From ddcffd6e0d8915919f10852eefde59f66e1018dd Mon Sep 17 00:00:00 2001 From: Paul Abel Date: Wed, 6 Dec 2023 17:32:21 +0000 Subject: [PATCH 1/5] add AppProtect version to pod label --- cmd/nginx-ingress/main.go | 31 +++++++++++++++++++++++++++---- 1 file changed, 27 insertions(+), 4 deletions(-) diff --git a/cmd/nginx-ingress/main.go b/cmd/nginx-ingress/main.go index d9373c5ae7..e57206995f 100644 --- a/cmd/nginx-ingress/main.go +++ b/cmd/nginx-ingress/main.go @@ -43,8 +43,10 @@ import ( var version string const ( - nginxVersionLabel = "app.nginx.org/version" - versionLabel = "app.kubernetes.io/version" + nginxVersionLabel = "app.nginx.org/version" + versionLabel = "app.kubernetes.io/version" + appProtectVersionLabel = "appprotect.f5.com/version" + appProtectVersionPath = "/opt/app_protect/VERSION" ) func main() { @@ -71,7 +73,12 @@ func main() { nginxVersion := getNginxVersionInfo(nginxManager) - updateSelfWithVersionInfo(kubeClient, version, nginxVersion) + var appProtectVersion string + if *appProtect { + appProtectVersion = getAppProtectVersionInfo() + } + + updateSelfWithVersionInfo(kubeClient, version, nginxVersion, appProtectVersion) templateExecutor, templateExecutorV2 := createTemplateExecutors() @@ -402,6 +409,19 @@ func getNginxVersionInfo(nginxManager nginx.Manager) string { return nginxVersion } +func getAppProtectVersionInfo() string { + if _, err := os.Stat(appProtectVersionPath); err != nil { + glog.Fatalf("Cannot find AppProtect VERSION file %v", appProtectVersionPath) + } + v, err := os.ReadFile(appProtectVersionPath) + if err != nil { + glog.Fatalf("Cannot open AppProtect VERSION file %v", appProtectVersionPath) + } + version := strings.TrimSpace(string(v)) + glog.Infof("Using AppProtect Version %s", version) + return version +} + func startApAgentsAndPlugins(nginxManager nginx.Manager) (chan error, chan error) { var aPPluginDone chan error @@ -766,7 +786,7 @@ func processConfigMaps(kubeClient *kubernetes.Clientset, cfgParams *configs.Conf return cfgParams } -func updateSelfWithVersionInfo(kubeClient *kubernetes.Clientset, version string, nginxVersion string) { +func updateSelfWithVersionInfo(kubeClient *kubernetes.Clientset, version string, nginxVersion string, appProtectVersion string) { pod, err := kubeClient.CoreV1().Pods(os.Getenv("POD_NAMESPACE")).Get(context.TODO(), os.Getenv("POD_NAME"), meta_v1.GetOptions{}) if err != nil { glog.Errorf("Error getting pod: %v", err) @@ -783,6 +803,9 @@ func updateSelfWithVersionInfo(kubeClient *kubernetes.Clientset, version string, replacer := strings.NewReplacer(" ", "-", "(", "", ")", "") nginxVer = replacer.Replace(nginxVer) labels[nginxVersionLabel] = nginxVer + if appProtectVersion != "" { + labels[appProtectVersionLabel] = appProtectVersion + } labels[versionLabel] = strings.TrimPrefix(version, "v") newPod.ObjectMeta.Labels = labels From 7f91d89c98ec5db9c3d5060c38546349cd8e1bb0 Mon Sep 17 00:00:00 2001 From: Paul Abel Date: Wed, 6 Dec 2023 17:41:19 +0000 Subject: [PATCH 2/5] include version for AppProtect Dos --- cmd/nginx-ingress/main.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/nginx-ingress/main.go b/cmd/nginx-ingress/main.go index e57206995f..a95da6027b 100644 --- a/cmd/nginx-ingress/main.go +++ b/cmd/nginx-ingress/main.go @@ -74,7 +74,7 @@ func main() { nginxVersion := getNginxVersionInfo(nginxManager) var appProtectVersion string - if *appProtect { + if *appProtect || *appProtectDos { appProtectVersion = getAppProtectVersionInfo() } From e69798cc0e66c0fb2a5afa98e8115b887bc39a95 Mon Sep 17 00:00:00 2001 From: Paul Abel Date: Thu, 7 Dec 2023 10:59:26 +0000 Subject: [PATCH 3/5] simplify file open error logic --- cmd/nginx-ingress/main.go | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/cmd/nginx-ingress/main.go b/cmd/nginx-ingress/main.go index a95da6027b..d9276dfd8d 100644 --- a/cmd/nginx-ingress/main.go +++ b/cmd/nginx-ingress/main.go @@ -410,12 +410,9 @@ func getNginxVersionInfo(nginxManager nginx.Manager) string { } func getAppProtectVersionInfo() string { - if _, err := os.Stat(appProtectVersionPath); err != nil { - glog.Fatalf("Cannot find AppProtect VERSION file %v", appProtectVersionPath) - } v, err := os.ReadFile(appProtectVersionPath) if err != nil { - glog.Fatalf("Cannot open AppProtect VERSION file %v", appProtectVersionPath) + glog.Fatalf("Cannot read AppProtect VERSION file, %s", err.Error()) } version := strings.TrimSpace(string(v)) glog.Infof("Using AppProtect Version %s", version) From a158afb16be94b730f8f855fc3735d6a2aa4caf1 Mon Sep 17 00:00:00 2001 From: Paul Abel Date: Thu, 7 Dec 2023 11:11:22 +0000 Subject: [PATCH 4/5] remove DOS check --- cmd/nginx-ingress/main.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/nginx-ingress/main.go b/cmd/nginx-ingress/main.go index d9276dfd8d..071b68ab08 100644 --- a/cmd/nginx-ingress/main.go +++ b/cmd/nginx-ingress/main.go @@ -74,7 +74,7 @@ func main() { nginxVersion := getNginxVersionInfo(nginxManager) var appProtectVersion string - if *appProtect || *appProtectDos { + if *appProtect { appProtectVersion = getAppProtectVersionInfo() } From d06a4fbe0bec3f3b27b893d5cd4172e4b6d86a9d Mon Sep 17 00:00:00 2001 From: Paul Abel Date: Fri, 8 Dec 2023 09:18:58 +0000 Subject: [PATCH 5/5] reword AppProtect fail message --- cmd/nginx-ingress/main.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/nginx-ingress/main.go b/cmd/nginx-ingress/main.go index 071b68ab08..1ff67bcd25 100644 --- a/cmd/nginx-ingress/main.go +++ b/cmd/nginx-ingress/main.go @@ -412,7 +412,7 @@ func getNginxVersionInfo(nginxManager nginx.Manager) string { func getAppProtectVersionInfo() string { v, err := os.ReadFile(appProtectVersionPath) if err != nil { - glog.Fatalf("Cannot read AppProtect VERSION file, %s", err.Error()) + glog.Fatalf("Cannot detect the AppProtect version, %s", err.Error()) } version := strings.TrimSpace(string(v)) glog.Infof("Using AppProtect Version %s", version)