DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Clean old code and move helper functions (#8946)

Browse source
This commit is contained in:
Ricardo Katz 2022-08-21 18:21:51 -03:00 committed by GitHub
parent a98c637872
commit 4508493dfe
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 374 additions and 292 deletions
Download patch file Download diff file Expand all files Collapse all files

233
pkg/util/ingress/ingress.go Normal file
View file

@ -0,0 +1,233 @@
/*
Copyright 2022 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package ingress
import (
"fmt"
"strings"
"k8s.io/apimachinery/pkg/util/sets"
"k8s.io/ingress-nginx/internal/k8s"
"k8s.io/ingress-nginx/internal/net/ssl"
"k8s.io/ingress-nginx/pkg/apis/ingress"
"k8s.io/klog/v2"
)
func GetRemovedHosts(rucfg, newcfg *ingress.Configuration) []string {
oldSet := sets.NewString()
newSet := sets.NewString()
for _, s := range rucfg.Servers {
if !oldSet.Has(s.Hostname) {
oldSet.Insert(s.Hostname)
}
}
for _, s := range newcfg.Servers {
if !newSet.Has(s.Hostname) {
newSet.Insert(s.Hostname)
}
}
return oldSet.Difference(newSet).List()
}
// GetRemovedCertificateSerialNumber extracts the difference of certificates between two configurations
func GetRemovedCertificateSerialNumbers(rucfg, newcfg *ingress.Configuration) []string {
oldCertificates := sets.NewString()
newCertificates := sets.NewString()
for _, server := range rucfg.Servers {
if server.SSLCert == nil {
continue
}
identifier := server.SSLCert.Identifier()
if identifier != "" {
if !oldCertificates.Has(identifier) {
oldCertificates.Insert(identifier)
}
}
}
for _, server := range newcfg.Servers {
if server.SSLCert == nil {
continue
}
identifier := server.SSLCert.Identifier()
if identifier != "" {
if !newCertificates.Has(identifier) {
newCertificates.Insert(identifier)
}
}
}
return oldCertificates.Difference(newCertificates).List()
}
// GetRemovedIngresses extracts the difference of ingresses between two configurations
func GetRemovedIngresses(rucfg, newcfg *ingress.Configuration) []string {
oldIngresses := sets.NewString()
newIngresses := sets.NewString()
for _, server := range rucfg.Servers {
for _, location := range server.Locations {
if location.Ingress == nil {
continue
}
ingKey := k8s.MetaNamespaceKey(location.Ingress)
if !oldIngresses.Has(ingKey) {
oldIngresses.Insert(ingKey)
}
}
}
for _, server := range newcfg.Servers {
for _, location := range server.Locations {
if location.Ingress == nil {
continue
}
ingKey := k8s.MetaNamespaceKey(location.Ingress)
if !newIngresses.Has(ingKey) {
newIngresses.Insert(ingKey)
}
}
}
return oldIngresses.Difference(newIngresses).List()
}
// IsDynamicConfigurationEnough returns whether a Configuration can be
// dynamically applied, without reloading the backend.
func IsDynamicConfigurationEnough(newcfg *ingress.Configuration, oldcfg *ingress.Configuration) bool {
copyOfRunningConfig := *oldcfg
copyOfPcfg := *newcfg
copyOfRunningConfig.Backends = []*ingress.Backend{}
copyOfPcfg.Backends = []*ingress.Backend{}
clearL4serviceEndpoints(&copyOfRunningConfig)
clearL4serviceEndpoints(&copyOfPcfg)
clearCertificates(&copyOfRunningConfig)
clearCertificates(&copyOfPcfg)
return copyOfRunningConfig.Equal(&copyOfPcfg)
}
// clearL4serviceEndpoints is a helper function to clear endpoints from the ingress configuration since they should be ignored when
// checking if the new configuration changes can be applied dynamically.
func clearL4serviceEndpoints(config *ingress.Configuration) {
var clearedTCPL4Services []ingress.L4Service
var clearedUDPL4Services []ingress.L4Service
for _, service := range config.TCPEndpoints {
copyofService := ingress.L4Service{
Port: service.Port,
Backend: service.Backend,
Endpoints: []ingress.Endpoint{},
Service: nil,
}
clearedTCPL4Services = append(clearedTCPL4Services, copyofService)
}
for _, service := range config.UDPEndpoints {
copyofService := ingress.L4Service{
Port: service.Port,
Backend: service.Backend,
Endpoints: []ingress.Endpoint{},
Service: nil,
}
clearedUDPL4Services = append(clearedUDPL4Services, copyofService)
}
config.TCPEndpoints = clearedTCPL4Services
config.UDPEndpoints = clearedUDPL4Services
}
// clearCertificates is a helper function to clear Certificates from the ingress configuration since they should be ignored when
// checking if the new configuration changes can be applied dynamically if dynamic certificates is on
func clearCertificates(config *ingress.Configuration) {
var clearedServers []*ingress.Server
for _, server := range config.Servers {
copyOfServer := *server
copyOfServer.SSLCert = nil
clearedServers = append(clearedServers, &copyOfServer)
}
config.Servers = clearedServers
}
type redirect struct {
From string
To string
SSLCert *ingress.SSLCert
}
// BuildRedirects build the redirects of servers based on configurations and certificates
func BuildRedirects(servers []*ingress.Server) []*redirect {
names := sets.String{}
redirectServers := make([]*redirect, 0)
for _, srv := range servers {
if !srv.RedirectFromToWWW {
continue
}
to := srv.Hostname
var from string
if strings.HasPrefix(to, "www.") {
from = strings.TrimPrefix(to, "www.")
} else {
from = fmt.Sprintf("www.%v", to)
}
if names.Has(to) {
continue
}
klog.V(3).InfoS("Creating redirect", "from", from, "to", to)
found := false
for _, esrv := range servers {
if esrv.Hostname == from {
found = true
break
}
}
if found {
klog.Warningf("Already exists an Ingress with %q hostname. Skipping creation of redirection from %q to %q.", from, from, to)
continue
}
r := &redirect{
From: from,
To: to,
}
if srv.SSLCert != nil {
if ssl.IsValidHostname(from, srv.SSLCert.CN) {
r.SSLCert = srv.SSLCert
} else {
klog.Warningf("the server %v has SSL configured but the SSL certificate does not contains a CN for %v. Redirects will not work for HTTPS to HTTPS", from, to)
}
}
redirectServers = append(redirectServers, r)
names.Insert(to)
}
return redirectServers
}

