Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove redundant newlines in generated v1 configuration #4699

Merged
merged 7 commits into from
Nov 25, 2023
Merged

Remove redundant newlines in generated v1 configuration #4699

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
f1bfc78
newline cleanup for ingress
oseoin Nov 23, 2023
87da966
Merge branch 'main' into tmpl-newline-cleanup
oseoin Nov 23, 2023
a9226e6
newline cleanup for v2 templates
oseoin Nov 23, 2023
2c9168c
Merge branch 'main' into tmpl-newline-cleanup
oseoin Nov 23, 2023
cd36226
Merge branch 'main' into tmpl-newline-cleanup
oseoin Nov 23, 2023
2d788e2
Merge branch 'main' into tmpl-newline-cleanup
oseoin Nov 24, 2023
75d2bf3
Merge branch 'main' into tmpl-newline-cleanup
jjngx Nov 25, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
137 changes: 69 additions & 68 deletions internal/configs/version1/nginx-plus.ingress.tmpl
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,16 +1,16 @@
{{- /*gotype: github.com/nginxinc/kubernetes-ingress/internal/configs/version1.IngressNginxConfig*/ -}}
# configuration for {{.Ingress.Namespace}}/{{.Ingress.Name}}
{{range $upstream := .Upstreams}}
{{- range $upstream := .Upstreams}}
upstream {{$upstream.Name}} {
zone {{$upstream.Name}} {{if ne $upstream.UpstreamZoneSize "0"}}{{$upstream.UpstreamZoneSize}}{{else}}512k{{end}};
{{if $upstream.LBMethod }}{{$upstream.LBMethod}};{{end}}
{{range $server := $upstream.UpstreamServers}}
{{- if $upstream.LBMethod }}{{$upstream.LBMethod}};{{end}}
{{- range $server := $upstream.UpstreamServers}}
server {{$server.Address}} max_fails={{$server.MaxFails}} fail_timeout={{$server.FailTimeout}} max_conns={{$server.MaxConns}}
{{- if $server.SlowStart}} slow_start={{$server.SlowStart}}{{end}}{{if $server.Resolve}} resolve{{end}};{{end}}
{{if $upstream.StickyCookie}}
{{- if $upstream.StickyCookie}}
sticky cookie {{$upstream.StickyCookie}};
{{end}}
{{if $.Keepalive}}keepalive {{$.Keepalive}};{{end}}
{{- end}}
{{- if $.Keepalive}}keepalive {{$.Keepalive}};{{end}}
{{- if $upstream.UpstreamServers -}}
{{- if $upstream.Queue}}
queue {{$upstream.Queue}} timeout={{$upstream.QueueTimeout}}s;
Expand All @@ -21,46 +21,46 @@ upstream {{$upstream.Name}} {

{{range $server := .Servers}}
server {
{{if $server.SpiffeCerts}}
{{- if $server.SpiffeCerts}}
listen 443 ssl;
{{if not $server.DisableIPV6}}listen [::]:443 ssl;{{end}}
{{- if not $server.DisableIPV6}}listen [::]:443 ssl;{{end}}
ssl_certificate /etc/nginx/secrets/spiffe_cert.pem;
ssl_certificate_key /etc/nginx/secrets/spiffe_key.pem;
{{else}}
{{if not $server.GRPCOnly}}
{{range $port := $server.Ports}}
{{- else}}
{{- if not $server.GRPCOnly}}
{{- range $port := $server.Ports}}
listen {{$port}}{{if $server.ProxyProtocol}} proxy_protocol{{end}};
{{if not $server.DisableIPV6}}listen [::]:{{$port}}{{if $server.ProxyProtocol}} proxy_protocol{{end}};{{end}}
{{- if not $server.DisableIPV6}}listen [::]:{{$port}}{{if $server.ProxyProtocol}} proxy_protocol{{end}};{{end}}
{{- end}}
{{- end}}
{{end}}

