Merge acaba8bef0 into de1a4c463c
This commit is contained in:
chengjoey
GitHub
commit
e4de63bb95
2 changed files with 39 additions and 38 deletions
|
|
@ -46,6 +46,7 @@ import (
|
|||
"k8s.io/ingress-nginx/internal/k8s"
|
||||
"k8s.io/ingress-nginx/internal/nginx"
|
||||
"k8s.io/ingress-nginx/pkg/apis/ingress"
|
||||
"k8s.io/ingress-nginx/pkg/tcpproxy"
|
||||
utilingress "k8s.io/ingress-nginx/pkg/util/ingress"
|
||||
"k8s.io/klog/v2"
|
||||
)
|
||||
|
|
@ -185,6 +186,44 @@ func (n *NGINXController) syncIngress(interface{}) error {
|
|||
n.metricCollector.SetSSLExpireTime(servers)
|
||||
n.metricCollector.SetSSLInfo(servers)
|
||||
|
||||
if n.cfg.EnableSSLPassthrough {
|
||||
servers := []*tcpproxy.TCPServer{}
|
||||
for _, pb := range pcfg.PassthroughBackends {
|
||||
svc := pb.Service
|
||||
if svc == nil {
|
||||
klog.Warningf("Missing Service for SSL Passthrough backend %q", pb.Backend)
|
||||
continue
|
||||
}
|
||||
port, err := strconv.Atoi(pb.Port.String()) // #nosec
|
||||
if err != nil {
|
||||
for _, sp := range svc.Spec.Ports {
|
||||
if sp.Name == pb.Port.String() {
|
||||
port = int(sp.Port)
|
||||
break
|
||||
}
|
||||
}
|
||||
} else {
|
||||
for _, sp := range svc.Spec.Ports {
|
||||
//nolint:gosec // Ignore G109 error
|
||||
if sp.Port == int32(port) {
|
||||
port = int(sp.Port)
|
||||
break
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// TODO: Allow PassthroughBackends to specify they support proxy-protocol
|
||||
servers = append(servers, &tcpproxy.TCPServer{
|
||||
Hostname: pb.Hostname,
|
||||
IP: svc.Spec.ClusterIP,
|
||||
Port: port,
|
||||
ProxyProtocol: false,
|
||||
})
|
||||
}
|
||||
|
||||
n.Proxy.ServerList = servers
|
||||
}
|
||||
|
||||
if n.runningConfig.Equal(pcfg) {
|
||||
klog.V(3).Infof("No configuration change detected, skipping backend reload")
|
||||
return nil
|
||||
|
|
|
|||
|
|
@ -455,44 +455,6 @@ func (n *NGINXController) DefaultEndpoint() ingress.Endpoint {
|
|||
//
|
||||
//nolint:gocritic // the cfg shouldn't be changed, and shouldn't be mutated by other processes while being rendered.
|
||||
func (n *NGINXController) generateTemplate(cfg ngx_config.Configuration, ingressCfg ingress.Configuration) ([]byte, error) {
|
||||
if n.cfg.EnableSSLPassthrough {
|
||||
servers := []*tcpproxy.TCPServer{}
|
||||
for _, pb := range ingressCfg.PassthroughBackends {
|
||||
svc := pb.Service
|
||||
if svc == nil {
|
||||
klog.Warningf("Missing Service for SSL Passthrough backend %q", pb.Backend)
|
||||
continue
|
||||
}
|
||||
port, err := strconv.Atoi(pb.Port.String()) // #nosec
|
||||
if err != nil {
|
||||
for _, sp := range svc.Spec.Ports {
|
||||
if sp.Name == pb.Port.String() {
|
||||
port = int(sp.Port)
|
||||
break
|
||||
}
|
||||
}
|
||||
} else {
|
||||
for _, sp := range svc.Spec.Ports {
|
||||
//nolint:gosec // Ignore G109 error
|
||||
if sp.Port == int32(port) {
|
||||
port = int(sp.Port)
|
||||
break
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// TODO: Allow PassthroughBackends to specify they support proxy-protocol
|
||||
servers = append(servers, &tcpproxy.TCPServer{
|
||||
Hostname: pb.Hostname,
|
||||
IP: svc.Spec.ClusterIP,
|
||||
Port: port,
|
||||
ProxyProtocol: false,
|
||||
})
|
||||
}
|
||||
|
||||
n.Proxy.ServerList = servers
|
||||
}
|
||||
|
||||
// NGINX cannot resize the hash tables used to store server names. For
|
||||
// this reason we check if the current size is correct for the host
|
||||
// names defined in the Ingress rules and adjust the value if
|
||||
|
|
|
|||
Loading…
Reference in a new issue