From bb8dc6e8d7d19758eaf4a87d5d5d57229758eddd Mon Sep 17 00:00:00 2001 From: Paulo Sousa Date: Tue, 29 Oct 2024 18:08:03 -0300 Subject: [PATCH] feat: use annotation to set target port HTTP on backend for HTTPS svc port --- controllers/nginx_controller.go | 1 + controllers/nginx_controller_test.go | 77 ++++++++++++++++++++++++++++ pkg/k8s/k8s.go | 11 +++- 3 files changed, 88 insertions(+), 1 deletion(-) diff --git a/controllers/nginx_controller.go b/controllers/nginx_controller.go index 955d7bbc..dc52faca 100644 --- a/controllers/nginx_controller.go +++ b/controllers/nginx_controller.go @@ -36,6 +36,7 @@ const ( gcpNetworkTierAnnotationKey = "cloud.google.com/network-tier" ociLoadBalancerTLSSecret = "service.beta.kubernetes.io/oci-load-balancer-tls-secret" ociLoadBalancerSSLPorts = "service.beta.kubernetes.io/oci-load-balancer-ssl-ports" + useHTTPSOverHTTPAnnotation = "nginx.tsuru.io/https-over-http" ) // NginxReconciler reconciles a Nginx object diff --git a/controllers/nginx_controller_test.go b/controllers/nginx_controller_test.go index d9d0662f..0712daf6 100644 --- a/controllers/nginx_controller_test.go +++ b/controllers/nginx_controller_test.go @@ -717,6 +717,83 @@ func TestNginxReconciler_reconcileService(t *testing.T) { "Normal ServiceUpdated service updated successfully", }, }, + { + name: "when using annotation for HTTPS port over HTTP target port", + nginx: &v1alpha1.Nginx{ + TypeMeta: metav1.TypeMeta{ + APIVersion: "extensions.tsuru.io/v1alpha1", + Kind: "Nginx", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "my-nginx", + Namespace: "default", + }, + Spec: v1alpha1.NginxSpec{ + Service: &v1alpha1.NginxService{ + Type: corev1.ServiceTypeClusterIP, + Annotations: map[string]string{ + useHTTPSOverHTTPAnnotation: "true", + }, + }, + }, + }, + service: &corev1.Service{ + TypeMeta: metav1.TypeMeta{ + APIVersion: "v1", + Kind: "Service", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "my-nginx-service", + Namespace: "default", + Annotations: map[string]string{}, + Labels: map[string]string{}, + }, + Spec: corev1.ServiceSpec{ + Type: corev1.ServiceTypeLoadBalancer, + ExternalTrafficPolicy: corev1.ServiceExternalTrafficPolicyTypeCluster, + ClusterIP: "10.1.1.10", + HealthCheckNodePort: int32(43123), + Ports: []corev1.ServicePort{ + { + Name: "https", + TargetPort: intstr.FromString("https"), + Protocol: corev1.ProtocolTCP, + Port: int32(443), + NodePort: int32(30667), + }, + { + Name: "http", + Protocol: corev1.ProtocolTCP, + TargetPort: intstr.FromString("http"), + Port: int32(80), + NodePort: int32(30666), + }, + }, + }, + }, + assertion: func(t *testing.T, err error, got *corev1.Service) { + assert.NoError(t, err) + assert.NotNil(t, got) + expectedPorts := []corev1.ServicePort{ + { + Name: "http", + TargetPort: intstr.FromString("http"), + Protocol: corev1.ProtocolTCP, + Port: int32(80), + }, + { + Name: "https", + TargetPort: intstr.FromString("http"), + Protocol: corev1.ProtocolTCP, + Port: int32(443), + }, + } + assert.Equal(t, expectedPorts, got.Spec.Ports) + }, + expectedEvents: []string{ + "Normal ServiceUpdated service updated successfully", + }, + }, { name: "when updating then nginx service, should keep resource finalizers", nginx: &v1alpha1.Nginx{ diff --git a/pkg/k8s/k8s.go b/pkg/k8s/k8s.go index 4e7c2baa..c36115c3 100644 --- a/pkg/k8s/k8s.go +++ b/pkg/k8s/k8s.go @@ -59,6 +59,8 @@ const ( // Annotation key used to stored the nginx that created the deployment generatedFromAnnotation = "nginx.tsuru.io/generated-from" + + useHTTPSOverHTTPAnnotation = "nginx.tsuru.io/https-over-http" ) var nginxEntrypoint = []string{ @@ -285,12 +287,19 @@ func fillPorts(n *v1alpha1.Nginx, t corev1.ServiceType) []corev1.ServicePort { { Name: defaultHTTPSPortName, Protocol: corev1.ProtocolTCP, - TargetPort: intstr.FromString(defaultHTTPSPortName), + TargetPort: fillHTTPSTargetPort(n), Port: int32(443), }, } } +func fillHTTPSTargetPort(n *v1alpha1.Nginx) intstr.IntOrString { + if n.Spec.Service != nil && n.Spec.Service.Annotations != nil && n.Spec.Service.Annotations[useHTTPSOverHTTPAnnotation] == "true" { + return intstr.FromString(defaultHTTPPortName) + } + return intstr.FromString(defaultHTTPSPortName) +} + func nginxService(n *v1alpha1.Nginx) corev1.ServiceType { if n == nil || n.Spec.Service == nil { return corev1.ServiceTypeClusterIP