DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Resolve conflicts

Browse source
This commit is contained in:
Bo0km4n 2020-06-20 17:13:31 +09:00
commit 7ab0916c92
161 changed files with 2159 additions and 1223 deletions
Download patch file Download diff file Expand all files Collapse all files

11
internal/ingress/controller/config/config.go
View file

@ -111,11 +111,20 @@ type Configuration struct {
// By default this is disabled
EnableAccessLogForDefaultBackend bool `json:"enable-access-log-for-default-backend"`
// AccessLogPath sets the path of the access logs if enabled
// AccessLogPath sets the path of the access logs for both http and stream contexts if enabled
// http://nginx.org/en/docs/http/ngx_http_log_module.html#access_log
// http://nginx.org/en/docs/stream/ngx_stream_log_module.html#access_log
// By default access logs go to /var/log/nginx/access.log
AccessLogPath string `json:"access-log-path,omitempty"`
// HttpAccessLogPath sets the path of the access logs for http context globally if enabled
// http://nginx.org/en/docs/http/ngx_http_log_module.html#access_log
HttpAccessLogPath string `json:"http-access-log-path,omitempty"`
// StreamAccessLogPath sets the path of the access logs for stream context globally if enabled
// http://nginx.org/en/docs/stream/ngx_stream_log_module.html#access_log
StreamAccessLogPath string `json:"stream-access-log-path,omitempty"`
// WorkerCPUAffinity bind nginx worker processes to CPUs this will improve response latency
// http://nginx.org/en/docs/ngx_core_module.html#worker_cpu_affinity
// By default this is disabled

14
internal/ingress/controller/controller.go
View file

@ -1053,8 +1053,9 @@ func (n *NGINXController) createServers(data []*ingress.Ingress,
Locations: []*ingress.Location{
loc,
},
SSLPassthrough: anns.SSLPassthrough,
SSLCiphers: anns.SSLCiphers,
SSLPassthrough: anns.SSLPassthrough,
SSLCiphers: anns.SSLCipher.SSLCiphers,
SSLPreferServerCiphers: anns.SSLCipher.SSLPreferServerCiphers,
}
}
}
@ -1094,8 +1095,13 @@ func (n *NGINXController) createServers(data []*ingress.Ingress,
}
// only add SSL ciphers if the server does not have them previously configured
if servers[host].SSLCiphers == "" && anns.SSLCiphers != "" {
servers[host].SSLCiphers = anns.SSLCiphers
if servers[host].SSLCiphers == "" && anns.SSLCipher.SSLCiphers != "" {
servers[host].SSLCiphers = anns.SSLCipher.SSLCiphers
}
// only add SSLPreferServerCiphers if the server does not have them previously configured
if servers[host].SSLPreferServerCiphers == "" && anns.SSLCipher.SSLPreferServerCiphers != "" {
servers[host].SSLPreferServerCiphers = anns.SSLCipher.SSLPreferServerCiphers
}
// only add a certificate if the server does not have one previously configured

11
internal/ingress/controller/nginx.go
View file

@ -343,17 +343,10 @@ func (n *NGINXController) Start() {
// issues because of this behavior.
// To avoid this issue we restart nginx in case of errors.
if process.IsRespawnIfRequired(err) {
process.WaitUntilPortIsAvailable(n.cfg.ListenPorts.HTTP)
// release command resources
cmd.Process.Release()
// start a new nginx master process if the controller is not being stopped
cmd = n.command.ExecCommand()
cmd.SysProcAttr = &syscall.SysProcAttr{
Setpgid: true,
Pgid: 0,
}
n.start(cmd)
return
}
case event := <-n.updateCh.Out():
if n.isShuttingDown {
break

43
internal/ingress/controller/process/nginx.go
View file

@ -17,14 +17,9 @@ limitations under the License.
package process
import (
"fmt"
"net"
"os"
"os/exec"
"syscall"
"time"
"github.com/ncabatoff/process-exporter/proc"
"k8s.io/klog"
)
@ -43,41 +38,3 @@ NGINX master process died (%v): %v
`, waitStatus.ExitStatus(), err)
return true
}
// WaitUntilPortIsAvailable waits until there is no NGINX master or worker
// process/es listening in a particular port.
func WaitUntilPortIsAvailable(port int) {
// we wait until the workers are killed
for {
conn, err := net.DialTimeout("tcp", fmt.Sprintf("0.0.0.0:%v", port), 1*time.Second)
if err != nil {
break
}
conn.Close()
// kill nginx worker processes
fs, err := proc.NewFS("/proc", false)
if err != nil {
klog.Errorf("unexpected error reading /proc information: %v", err)
continue
}
procs, _ := fs.FS.AllProcs()
for _, p := range procs {
pn, err := p.Comm()
if err != nil {
klog.Errorf("unexpected error obtaining process information: %v", err)
continue
}
if pn == "nginx" {
osp, err := os.FindProcess(p.PID)
if err != nil {
klog.Errorf("unexpected error obtaining process information: %v", err)
continue
}
osp.Signal(syscall.SIGQUIT)
}
}
time.Sleep(100 * time.Millisecond)
}
}

