-
Notifications
You must be signed in to change notification settings - Fork 269
/
Copy pathcontroller.go
226 lines (189 loc) · 6.13 KB
/
controller.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
/*
Copyright 2015 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package controller
import (
"crypto/x509"
"fmt"
"sync"
"time"
"k8s.io/klog/v2"
apiv1 "k8s.io/api/core/v1"
networking "k8s.io/api/networking/v1"
v1core "k8s.io/client-go/kubernetes/typed/core/v1"
"k8s.io/client-go/tools/record"
"github.com/jcmoraisjr/haproxy-ingress/pkg/common/ingress"
"github.com/jcmoraisjr/haproxy-ingress/pkg/common/net/ssl"
"github.com/jcmoraisjr/haproxy-ingress/pkg/types"
)
// NewCtrlIntf is a temporary interface used by this generic and now
// deprecated controller to call functionality moved to the new controller.
type NewCtrlIntf interface {
GetIngressList() ([]*networking.Ingress, error)
GetSecret(name string) (*apiv1.Secret, error)
IsValidClass(ing *networking.Ingress) bool
}
// GenericController holds the boilerplate code required to build an Ingress controller.
type GenericController struct {
cfg *Configuration
newctrl NewCtrlIntf
syncStatus StatusSync
sslCertTracker *sslCertTracker
stopLock *sync.Mutex
stopCh chan struct{}
}
// Configuration contains all the settings required by an Ingress controller
type Configuration struct {
Client types.Client
MasterWorker bool
MasterSocket string
RateLimitUpdate float32
ReloadInterval time.Duration
ResyncPeriod time.Duration
WaitBeforeUpdate time.Duration
DefaultService string
IngressClass string
IngressClassPrecedence bool
ControllerName string
WatchIngressWithoutClass bool
WatchGateway bool
WatchNamespace string
ConfigMapName string
ReloadStrategy string
MaxOldConfigFiles int
ValidateConfig bool
LocalFSPrefix string
ForceNamespaceIsolation bool
WaitBeforeShutdown int
AllowCrossNamespace bool
DisablePodList bool
DisableExternalName bool
DisableConfigKeywords string
AnnPrefix []string
AcmeServer bool
AcmeCheckPeriod time.Duration
AcmeFailInitialDuration time.Duration
AcmeFailMaxDuration time.Duration
AcmeElectionID string
AcmeSecretKeyName string
AcmeTokenConfigmapName string
AcmeTrackTLSAnn bool
BucketsResponseTime []float64
TCPConfigMapName string
DefaultSSLCertificate string
VerifyHostname bool
DefaultHealthzURL string
StatsCollectProcPeriod time.Duration
PublishService string
TrackOldInstances bool
Backend ingress.Controller
UpdateStatus bool
UseNodeInternalIP bool
ElectionID string
UpdateStatusOnShutdown bool
BackendShards int
SortEndpointsBy string
EnableEndpointSlicesAPI bool
}
// newIngressController creates an Ingress controller
func newIngressController(config *Configuration) *GenericController {
eventBroadcaster := record.NewBroadcaster()
eventBroadcaster.StartLogging(klog.Infof)
eventBroadcaster.StartRecordingToSink(&v1core.EventSinkImpl{
Interface: config.Client.CoreV1().Events(config.WatchNamespace),
})
ic := GenericController{
cfg: config,
stopLock: &sync.Mutex{},
stopCh: make(chan struct{}),
sslCertTracker: newSSLCertTracker(),
}
if config.UpdateStatus {
ic.syncStatus = NewStatusSyncer(&ic)
} else {
klog.Warning("Update of ingress status is disabled (flag --update-status=false was specified)")
}
return &ic
}
// GetConfig expose the controller configuration
func (ic *GenericController) GetConfig() *Configuration {
return ic.cfg
}
// GetStopCh ...
func (ic *GenericController) GetStopCh() chan struct{} {
return ic.stopCh
}
// SetNewCtrl ...
func (ic *GenericController) SetNewCtrl(newctrl NewCtrlIntf) {
ic.newctrl = newctrl
}
// Info returns information about the backend
func (ic GenericController) Info() *ingress.BackendInfo {
return ic.cfg.Backend.Info()
}
// GetCertificate get a SSLCert object from a secret name
func (ic *GenericController) GetCertificate(namespace, secretName string) (*ingress.SSLCert, error) {
name := fmt.Sprintf("%s/%s", namespace, secretName)
crt, exists := ic.sslCertTracker.Get(name)
if !exists {
ic.SyncSecret(name)
crt, exists = ic.sslCertTracker.Get(name)
}
if exists {
return crt.(*ingress.SSLCert), nil
}
if _, err := ic.newctrl.GetSecret(name); err != nil {
return nil, err
}
return nil, fmt.Errorf("secret '%v' have neither ca.crt nor tls.crt/tls.key pair", name)
}
// UpdateSecret ...
func (ic GenericController) UpdateSecret(key string) {
if _, found := ic.sslCertTracker.Get(key); found {
ic.SyncSecret(key)
}
}
// DeleteSecret ...
func (ic GenericController) DeleteSecret(key string) {
ic.sslCertTracker.DeleteAll(key)
}
// Stop stops the loadbalancer controller.
func (ic GenericController) Stop() error {
ic.stopLock.Lock()
defer ic.stopLock.Unlock()
if ic.stopCh != nil {
klog.Infof("shutting down controller queues")
close(ic.stopCh)
if ic.syncStatus != nil {
ic.syncStatus.Shutdown()
}
return nil
}
return fmt.Errorf("shutdown already in progress")
}
// StartAsync starts the Ingress controller.
func (ic *GenericController) StartAsync() {
if ic.syncStatus != nil {
go ic.syncStatus.Run(ic.stopCh)
}
}
// CreateDefaultSSLCertificate ...
func (ic *GenericController) CreateDefaultSSLCertificate() (path, hash string, crt *x509.Certificate) {
defCert, defKey := ssl.GetFakeSSLCert(
[]string{"Acme Co"}, "Kubernetes Ingress Controller Fake Certificate", []string{"ingress.local"},
)
c, err := ssl.AddOrUpdateCertAndKey("default-fake-certificate", defCert, defKey, []byte{})
if err != nil {
klog.Exitf("Error generating self signed certificate: %v", err)
}
return c.PemFileName, c.PemSHA, c.Certificate
}