Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Lua plugin system - MVP #3807

Merged
merged 1 commit into from Apr 4, 2019
Merged

Conversation

@ElvinEfendi
Copy link
Member

ElvinEfendi commented Feb 25, 2019

What this PR does / why we need it:

This is more of an experiment at the moment! The PR implements basics of enabling and running trusted custom Lua code in different Nginx phases.

What's a plugin?
A plugin is set of Lua modules placed in /etc/nginx/lua/plugins/<plugin name>/. Every plugin has to have main.lua in the root. Every plugin has to bundle all of its dependencies. For now you can manually mount your plugins into that folder.

How to configure a plugin?
In main.lua implement rewrite, access, header or log functions to run your code in the corresponding Nginx phases. For an example check hello_world plugin included with this PR.

How to enable and set the order of my plugins?
In order to enable plugins you have to use a custom template. In your custom template change the argument of plugins.init({}) with the plugin names you would like to enable. The order will be respected when running the plugins. That's all.

Can I enable a plugin for a specific app?
Currently no, your plugin will be executed for every app. What you can do is, condition your logic on ngx.var.proxy_upstream_name that uniquely identifies your app and apply it to a specific app only.

Which issue this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close that issue when PR gets merged): fixes #

Special notes for your reviewer:

@ElvinEfendi ElvinEfendi changed the title lua plugin system [wip] lua plugin system Feb 25, 2019
@k8s-ci-robot k8s-ci-robot requested review from aledbf and bowei Feb 25, 2019
@ElvinEfendi ElvinEfendi force-pushed the ElvinEfendi:lua-plugin-system branch from 4d06660 to 4351ccd Feb 25, 2019
@@ -1021,6 +1030,10 @@ stream {
{{ end }}

rewrite_by_lua_block {
-- for the plugins enabled for this location
-- in this phase, run the like following

This comment has been minimized.

Copy link
@ElvinEfendi

ElvinEfendi Feb 25, 2019

Author Member

one can argue that the plugin itself knows better where it should be run - so maybe make this part of the plugin?

but on the other side there can be plugins that can be run in any phase maybe? and you'd wanna run it only in certain phase for your app

This comment has been minimized.

Copy link
@ElvinEfendi

ElvinEfendi Feb 25, 2019

Author Member

another question is do we wanna have two different apps configure the same plugin in different phases?

probably not

This comment has been minimized.

Copy link
@ElvinEfendi

ElvinEfendi Feb 25, 2019

Author Member

maybe it's better to have plugins to define their public API based on phase name
and have plugin runner to check whether there's a function defined for the given phase in the given plugin and if so then run it.

with this then the controller won't have to care about what plugin is enabled in what phase and instead if would call plugins.run with the all enabled plugins regardless of the phase for the location.

the cons is this will add an overhead of iterating through plugins and checking which one has implementation for the given phase - but is this really a concern given it's not realistic for an app to enable thousands of plugins.

This comment has been minimized.

Copy link
@wayt

wayt Apr 3, 2019

Contributor

I think it makes sense to declare the phase a plugin must be run into the plugin definition itself (CRD).
or by using an exported array with phase list or having a separate function for each phase.

@discordianfish

This comment has been minimized.

Copy link
Contributor

discordianfish commented Mar 27, 2019

Nice!
@ElvinEfendi Are you still working on this? Or is this ready to get reviewed?

@ElvinEfendi

This comment has been minimized.

Copy link
Member Author

ElvinEfendi commented Mar 27, 2019

@discordianfish still WIP, not ready for reviews yet

@ElvinEfendi

This comment has been minimized.

Copy link
Member Author

ElvinEfendi commented Mar 27, 2019

but it would be really helpful if you describe your use case and how you'd like to plug in (configure) your plugin :) things like would you like it per app, or globally per ingress-nginx deployment etc.

@discordianfish

This comment has been minimized.

Copy link
Contributor

discordianfish commented Mar 28, 2019

@ElvinEfendi Oh sure! I came here from #1850. We have an internal service that provides a JWT after logging in and I want to redirect to that service, get the JWT and then decide in the ingress controller to allow/deny access.

Would strongly prefer doing it per app/ingress, so I can have a single nginx-ingress deployment for public and JWT authenticated endpoints etc.

Happy to help where I can, just let me know!

@mdarii

This comment has been minimized.

Copy link

mdarii commented Mar 28, 2019

@ElvinEfendi do you have any ETA this feature could be ready?
I'm also interested in this feature

@ElvinEfendi ElvinEfendi force-pushed the ElvinEfendi:lua-plugin-system branch from 4351ccd to 7fe299e Apr 4, 2019
@ElvinEfendi ElvinEfendi force-pushed the ElvinEfendi:lua-plugin-system branch from 041b354 to 8f81538 Apr 4, 2019
@ElvinEfendi ElvinEfendi changed the title [wip] lua plugin system lua plugin system Apr 4, 2019
@ElvinEfendi ElvinEfendi changed the title lua plugin system lua plugin system - MVP Apr 4, 2019
@ElvinEfendi ElvinEfendi changed the title lua plugin system - MVP Lua plugin system - MVP Apr 4, 2019
@aledbf

This comment has been minimized.

Copy link
Member

aledbf commented Apr 4, 2019

/lgtm

@k8s-ci-robot

This comment has been minimized.

Copy link
Contributor

k8s-ci-robot commented Apr 4, 2019

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: aledbf, ElvinEfendi

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot merged commit acb36c0 into kubernetes:master Apr 4, 2019
2 of 3 checks passed
2 of 3 checks passed
tide Not mergeable. Job continuous-integration/travis-ci/pr has not succeeded.
Details
cla/linuxfoundation ElvinEfendi authorized
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
@ElvinEfendi ElvinEfendi deleted the ElvinEfendi:lua-plugin-system branch Apr 4, 2019
@aledbf

This comment has been minimized.

Copy link
Member

aledbf commented Apr 8, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
0.24.0
  
done
6 participants
You can’t perform that action at this time.