16
internal/ingress/controller/store/store.go
View file

@ -261,10 +261,24 @@ func New(
store.listers.IngressWithAnnotation.Store = cache.NewStore(cache.DeletionHandlingMetaNamespaceKeyFunc)
// As we currently do not filter out kubernetes objects we list, we can
// retrieve a huge amount of data from the API server.
// In a cluster using HELM < v3 configmaps are used to store binary data.
// If you happen to have a lot of HELM releases in the cluster it will make
// the memory consumption of nginx-ingress-controller explode.
// In order to avoid that we filter out labels OWNER=TILLER.
tweakListOptionsFunc := func(options *metav1.ListOptions) {
if len(options.LabelSelector) > 0 {
options.LabelSelector += ",OWNER!=TILLER"
} else {
options.LabelSelector = "OWNER!=TILLER"
}
}
// create informers factory, enable and assign required informers
infFactory := informers.NewSharedInformerFactoryWithOptions(client, resyncPeriod,
informers.WithNamespace(namespace),
informers.WithTweakListOptions(func(*metav1.ListOptions) {}))
informers.WithTweakListOptions(tweakListOptionsFunc))
if k8s.IsNetworkingIngressAvailable {
store.informers.Ingress = infFactory.Networking().V1beta1().Ingresses().Informer()

42
internal/ingress/controller/template/template.go
View file

@ -1229,18 +1229,17 @@ func commonListenOptions(template config.TemplateConfig, hostname string) string
func httpListener(addresses []string, co string, tc config.TemplateConfig) []string {
out := make([]string, 0)
for _, address := range addresses {
l := make([]string, 0)
l = append(l, "listen")
lo := []string{"listen"}
if address == "" {
l = append(l, fmt.Sprintf("%v", tc.ListenPorts.HTTP))
lo = append(lo, fmt.Sprintf("%v", tc.ListenPorts.HTTP))
} else {
l = append(l, fmt.Sprintf("%v:%v", address, tc.ListenPorts.HTTP))
lo = append(lo, fmt.Sprintf("%v:%v", address, tc.ListenPorts.HTTP))
}
l = append(l, co)
l = append(l, ";")
out = append(out, strings.Join(l, " "))
lo = append(lo, co)
lo = append(lo, ";")
out = append(out, strings.Join(lo, " "))
}
return out
@ -1249,38 +1248,35 @@ func httpListener(addresses []string, co string, tc config.TemplateConfig) []str
func httpsListener(addresses []string, co string, tc config.TemplateConfig) []string {
out := make([]string, 0)
for _, address := range addresses {
l := make([]string, 0)
l = append(l, "listen")
lo := []string{"listen"}
if tc.IsSSLPassthroughEnabled {
if address == "" {
l = append(l, fmt.Sprintf("%v", tc.ListenPorts.SSLProxy))
lo = append(lo, fmt.Sprintf("%v", tc.ListenPorts.SSLProxy))
} else {
l = append(l, fmt.Sprintf("%v:%v", address, tc.ListenPorts.SSLProxy))
lo = append(lo, fmt.Sprintf("%v:%v", address, tc.ListenPorts.SSLProxy))
}
l = append(l, "proxy_protocol")
if !strings.Contains(co, "proxy_protocol") {
lo = append(lo, "proxy_protocol")
}
} else {
if address == "" {
l = append(l, fmt.Sprintf("%v", tc.ListenPorts.HTTPS))
lo = append(lo, fmt.Sprintf("%v", tc.ListenPorts.HTTPS))
} else {
l = append(l, fmt.Sprintf("%v:%v", address, tc.ListenPorts.HTTPS))
}
if tc.Cfg.UseProxyProtocol {
l = append(l, "proxy_protocol")
lo = append(lo, fmt.Sprintf("%v:%v", address, tc.ListenPorts.HTTPS))
}
}
l = append(l, co)
l = append(l, "ssl")
lo = append(lo, co)
lo = append(lo, "ssl")
if tc.Cfg.UseHTTP2 {
l = append(l, "http2")
lo = append(lo, "http2")
}
l = append(l, ";")
out = append(out, strings.Join(l, " "))
lo = append(lo, ";")
out = append(out, strings.Join(lo, " "))
}
return out