From ebf1edc8175d145267cb8162cb6ab5775a78f5f3 Mon Sep 17 00:00:00 2001 From: Donal Byrne Date: Thu, 8 Aug 2024 13:50:37 +0200 Subject: [PATCH] Various fixes for ingress --- README.md | 2 ++ images/nginx-ingress/docker_entrypoint.sh | 3 ++ images/nginx-ingress/nginx.conf.tmpl | 1 + images/nginx-ingress/service.conf.tmpl | 8 +++--- images/nginx-ingress/test/443.json | 34 +++++++++++++++++++++++ images/nginx-ingress/test/80.json | 33 ++++++++++++++++++++++ images/nginx-ingress/test/test.sh | 6 ++++ src/create.rs | 2 +- src/executor.rs | 3 ++ 9 files changed, 87 insertions(+), 5 deletions(-) create mode 100644 images/nginx-ingress/test/443.json create mode 100644 images/nginx-ingress/test/80.json create mode 100755 images/nginx-ingress/test/test.sh diff --git a/README.md b/README.md index 8e241ca..592ab7f 100644 --- a/README.md +++ b/README.md @@ -151,6 +151,7 @@ sudo apt-get install -y gcc make libssl-dev pkg-config - [ ] Remove - [x] List - [ ] Store manifest in store so CNI plugin can get access + - [ ] Fix pod naming to avoid collisions - Deployments - [x] Apply - [ ] Remove @@ -199,6 +200,7 @@ sudo apt-get install -y gcc make libssl-dev pkg-config - [x] letsencrypt - [ ] Cluster Issuer to set letsencrypt url - [ ] Support gateway api + - [ ] Fix sihup reload - CNI - [ ] Get pod config from store and not sqlite - [ ] Reload nginx diff --git a/images/nginx-ingress/docker_entrypoint.sh b/images/nginx-ingress/docker_entrypoint.sh index 6a5c07b..aaa50e2 100755 --- a/images/nginx-ingress/docker_entrypoint.sh +++ b/images/nginx-ingress/docker_entrypoint.sh @@ -90,6 +90,7 @@ reload_and_wait() { # have lock pid="$(cat $pidfile 2>/dev/null || echo '')" if [ -z "${pid:-}" ]; then + echo "no pid found" return fi @@ -100,6 +101,8 @@ reload_and_wait() { rm /tmp/ingressreload.lock echo "waiting on $pid" wait "$pid" + else + echo "lock failed" fi } diff --git a/images/nginx-ingress/nginx.conf.tmpl b/images/nginx-ingress/nginx.conf.tmpl index c77e6f9..8e37f53 100644 --- a/images/nginx-ingress/nginx.conf.tmpl +++ b/images/nginx-ingress/nginx.conf.tmpl @@ -60,6 +60,7 @@ http { '"http_referrer": "$http_referer", ' '"http_user_agent": "$http_user_agent", ' '"http_version": "$server_protocol", ' + '"server_port": "$server_port", ' '"nginx_access": true }'; access_log /dev/stdout vhost; diff --git a/images/nginx-ingress/service.conf.tmpl b/images/nginx-ingress/service.conf.tmpl index 23da8ca..16e1857 100644 --- a/images/nginx-ingress/service.conf.tmpl +++ b/images/nginx-ingress/service.conf.tmpl @@ -74,11 +74,11 @@ server { # create the server based on the service server_name {{this.host}}; - listen {{../port}}{{#if port 443}} ssl{{/if}}; + listen {{../port}}{{#if (eq ../port 443)}} ssl{{/if}}; access_log "/usr/local/openresty/nginx/logs/access.log" vhost; - {{#if port 443}} - {{> enableTLS }} + {{#if (eq ../port 443)}} + {{> enableTLS baseDomain=../baseDomain}} {{/if}} {{> enableMaxBody metatdata.annotations["nginx.ingress.kubernetes.io/proxy-body-size"]}} @@ -120,7 +120,7 @@ server { {{#each this.http.paths as |path|}} - {{#if path.pathType "prefix"}} + {{#if (eq path.pathType "prefix")}} location {{path.path}} { {{> proxyPassLocation path}} diff --git a/images/nginx-ingress/test/443.json b/images/nginx-ingress/test/443.json new file mode 100644 index 0000000..a146c6e --- /dev/null +++ b/images/nginx-ingress/test/443.json @@ -0,0 +1,34 @@ +{ + "port": 443, + "baseDomain": "example.com", + "apiVersion": "networking.k8s.io/v1", + "kind": "Ingress", + "metadata": { + "name": "foo-external" + }, + "annotations": { + }, + "spec": { + "rules": [ + { + "host": "foo.example.com", + "http": { + "paths": [ + { + "path": "/", + "pathType": "Prefix", + "backend": { + "service": { + "name": "foo", + "port": { + "number": 80 + } + } + } + } + ] + } + } + ] + } +} \ No newline at end of file diff --git a/images/nginx-ingress/test/80.json b/images/nginx-ingress/test/80.json new file mode 100644 index 0000000..53b70ab --- /dev/null +++ b/images/nginx-ingress/test/80.json @@ -0,0 +1,33 @@ +{ + "port": 80, + "apiVersion": "networking.k8s.io/v1", + "kind": "Ingress", + "metadata": { + "name": "foo-external" + }, + "annotations": { + }, + "spec": { + "rules": [ + { + "host": "foo.example.com", + "http": { + "paths": [ + { + "path": "/", + "pathType": "Prefix", + "backend": { + "service": { + "name": "foo", + "port": { + "number": 80 + } + } + } + } + ] + } + } + ] + } +} \ No newline at end of file diff --git a/images/nginx-ingress/test/test.sh b/images/nginx-ingress/test/test.sh new file mode 100755 index 0000000..28e574c --- /dev/null +++ b/images/nginx-ingress/test/test.sh @@ -0,0 +1,6 @@ +#!/bin/bash + +set -xeuo pipefail + +cat 443.json|skatelet template -f ../service.conf.tmpl - +cat 80.json|skatelet template -f ../service.conf.tmpl - diff --git a/src/create.rs b/src/create.rs index 882b5c2..fd8e3a2 100644 --- a/src/create.rs +++ b/src/create.rs @@ -166,7 +166,7 @@ async fn create_node(args: CreateNodeArgs) -> Result<(), Box> { _ = conn.execute("sudo mkdir -p /var/lib/skate/ingress").await?; - _ = conn.execute("sudo podman rm -fa").await; + // _ = conn.execute("sudo podman rm -fa").await; setup_networking(&conn, &all_conns, &cluster, &node).await?; diff --git a/src/executor.rs b/src/executor.rs index cadaea8..773f751 100644 --- a/src/executor.rs +++ b/src/executor.rs @@ -208,6 +208,9 @@ impl DefaultExecutor { // set "port" key let mut json_ingress = serde_json::to_value(&ingress).map_err(|e| anyhow!(e).context("failed to serialize manifest to json"))?; json_ingress["port"] = json!(port); + // TODO - figure out how best to deal with fallback TLS certificates. + // Should we create a self signed every time? + json_ingress["baseDomain"] = json!("fallback.com"); let json_ingress_string = json_ingress.to_string();