DevFW-CICD/ingress-nginx-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge acaba8bef0 into de1a4c463c

Browse source
This commit is contained in:
chengjoey 2025-02-17 09:50:31 -08:00 committed by GitHub
commit e4de63bb95
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 39 additions and 38 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

39
internal/ingress/controller/controller.go
View file

@ -46,6 +46,7 @@ import (
"k8s.io/ingress-nginx/internal/k8s" "k8s.io/ingress-nginx/internal/k8s"
"k8s.io/ingress-nginx/internal/nginx" "k8s.io/ingress-nginx/internal/nginx"
"k8s.io/ingress-nginx/pkg/apis/ingress" "k8s.io/ingress-nginx/pkg/apis/ingress"
"k8s.io/ingress-nginx/pkg/tcpproxy"
utilingress "k8s.io/ingress-nginx/pkg/util/ingress" utilingress "k8s.io/ingress-nginx/pkg/util/ingress"
"k8s.io/klog/v2" "k8s.io/klog/v2"
) )
@ -185,6 +186,44 @@ func (n *NGINXController) syncIngress(interface{}) error {
n.metricCollector.SetSSLExpireTime(servers) n.metricCollector.SetSSLExpireTime(servers)
n.metricCollector.SetSSLInfo(servers) n.metricCollector.SetSSLInfo(servers)
if n.cfg.EnableSSLPassthrough {
servers := []*tcpproxy.TCPServer{}
for _, pb := range pcfg.PassthroughBackends {
svc := pb.Service
if svc == nil {
klog.Warningf("Missing Service for SSL Passthrough backend %q", pb.Backend)
continue
}
port, err := strconv.Atoi(pb.Port.String()) // #nosec
if err != nil {
for _, sp := range svc.Spec.Ports {
if sp.Name == pb.Port.String() {
port = int(sp.Port)
break
}
}
} else {
for _, sp := range svc.Spec.Ports {
//nolint:gosec // Ignore G109 error
if sp.Port == int32(port) {
port = int(sp.Port)
break
}
}
}
// TODO: Allow PassthroughBackends to specify they support proxy-protocol
servers = append(servers, &tcpproxy.TCPServer{
Hostname: pb.Hostname,
IP: svc.Spec.ClusterIP,
Port: port,
ProxyProtocol: false,
})
}
n.Proxy.ServerList = servers
}
if n.runningConfig.Equal(pcfg) { if n.runningConfig.Equal(pcfg) {
klog.V(3).Infof("No configuration change detected, skipping backend reload") klog.V(3).Infof("No configuration change detected, skipping backend reload")
return nil return nil

38
internal/ingress/controller/nginx.go
View file

@ -455,44 +455,6 @@ func (n *NGINXController) DefaultEndpoint() ingress.Endpoint {
// //
//nolint:gocritic // the cfg shouldn't be changed, and shouldn't be mutated by other processes while being rendered. //nolint:gocritic // the cfg shouldn't be changed, and shouldn't be mutated by other processes while being rendered.
func (n *NGINXController) generateTemplate(cfg ngx_config.Configuration, ingressCfg ingress.Configuration) ([]byte, error) { func (n *NGINXController) generateTemplate(cfg ngx_config.Configuration, ingressCfg ingress.Configuration) ([]byte, error) {
if n.cfg.EnableSSLPassthrough {
servers := []*tcpproxy.TCPServer{}
for _, pb := range ingressCfg.PassthroughBackends {
svc := pb.Service
if svc == nil {
klog.Warningf("Missing Service for SSL Passthrough backend %q", pb.Backend)
continue
}
port, err := strconv.Atoi(pb.Port.String()) // #nosec
if err != nil {
for _, sp := range svc.Spec.Ports {
if sp.Name == pb.Port.String() {
port = int(sp.Port)
break
}
}
} else {
for _, sp := range svc.Spec.Ports {
//nolint:gosec // Ignore G109 error
if sp.Port == int32(port) {
port = int(sp.Port)
break
}
}
}
// TODO: Allow PassthroughBackends to specify they support proxy-protocol
servers = append(servers, &tcpproxy.TCPServer{
Hostname: pb.Hostname,
IP: svc.Spec.ClusterIP,
Port: port,
ProxyProtocol: false,
})
}
n.Proxy.ServerList = servers
}
// NGINX cannot resize the hash tables used to store server names. For // NGINX cannot resize the hash tables used to store server names. For
// this reason we check if the current size is correct for the host // this reason we check if the current size is correct for the host
// names defined in the Ingress rules and adjust the value if // names defined in the Ingress rules and adjust the value if