{{if $server.SSL}}
{{if $server.TLSPassthrough}}
{{- if $server.SSL}}
{{- if $server.TLSPassthrough}}
listen unix:/var/lib/nginx/passthrough-https.sock ssl proxy_protocol;
set_real_ip_from unix:;
real_ip_header proxy_protocol;
{{else}}
{{- else}}
{{- range $port := $server.SSLPorts}}
listen {{$port}} ssl{{if $server.ProxyProtocol}} proxy_protocol{{end}};
{{if not $server.DisableIPV6}}listen [::]:{{$port}} ssl{{if $server.ProxyProtocol}} proxy_protocol{{end}};{{end}}
{{- if not $server.DisableIPV6}}listen [::]:{{$port}} ssl{{if $server.ProxyProtocol}} proxy_protocol{{end}};{{end}}
{{- end}}
{{end}}
{{if $server.HTTP2}}
{{- end}}
{{- if $server.HTTP2}}
http2 on;
{{end}}
{{if $server.SSLRejectHandshake}}
{{- end}}
{{- if $server.SSLRejectHandshake}}
ssl_reject_handshake on;
{{else}}
{{- else}}
ssl_certificate {{$server.SSLCertificate}};
ssl_certificate_key {{$server.SSLCertificateKey}};
{{end}}
{{end}}
{{end}}
{{- end}}
{{- end}}
{{- end}}

{{range $setRealIPFrom := $server.SetRealIPFrom}}
{{- range $setRealIPFrom := $server.SetRealIPFrom}}
set_real_ip_from {{$setRealIPFrom}};{{end}}
{{if $server.RealIPHeader}}real_ip_header {{$server.RealIPHeader}};{{end}}
{{if $server.RealIPRecursive}}real_ip_recursive on;{{end}}
{{- if $server.RealIPHeader}}real_ip_header {{$server.RealIPHeader}};{{end}}
{{- if $server.RealIPRecursive}}real_ip_recursive on;{{end}}

server_tokens "{{$server.ServerTokens}}";

Expand Down Expand Up @@ -104,34 +104,34 @@ server {
{{- end}}

{{if not $server.GRPCOnly}}
{{range $proxyHideHeader := $server.ProxyHideHeaders}}
{{- range $proxyHideHeader := $server.ProxyHideHeaders}}
proxy_hide_header {{$proxyHideHeader}};{{end}}
{{range $proxyPassHeader := $server.ProxyPassHeaders}}
{{- range $proxyPassHeader := $server.ProxyPassHeaders}}
proxy_pass_header {{$proxyPassHeader}};{{end}}
{{end}}
{{- end}}

{{- if and $server.HSTS (or $server.SSL $server.HSTSBehindProxy)}}
set $hsts_header_val "";
proxy_hide_header Strict-Transport-Security;
{{- if $server.HSTSBehindProxy}}
if ($http_x_forwarded_proto = 'https') {
{{else}}
{{- else}}
if ($https = on) {
{{- end}}
set $hsts_header_val "max-age={{$server.HSTSMaxAge}}; {{if $server.HSTSIncludeSubdomains}}includeSubDomains; {{end}}preload";
}

add_header Strict-Transport-Security "$hsts_header_val" always;
{{end}}
{{- end}}

{{if $server.SSL}}
{{if not $server.GRPCOnly}}
{{- if $server.SSL}}
{{- if not $server.GRPCOnly}}
{{- if $server.SSLRedirect}}
if ($scheme = http) {
return 301 https://$host:{{index $server.SSLPorts 0}}$request_uri;
}
{{- end}}
{{end}}
{{- end}}
{{- end}}

{{- if $server.RedirectToHTTPS}}
Expand All @@ -152,10 +152,10 @@ server {
{{- if $jwt.RedirectLocationName}}
error_page 401 {{$jwt.RedirectLocationName}};
{{end}}
{{end}}
{{- end}}

{{- if $server.ServerSnippets}}
{{range $value := $server.ServerSnippets}}
{{- range $value := $server.ServerSnippets}}
{{$value}}{{end}}
{{- end}}

Expand Down Expand Up @@ -184,13 +184,13 @@ server {
location {{ makeLocationPath $location $.Ingress.Annotations | printf }} {
set $service "{{$location.ServiceName}}";
status_zone "{{ $location.ServiceName }}";
{{with $location.MinionIngress}}
{{- with $location.MinionIngress}}
# location for minion {{$location.MinionIngress.Namespace}}/{{$location.MinionIngress.Name}}
set $resource_name "{{$location.MinionIngress.Name}}";
set $resource_namespace "{{$location.MinionIngress.Namespace}}";
{{end}}
{{if $location.GRPC}}
{{if not $server.GRPCOnly}}
{{- end}}
{{- if $location.GRPC}}
{{- if not $server.GRPCOnly}}
error_page 400 @grpcerror400;
error_page 401 @grpcerror401;
error_page 403 @grpcerror403;
Expand All @@ -204,17 +204,17 @@ server {
error_page 502 @grpcerror502;
error_page 503 @grpcerror503;
error_page 504 @grpcerror504;
{{end}}
{{- end}}

