In case some ingress have a syntax error in the snippet configuration,
the freshly generated configuration will not be reloaded to prevent tearing down existing rules.
Although, once inserted, this configuration is preventing from any other valid configuration to be inserted as it remains in the ingresses of the cluster.
To solve this problem, implement an optional validation webhook that simulates the addition of the ingress to be added together with the rest of ingresses.
In case the generated configuration is not validated by nginx, deny the insertion of the ingress.
In case certificates are mounted using kubernetes secrets, when those
changes, keys are automatically updated in the container volume, and the
controller reloads it using the filewatcher.
Related changes:
- Update vendors
- Extract useful functions to check configuration with an additional ingress
- Update documentation for validating webhook
- Add validating webhook examples
- Add a metric for each syntax check success and errors
- Add more certificate generation examples
Fixes broken L4 ExternalName services.
Details
---------
The `tcp_udp_balancer.lua` script checks if the property
`backend.service.spec["type"]` equals "ExternalName". If so,
the script does a DNS lookup on the name in order to configure
the backend configuration.
However, before this commit, the k8s `Service` data was
_not_ set on the `Backend` struct passed into the `tcp_udp_balancer.lua`
script and therefore the ExternalName check always returned false.
This commit fixes the issue by setting the `Service` field on
the `Backend` struct. This also requires adding a new field to the
`L4Backend` struct first, so that it's available to set on the `Backend`.
Adds the ability to create alternative backends. Alternative backends enable
traffic shaping by sharing a single location but routing to different
backends depending on the TrafficShapingPolicy defined by AlternativeBackends.
When the list of upstreams and servers are retrieved, we then call
mergeAlternativeBackends which iterates through the paths of every ingress
and checks if the backend supporting the path is a AlternativeBackend. If
so, we then iterate through the map of servers and find the real backend
that the AlternativeBackend should fall under. Once found, the
AlternativeBackend is embedded in the list of VirtualBackends for the real
backend.
If no matching real backend for a AlternativeBackend is found, then the
AlternativeBackend is deleted as it cannot be backed by any server.
Elvin Efendi
Kubernetes Prow Robot
Manuel Alejandro de Brito Fontes
reynaldi.wijaya
okryvoshapka-connyun
Thibault Jamet
Alex Kursell
Taoge
TaoGe
Alan J Castonguay
Sebastiaan Tammer
Kevin Pullin
ramnes
Maxime Ginters
Guihua Zhu
mikeweiwei
Conor Landry
Aarni Koskela