From e659efbfdb9a203efea1d058a862eedcf76af84f Mon Sep 17 00:00:00 2001 From: Manuel Alejandro de Brito Fontes Date: Tue, 8 Sep 2020 20:47:01 -0300 Subject: [PATCH] Use dynamic load of modules --- internal/ingress/controller/config/config.go | 5 --- .../ingress/controller/template/template.go | 44 +++++++++++++++++++ rootfs/etc/nginx/template/nginx.tmpl | 13 ++++++ 3 files changed, 57 insertions(+), 5 deletions(-) diff --git a/internal/ingress/controller/config/config.go b/internal/ingress/controller/config/config.go index 80e2afc48..d2dc71ea2 100644 --- a/internal/ingress/controller/config/config.go +++ b/internal/ingress/controller/config/config.go @@ -652,11 +652,6 @@ type Configuration struct { // +optional GlobalExternalAuth GlobalExternalAuth `json:"global-external-auth"` - // EnableInfluxDB enables the nginx InfluxDB extension - // http://github.com/influxdata/nginx-influxdb-module/ - // By default this is disabled - EnableInfluxDB bool `json:"enable-influxdb"` - // Checksum contains a checksum of the configmap configuration Checksum string `json:"-"` diff --git a/internal/ingress/controller/template/template.go b/internal/ingress/controller/template/template.go index 18da4f0f4..14e1d978a 100644 --- a/internal/ingress/controller/template/template.go +++ b/internal/ingress/controller/template/template.go @@ -180,6 +180,8 @@ var ( "shouldLoadOpentracingModule": shouldLoadOpentracingModule, "buildModSecurityForLocation": buildModSecurityForLocation, "buildMirrorLocations": buildMirrorLocations, + "shouldLoadAuthDigestModule": shouldLoadAuthDigestModule, + "shouldLoadInfluxDBModule": shouldLoadInfluxDBModule, } ) @@ -1415,3 +1417,45 @@ proxy_pass %v; return buffer.String() } + +// shouldLoadAuthDigestModule determines whether or not the ngx_http_auth_digest_module module needs to be loaded. +func shouldLoadAuthDigestModule(s interface{}) bool { + servers, ok := s.([]*ingress.Server) + if !ok { + klog.Errorf("expected an '[]*ingress.Server' type but %T was returned", s) + return false + } + + for _, server := range servers { + for _, location := range server.Locations { + if !location.BasicDigestAuth.Secured { + continue + } + + if location.BasicDigestAuth.Type == "digest" { + return true + } + } + } + + return false +} + +// shouldLoadInfluxDBModule determines whether or not the ngx_http_auth_digest_module module needs to be loaded. +func shouldLoadInfluxDBModule(s interface{}) bool { + servers, ok := s.([]*ingress.Server) + if !ok { + klog.Errorf("expected an '[]*ingress.Server' type but %T was returned", s) + return false + } + + for _, server := range servers { + for _, location := range server.Locations { + if location.InfluxDB.InfluxDBEnabled { + return true + } + } + } + + return false +} diff --git a/rootfs/etc/nginx/template/nginx.tmpl b/rootfs/etc/nginx/template/nginx.tmpl index adb343b5e..18ead9536 100755 --- a/rootfs/etc/nginx/template/nginx.tmpl +++ b/rootfs/etc/nginx/template/nginx.tmpl @@ -16,6 +16,19 @@ pid {{ .PID }}; load_module /etc/nginx/modules/ngx_http_geoip2_module.so; {{ end }} +{{ if $cfg.EnableBrotli }} +load_module /etc/nginx/modules/ngx_http_brotli_filter_module.so; +load_module /etc/nginx/modules/ngx_http_brotli_static_module.so; +{{ end }} + +{{ if (shouldLoadInfluxDBModule $servers) }} +load_module /etc/nginx/modules/ngx_http_influxdb_module.so; +{{ end }} + +{{ if (shouldLoadAuthDigestModule $servers) }} +load_module /etc/nginx/modules/ngx_http_auth_digest_module.so; +{{ end }} + {{ if (shouldLoadModSecurityModule $cfg $servers) }} load_module /etc/nginx/modules/ngx_http_modsecurity_module.so; {{ end }}