Configurable Proxy Protocol header timeout for TLS passthrough

2018-06-03 20:10:41 -05:00 · 2018-06-03 20:10:41 -05:00 · d637a9b978
commit d637a9b978
parent c8fec068d9
5 changed files with 46 additions and 1 deletions
--- a/internal/ingress/controller/template/configmap.go
+++ b/internal/ingress/controller/template/configmap.go
@ -21,6 +21,7 @@ import (
 	"net"
 	"strconv"
 	"strings"
+	"time"

 	"github.com/golang/glog"

@ -42,6 +43,7 @@ const (
 	hideHeaders              = "hide-headers"
 	nginxStatusIpv4Whitelist = "nginx-status-ipv4-whitelist"
 	nginxStatusIpv6Whitelist = "nginx-status-ipv6-whitelist"
+	proxyHeaderTimeout       = "proxy-protocol-header-timeout"
 )

 var (
@ -125,6 +127,17 @@ func ReadConfig(src map[string]string) config.Configuration {
 		}
 	}

+	// Verify that the configured timeout is parsable as a duration. if not, set the default value
+	if val, ok := conf[proxyHeaderTimeout]; ok {
+		delete(conf, proxyHeaderTimeout)
+		duration, err := time.ParseDuration(val)
+		if err != nil {
+			glog.Warningf("proxy-protocol-header-timeout of %v encounted an error while being parsed %v. Switching to use default value instead.", val, err)
+		} else {
+			to.ProxyProtocolHeaderTimeout = duration
+		}
+	}
+
 	streamResponses := 1
 	if val, ok := conf[proxyStreamResponses]; ok {
 		delete(conf, proxyStreamResponses)