132
pkg/util/ingress/ingress_test.go Normal file
View file

@ -0,0 +1,132 @@
/*
Copyright 2022 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package ingress
import (
"testing"
"k8s.io/ingress-nginx/pkg/apis/ingress"
)
func TestIsDynamicConfigurationEnough(t *testing.T) {
backends := []*ingress.Backend{{
Name: "fakenamespace-myapp-80",
Endpoints: []ingress.Endpoint{
{
Address: "10.0.0.1",
Port: "8080",
},
{
Address: "10.0.0.2",
Port: "8080",
},
},
}}
servers := []*ingress.Server{{
Hostname: "myapp.fake",
Locations: []*ingress.Location{
{
Path: "/",
Backend: "fakenamespace-myapp-80",
},
},
SSLCert: &ingress.SSLCert{
PemCertKey: "fake-certificate",
},
}}
commonConfig := &ingress.Configuration{
Backends: backends,
Servers: servers,
}
runningConfig := &ingress.Configuration{
Backends: backends,
Servers: servers,
}
newConfig := commonConfig
if !IsDynamicConfigurationEnough(newConfig, runningConfig) {
t.Errorf("When new config is same as the running config it should be deemed as dynamically configurable")
}
newConfig = &ingress.Configuration{
Backends: []*ingress.Backend{{Name: "another-backend-8081"}},
Servers: []*ingress.Server{{Hostname: "myapp1.fake"}},
}
if IsDynamicConfigurationEnough(newConfig, runningConfig) {
t.Errorf("Expected to not be dynamically configurable when there's more than just backends change")
}
newConfig = &ingress.Configuration{
Backends: []*ingress.Backend{{Name: "a-backend-8080"}},
Servers: servers,
}
if !IsDynamicConfigurationEnough(newConfig, runningConfig) {
t.Errorf("Expected to be dynamically configurable when only backends change")
}
newServers := []*ingress.Server{{
Hostname: "myapp1.fake",
Locations: []*ingress.Location{
{
Path: "/",
Backend: "fakenamespace-myapp-80",
},
},
SSLCert: &ingress.SSLCert{
PemCertKey: "fake-certificate",
},
}}
newConfig = &ingress.Configuration{
Backends: backends,
Servers: newServers,
}
if IsDynamicConfigurationEnough(newConfig, runningConfig) {
t.Errorf("Expected to not be dynamically configurable when dynamic certificates is enabled and a non-certificate field in servers is updated")
}
newServers[0].Hostname = "myapp.fake"
newServers[0].SSLCert.PemCertKey = "new-fake-certificate"
newConfig = &ingress.Configuration{
Backends: backends,
Servers: newServers,
}
if !IsDynamicConfigurationEnough(newConfig, runningConfig) {
t.Errorf("Expected to be dynamically configurable when only SSLCert changes")
}
newConfig = &ingress.Configuration{
Backends: []*ingress.Backend{{Name: "a-backend-8080"}},
Servers: newServers,
}
if !IsDynamicConfigurationEnough(newConfig, runningConfig) {
t.Errorf("Expected to be dynamically configurable when backend and SSLCert changes")
}
if !runningConfig.Equal(commonConfig) {
t.Errorf("Expected running config to not change")
}
if !newConfig.Equal(&ingress.Configuration{Backends: []*ingress.Backend{{Name: "a-backend-8080"}}, Servers: newServers}) {
t.Errorf("Expected new config to not change")
}
}