingress/metric" "k8s.io/ingress-nginx/internal/ingress/metric"
"k8s.io/ingress-nginx/internal/k8s" "k8s.io/ingress-nginx/internal/k8s"
"k8s.io/ingress-nginx/internal/net/ssl" "k8s.io/ingress-nginx/internal/net/ssl"
"k8s.io/ingress-nginx/internal/nginx"
"k8s.io/ingress-nginx/version" "k8s.io/ingress-nginx/version"
) )
@ -280,7 +281,7 @@ func registerProfiler() {
mux.HandleFunc("/debug/pprof/trace", pprof.Trace) mux.HandleFunc("/debug/pprof/trace", pprof.Trace)
server := &http.Server{ server := &http.Server{
Addr: fmt.Sprintf(":10255"), Addr: fmt.Sprintf("127.0.0.1:%v", nginx.ProfilerPort),
Handler: mux, Handler: mux,
} }
klog.Fatal(server.ListenAndServe()) klog.Fatal(server.ListenAndServe())

2
docs/user-guide/cli-arguments.md
View file

@ -23,6 +23,8 @@ They are set in the container spec of the `nginx-ingress-controller` Deployment
| `--healthz-port int` | Port to use for the healthz endpoint. (default 10254) | | `--healthz-port int` | Port to use for the healthz endpoint. (default 10254) |
| `--http-port int` | Port to use for servicing HTTP traffic. (default 80) | | `--http-port int` | Port to use for servicing HTTP traffic. (default 80) |
| `--https-port int` | Port to use for servicing HTTPS traffic. (default 443) | | `--https-port int` | Port to use for servicing HTTPS traffic. (default 443) |
| `--status-port int` | Port to use for the lua HTTP endpoint configuration. (default 10246) |
| `--stream-port int` | Port to use for the lua TCP/UDP endpoint configuration. (default 10247) |
| `--ingress-class string` | Name of the ingress class this controller satisfies. The class of an Ingress object is set using the annotation "kubernetes.io/ingress.class". All ingress classes are satisfied if this parameter is left empty. | | `--ingress-class string` | Name of the ingress class this controller satisfies. The class of an Ingress object is set using the annotation "kubernetes.io/ingress.class". All ingress classes are satisfied if this parameter is left empty. |
| `--kubeconfig string` | Path to a kubeconfig file containing authorization and API server information. | | `--kubeconfig string` | Path to a kubeconfig file containing authorization and API server information. |
| `--log_backtrace_at traceLocation` | when logging hits line file:N, emit a stack trace (default :0) | | `--log_backtrace_at traceLocation` | when logging hits line file:N, emit a stack trace (default :0) |

6
internal/ingress/controller/controller.go
View file

@ -261,17 +261,21 @@ func (n *NGINXController) getStreamServices(configmapName string, proto apiv1.Pr
klog.Errorf("Error getting ConfigMap %q: %v", configmapName, err) klog.Errorf("Error getting ConfigMap %q: %v", configmapName, err)
return []ingress.L4Service{} return []ingress.L4Service{}
} }
var svcs []ingress.L4Service var svcs []ingress.L4Service
var svcProxyProtocol ingress.ProxyProtocol var svcProxyProtocol ingress.ProxyProtocol
rp := []int{ rp := []int{
n.cfg.ListenPorts.HTTP, n.cfg.ListenPorts.HTTP,
n.cfg.ListenPorts.HTTPS, n.cfg.ListenPorts.HTTPS,
n.cfg.ListenPorts.SSLProxy, n.cfg.ListenPorts.SSLProxy,
n.cfg.ListenPorts.Health, n.cfg.ListenPorts.Health,
n.cfg.ListenPorts.Default, n.cfg.ListenPorts.Default,
10255, // profiling port nginx.ProfilerPort,
nginx.StatusPort, nginx.StatusPort,
nginx.StreamPort,
} }
reserverdPorts := sets.NewInt(rp...) reserverdPorts := sets.NewInt(rp...)
// svcRef format: <(str)namespace>/<(str)service>:<(intstr)port>[:<("PROXY")decode>:<("PROXY")encode>] // svcRef format: <(str)namespace>/<(str)service>:<(intstr)port>[:<("PROXY")decode>:<("PROXY")encode>]
for port, svcRef := range configmap.Data { for port, svcRef := range configmap.Data {

9
internal/nginx/main.go
View file

@ -31,6 +31,11 @@ import (
"k8s.io/klog" "k8s.io/klog"
) )
// TODO: Check https://github.com/kubernetes/kubernetes/blob/master/pkg/master/ports/ports.go for ports already being used
// ProfilerPort port used by the ingress controller to expose the Go Profiler when it is enabled.
var ProfilerPort = 10245
// TemplatePath path of the NGINX template // TemplatePath path of the NGINX template
var TemplatePath = "/etc/nginx/template/nginx.tmpl" var TemplatePath = "/etc/nginx/template/nginx.tmpl"
@ -38,7 +43,7 @@ var TemplatePath = "/etc/nginx/template/nginx.tmpl"
var PID = "/tmp/nginx.pid" var PID = "/tmp/nginx.pid"
// StatusPort port used by NGINX for the status server // StatusPort port used by NGINX for the status server
var StatusPort = 10256 var StatusPort = 10246
// HealthPath defines the path used to define the health check location in NGINX // HealthPath defines the path used to define the health check location in NGINX
var HealthPath = "/healthz" var HealthPath = "/healthz"
@ -51,7 +56,7 @@ var HealthCheckTimeout = 10 * time.Second
var StatusPath = "/nginx_status" var StatusPath = "/nginx_status"
// StreamPort defines the port used by NGINX for the NGINX stream configuration socket // StreamPort defines the port used by NGINX for the NGINX stream configuration socket
var StreamPort = 10257 var StreamPort = 10247
// NewGetStatusRequest creates a new GET request to the internal NGINX status server // NewGetStatusRequest creates a new GET request to the internal NGINX status server
func NewGetStatusRequest(path string) (int, []byte, error) { func NewGetStatusRequest(path string) (int, []byte, error) {