Merge pull request #77 from aledbf/dns-resolver

Add support for IPV6 in dns resolvers
2017-01-01 20:21:52 -08:00 · 2017-01-01 20:21:52 -08:00 · 5cdb8fe4fb
commit 5cdb8fe4fb
parent e76e7d03df 61dad19f8e
11 changed files with 156 additions and 19 deletions
--- a/controllers/gce/controller/fakes.go
+++ b/controllers/gce/controller/fakes.go
@ -51,10 +51,10 @@ func NewFakeClusterManager(clusterName string) *fakeClusterManager {
 	namer := utils.NewNamer(clusterName)

 	nodePool := instances.NewNodePool(fakeIGs)
-	nodePool.Init(&instances.FakeZoneLister{[]string{"zone-a"}})
+	nodePool.Init(&instances.FakeZoneLister{Zones: []string{"zone-a"}})

 	healthChecker := healthchecks.NewHealthChecker(fakeHCs, "/", namer)
-	healthChecker.Init(&healthchecks.FakeHealthCheckGetter{nil})
+	healthChecker.Init(&healthchecks.FakeHealthCheckGetter{})

 	backendPool := backends.NewBackendPool(
 		fakeBackends,
--- a/controllers/gce/loadbalancers/loadbalancers_test.go
+++ b/controllers/gce/loadbalancers/loadbalancers_test.go
@ -39,9 +39,9 @@ func newFakeLoadBalancerPool(f LoadBalancers, t *testing.T) LoadBalancerPool {
 	fakeHCs := healthchecks.NewFakeHealthChecks()
 	namer := &utils.Namer{}
 	healthChecker := healthchecks.NewHealthChecker(fakeHCs, "/", namer)
-	healthChecker.Init(&healthchecks.FakeHealthCheckGetter{nil})
+	healthChecker.Init(&healthchecks.FakeHealthCheckGetter{})
 	nodePool := instances.NewNodePool(fakeIGs)
-	nodePool.Init(&instances.FakeZoneLister{[]string{defaultZone}})
+	nodePool.Init(&instances.FakeZoneLister{Zones: []string{defaultZone}})
 	backendPool := backends.NewBackendPool(
 		fakeBackends, healthChecker, nodePool, namer, []int64{}, false)
 	return NewLoadBalancerPool(f, backendPool, testDefaultBeNodePort, namer)
--- a/controllers/nginx/configuration.md
+++ b/controllers/nginx/configuration.md
@ -227,9 +227,6 @@ http://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_timeout
 **proxy-buffer-size:** Sets the size of the buffer used for [reading the first part of the response](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffer_size) received from the proxied server. This part usually contains a small response header.`


-**resolver:** Configures name servers used to [resolve](http://nginx.org/en/docs/http/ngx_http_core_module.html#resolver) names of upstream servers into addresses
-
-
 **server-name-hash-max-size:** Sets the maximum size of the [server names hash tables](http://nginx.org/en/docs/http/ngx_http_core_module.html#server_names_hash_max_size) used in server names, map directive’s values, MIME types, names of request header strings, etc.
 http://nginx.org/en/docs/hash.html

--- a/controllers/nginx/pkg/template/configmap.go
+++ b/controllers/nginx/pkg/template/configmap.go
@ -31,6 +31,7 @@ import (

 	"k8s.io/ingress/controllers/nginx/pkg/config"
 	"k8s.io/ingress/core/pkg/ingress/defaults"
+	"k8s.io/ingress/core/pkg/net/dns"
 )

 const (
@ -97,6 +98,13 @@ func ReadConfig(conf *api.ConfigMap) config.Configuration {
 	if err != nil {
 		glog.Infof("%v", err)
 	}
+
+	nss, err := dns.GetSystemNameServers()
+	if err != nil {
+		glog.Infof("unexpected error reading /etc/resolv.conf file: %v", err)
+	}
+	to.Resolver = nss
+
 	return to
 }

--- a/controllers/nginx/pkg/template/template.go
+++ b/controllers/nginx/pkg/template/template.go
@ -21,6 +21,7 @@ import (
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
+	"net"
 	"os/exec"
 	"strings"
 	text_template "text/template"
@ -29,6 +30,7 @@ import (

 	"k8s.io/ingress/controllers/nginx/pkg/config"
 	"k8s.io/ingress/core/pkg/ingress"
+	ing_net "k8s.io/ingress/core/pkg/net"
 	"k8s.io/ingress/core/pkg/watch"
 )

@ -134,6 +136,7 @@ var (
 		"buildRateLimitZones":         buildRateLimitZones,
 		"buildRateLimit":              buildRateLimit,
 		"buildSSPassthroughUpstreams": buildSSPassthroughUpstreams,
+		"buildResolvers":              buildResolvers,

 		"contains":  strings.Contains,
 		"hasPrefix": strings.HasPrefix,
@ -143,6 +146,27 @@ var (
 	}
 )

+// buildResolvers returns the resolvers reading the /etc/resolv.conf file
+func buildResolvers(a interface{}) string {
+	// NGINX need IPV6 addresses to be surrounded by brakets
+	nss := a.([]net.IP)
+	if len(nss) == 0 {
+		return ""
+	}
+
+	r := []string{"resolver"}
+	for _, ns := range nss {
+		if ing_net.IsIPV6(ns) {
+			r = append(r, fmt.Sprintf("[%v]", ns))
+		} else {
+			r = append(r, fmt.Sprintf("%v", ns))
+		}
+	}
+	r = append(r, "valid=30s;")
+
+	return strings.Join(r, " ")
+}
+
 func buildSSPassthroughUpstreams(b interface{}, sslb interface{}) string {
 	backends := b.([]*ingress.Backend)
 	sslBackends := sslb.([]*ingress.SSLPassthroughBackend)
--- a/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl
+++ b/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl
@ -85,10 +85,7 @@ http {
    access_log /var/log/nginx/access.log upstreaminfo if=$loggable;
    error_log  /var/log/nginx/error.log {{ $cfg.ErrorLogLevel }};

-    {{ if not (empty $cfg.Resolver) }}# Custom dns resolver.
-    resolver {{ $cfg.Resolver }} valid=30s;
-    resolver_timeout 10s;
-    {{ end }}
+    {{ buildResolvers $cfg.Resolver }}

    {{/* Whenever nginx proxies a request without a "Connection" header, the "Connection" header is set to "close" */}}
    {{/* when making the target request.  This means that you cannot simply use */}}