Add support for proxy protocol in TCP services

2017-07-02 16:46:15 -04:00 · 2017-07-02 16:46:15 -04:00 · 6a4679b028
commit 6a4679b028
parent 24d78cae8e
4 changed files with 26 additions and 15 deletions
--- a/controllers/nginx/README.md
+++ b/controllers/nginx/README.md
@ -314,8 +314,8 @@ version to fully support Kube-Lego is nginx Ingress controller 0.8.

 ## Exposing TCP services

-Ingress does not support TCP services (yet). For this reason this Ingress controller uses the flag `--tcp-services-configmap` to point to an existing config map where the key is the external port to use and the value is `<namespace/service name>:<service port>`
-It is possible to use a number or the name of the port.
+Ingress does not support TCP services (yet). For this reason this Ingress controller uses the flag `--tcp-services-configmap` to point to an existing config map where the key is the external port to use and the value is `<namespace/service name>:<service port>:[PROXY]`
+It is possible to use a number or the name of the port. The last field is optional. Adding `PROXY` in the last field we can enable Proxy Protocol in a TCP service.

 The next example shows how to expose the service `example-go` running in the namespace `default` in the port `8080` using the port `9000`
 ```
--- a/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl
+++ b/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl
@ -562,22 +562,22 @@ stream {

    # TCP services
    {{ range $i, $tcpServer := .TCPBackends }}
-    upstream tcp-{{ $tcpServer.Backend.Namespace }}-{{ $tcpServer.Backend.Name }}-{{ $tcpServer.Backend.Port }} {
+    upstream tcp-{{ $tcpServer.Port }}-{{ $tcpServer.Backend.Namespace }}-{{ $tcpServer.Backend.Name }}-{{ $tcpServer.Backend.Port }} {
    {{ range $j, $endpoint := $tcpServer.Endpoints }}
        server                  {{ $endpoint.Address }}:{{ $endpoint.Port }};
    {{ end }}
    }
-
    server {
-        listen                  {{ $tcpServer.Port }};
-        {{ if $IsIPV6Enabled }}listen                  [::]:{{ $tcpServer.Port }};{{ end }}
-        proxy_pass              tcp-{{ $tcpServer.Backend.Namespace }}-{{ $tcpServer.Backend.Name }}-{{ $tcpServer.Backend.Port }};
+        listen                  {{ $tcpServer.Port }}{{ if $tcpServer.Backend.UseProxyProtocol }} proxy_protocol{{ end }};
+        {{ if $IsIPV6Enabled }}listen                  [::]:{{ $tcpServer.Port }}{{ if $tcpServer.Backend.UseProxyProtocol }} proxy_protocol{{ end }};{{ end }}
+        proxy_pass              tcp-{{ $tcpServer.Port }}-{{ $tcpServer.Backend.Namespace }}-{{ $tcpServer.Backend.Name }}-{{ $tcpServer.Backend.Port }};
    }
+
    {{ end }}

    # UDP services
    {{ range $i, $udpServer := .UDPBackends }}
-    upstream udp-{{ $udpServer.Backend.Namespace }}-{{ $udpServer.Backend.Name }}-{{ $udpServer.Backend.Port }} {
+    upstream udp-{{ $udpServer.Port }}-{{ $udpServer.Backend.Namespace }}-{{ $udpServer.Backend.Name }}-{{ $udpServer.Backend.Port }} {
    {{ range $j, $endpoint := $udpServer.Endpoints }}
        server                  {{ $endpoint.Address }}:{{ $endpoint.Port }};
    {{ end }}
@ -587,7 +587,7 @@ stream {
        listen                  {{ $udpServer.Port }} udp;
        {{ if $IsIPV6Enabled }}listen                  [::]:{{ $udpServer.Port }} udp;{{ end }}
        proxy_responses         1;
-        proxy_pass              udp-{{ $udpServer.Backend.Namespace }}-{{ $udpServer.Backend.Name }}-{{ $udpServer.Backend.Port }};
+        proxy_pass              udp-{{ $udpServer.Port }}-{{ $udpServer.Backend.Namespace }}-{{ $udpServer.Backend.Name }}-{{ $udpServer.Backend.Port }};
    }
    {{ end }}
 }