Merge branch 'fix-nodeport' of github.com:appscode/voyager into oauth

voyagermesh · Apr 6, 2018 · 0b5dfde · 0b5dfde
2 parents 1285754 + 32076f3
commit 0b5dfde
Show file tree

Hide file tree

Showing 5 changed files with 49 additions and 28 deletions.
diff --git a/hack/docker/voyager/templates/http-frontend.cfg b/hack/docker/voyager/templates/http-frontend.cfg
@@ -72,7 +72,7 @@ frontend {{ .FrontendName }}
 	acl is_proxy_https hdr(X-Forwarded-Proto) https
 
 	{{ range $host := .Hosts }}
-	{{ with $conditions := (host_acls $host.Host $.Port $.NodePort $.UseNodePort ) }}
+	{{ with $conditions := (host_acls $host.Host $.Port $.NodePort $.RedirectToPort $.UseNodePort ) }}
 	{{ range $cond := $conditions }}
 	{{ if $cond }}acl acl_{{ $host.Host | acl_name }} {{ $cond }}{{ end }}
 	{{ end }}
@@ -89,6 +89,7 @@ frontend {{ .FrontendName }}
 	{{ range $path := $host.Paths }}
 	{{ if $path.Path }}acl acl_{{ $host.Host | acl_name }}:{{ $path.Path | acl_name }} path_beg {{ $path.Path }}{{ end }}
 	{{ if $path.SSLRedirect }}
+	http-request replace-header Host ^(.*?)(:[0-9]+)?$ \1:{{ $.RedirectToPort }} if ! is_proxy_https {{ if $host.Host }}acl_{{ $host.Host | acl_name }}{{ end }}{{ if $path.Path }} acl_{{ $host.Host | acl_name }}:{{ $path.Path | acl_name }}{{ end }}
 	redirect scheme https code 308 if ! is_proxy_https {{ if $host.Host }}acl_{{ $host.Host | acl_name }}{{ end }}{{ if $path.Path }} acl_{{ $host.Host | acl_name }}:{{ $path.Path | acl_name }}{{ end }}
 	{{ end }}
 	{{ if $path.Backend }}

diff --git a/pkg/haproxy/api/types.go b/pkg/haproxy/api/types.go
@@ -70,15 +70,16 @@ type StatsInfo struct {
 type HTTPService struct {
 	*SharedInfo
 
-	FrontendName  string
-	Address       string
-	Port          int
-	NodePort      int32
-	OffloadSSL    bool
-	FrontendRules []string
-	BasicAuth     *BasicAuth
-	TLSAuth       *TLSAuth
-	Hosts         []*HTTPHost
+	FrontendName   string
+	Address        string
+	Port           int
+	NodePort       int32
+	RedirectToPort int32
+	OffloadSSL     bool
+	FrontendRules  []string
+	BasicAuth      *BasicAuth
+	TLSAuth        *TLSAuth
+	Hosts          []*HTTPHost
 }
 
 func (svc *HTTPService) RemoveBackendAuth() {

diff --git a/pkg/haproxy/template/template.go b/pkg/haproxy/template/template.go
@@ -37,7 +37,7 @@ func HeaderName(v string) string {
 	return v[:index]
 }
 
-func HostACLs(host string, port int, nodePort int32, useNodePort bool) []string {
+func HostACLs(host string, port int, nodePort, redirectToPort int32, useNodePort bool) []string {
 	var conditions []string
 	host = strings.TrimSpace(host)
 
@@ -51,6 +51,11 @@ func HostACLs(host string, port int, nodePort int32, useNodePort bool) []string
 			conditions = append(conditions, hostMatcher(fmt.Sprintf("%s:%d", host, port)))
 		}
 	}
+
+	if port == 80 && redirectToPort > 0 {
+		conditions = append(conditions, hostMatcher(fmt.Sprintf("%s:%d", host, redirectToPort)))
+	}
+
 	return conditions
 }
 

diff --git a/pkg/ingress/nodeport.go b/pkg/ingress/nodeport.go
@@ -142,6 +142,15 @@ func (c *nodePortController) Reconcile() error {
 			err,
 		)
 		return errors.WithStack(err)
+	} else if err = c.waitForNodePortAssignment(); err != nil {
+		c.recorder.Eventf(
+			c.Ingress.ObjectReference(),
+			core.EventTypeWarning,
+			eventer.EventReasonIngressServiceReconcileFailed,
+			"Timeout waiting for NodePort assignment, %s",
+			err.Error(),
+		)
+		return errors.WithStack(err)
 	} else if err = c.EnsureFirewall(svc); err != nil {
 		c.recorder.Eventf(
 			c.Ingress.ObjectReference(),

diff --git a/pkg/ingress/parser.go b/pkg/ingress/parser.go
@@ -252,16 +252,7 @@ func (c *controller) generateConfig() error {
 	}
 
 	var td hpi.TemplateData
-
-	var nodePortSvc *core.Service
-	if c.Ingress.LBType() == api.LBTypeNodePort {
-		var err error
-		nodePortSvc, err = c.KubeClient.CoreV1().Services(c.Ingress.GetNamespace()).Get(c.Ingress.OffshootName(), metav1.GetOptions{})
-		if err != nil {
-			return err
-		}
-	}
-
+
 	si := &hpi.SharedInfo{
 		CORSConfig: hpi.CORSConfig{
 			CORSEnabled:          c.Ingress.EnableCORS(),
@@ -436,13 +427,6 @@ func (c *controller) generateConfig() error {
 			}
 			info.OffloadSSL = offloadSSL
 
-			if c.Ingress.LBType() == api.LBTypeNodePort && nodePortSvc != nil {
-				for _, port := range nodePortSvc.Spec.Ports {
-					if port.Port == int32(binder.Port) {
-						info.NodePort = port.NodePort
-					}
-				}
-			}
 			httpPaths := info.Hosts[rule.Host]
 			for pi, path := range rule.HTTP.Paths {
 				bk, err := c.serviceEndpoints(dnsResolvers, userLists, path.Backend.ServiceName, path.Backend.ServicePort, path.Backend.HostNames)
@@ -819,6 +803,27 @@ func (c *controller) generateConfig() error {
 		td.UserLists = append(td.UserLists, userLists[k])
 	}
 
+	if c.Ingress.LBType() == api.LBTypeNodePort {
+		nodePortSvc, err := c.KubeClient.CoreV1().Services(c.Ingress.GetNamespace()).Get(c.Ingress.OffshootName(), metav1.GetOptions{})
+		if err != nil {
+			return err
+		}
+		portMapping := make(map[int32]int32)
+		for _, port := range nodePortSvc.Spec.Ports {
+			portMapping[port.Port] = port.NodePort
+		}
+		for _, svc := range td.HTTPService {
+			svc.NodePort = portMapping[int32(svc.Port)]
+			if svc.Port == 80 {
+				if svc.UseNodePort {
+					svc.RedirectToPort = portMapping[443]
+				} else {
+					svc.RedirectToPort = 443
+				}
+			}
+		}
+	}
+
 	c.logger.Debugf("Rendering haproxy.cfg for Ingress %s/%s using data: %s", c.Ingress.Namespace, c.Ingress.Name, td)
 	if cfg, err := template.RenderConfig(td); err != nil {
 		return err