{{- if $location.LocationSnippets}}
{{range $value := $location.LocationSnippets}}
{{- range $value := $location.LocationSnippets}}
{{$value}}{{end}}
{{- end}}

{{with $jwt := $location.JWTAuth}}
{{- with $jwt := $location.JWTAuth}}
auth_jwt_key_file {{$jwt.Key}};
auth_jwt "{{.Realm}}"{{if $jwt.Token}} token={{$jwt.Token}}{{end}};
{{end}}
{{- end}}

{{- with $location.BasicAuth }}
auth_basic {{ printf "%q" .Realm }};
Expand All @@ -234,23 +234,23 @@ server {
{{- if $location.ProxyBufferSize}}
grpc_buffer_size {{$location.ProxyBufferSize}};
{{- end}}
{{if $.SpiffeClientCerts}}
{{- if $.SpiffeClientCerts}}
grpc_ssl_certificate /etc/nginx/secrets/spiffe_cert.pem;
grpc_ssl_certificate_key /etc/nginx/secrets/spiffe_key.pem;
grpc_ssl_trusted_certificate /etc/nginx/secrets/spiffe_rootca.pem;
grpc_ssl_server_name on;
grpc_ssl_verify on;
grpc_ssl_verify_depth 25;
grpc_ssl_name {{$location.ProxySSLName}};
{{end}}
{{if $location.SSL}}
{{- end}}
{{- if $location.SSL}}
grpc_pass grpcs://{{$location.Upstream.Name}};
{{else}}
{{- else}}
grpc_pass grpc://{{$location.Upstream.Name}};
{{end}}
{{else}}
{{- end}}
{{- else}}
proxy_http_version 1.1;
{{if $location.Websocket}}
{{- if $location.Websocket}}
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
{{- else}}
Expand All @@ -262,13 +262,13 @@ server {
{{$value}}{{end}}
{{- end}}

{{ with $jwt := $location.JWTAuth }}
{{- with $jwt := $location.JWTAuth }}
auth_jwt_key_file {{$jwt.Key}};
auth_jwt "{{.Realm}}"{{if $jwt.Token}} token={{$jwt.Token}}{{end}};
{{if $jwt.RedirectLocationName}}
{{- if $jwt.RedirectLocationName}}
error_page 401 {{$jwt.RedirectLocationName}};
{{end}}
{{end}}
{{- end}}
{{- end}}

{{- with $location.BasicAuth }}
auth_basic {{ printf "%q" .Realm }};
Expand All @@ -295,23 +295,24 @@ server {
{{- if $location.ProxyMaxTempFileSize}}
proxy_max_temp_file_size {{$location.ProxyMaxTempFileSize}};
{{- end}}
{{if $.SpiffeClientCerts}}
{{- if $.SpiffeClientCerts}}
proxy_ssl_certificate /etc/nginx/secrets/spiffe_cert.pem;
proxy_ssl_certificate_key /etc/nginx/secrets/spiffe_key.pem;
proxy_ssl_trusted_certificate /etc/nginx/secrets/spiffe_rootca.pem;
proxy_ssl_server_name on;
proxy_ssl_verify on;
proxy_ssl_verify_depth 25;
proxy_ssl_name {{$location.ProxySSLName}};
{{end}}
{{if $location.SSL}}
{{- end}}
{{- if $location.SSL}}
proxy_pass https://{{$location.Upstream.Name}}{{$location.Rewrite}};
{{else}}
{{- else}}
proxy_pass http://{{$location.Upstream.Name}}{{$location.Rewrite}};
{{end}}
{{end}}
}{{end}}
{{if $server.GRPCOnly}}
{{- end}}
{{- end}}
}
{{end -}}
{{- if $server.GRPCOnly}}
error_page 400 @grpcerror400;
error_page 401 @grpcerror401;
error_page 403 @grpcerror403;
Expand All @@ -325,8 +326,8 @@ server {
error_page 502 @grpcerror502;
error_page 503 @grpcerror503;
error_page 504 @grpcerror504;
{{end}}
{{if $server.HTTP2}}
{{- end}}
{{- if $server.HTTP2}}
location @grpcerror400 { default_type application/grpc; return 400 "\n"; }
location @grpcerror401 { default_type application/grpc; return 401 "\n"; }
location @grpcerror403 { default_type application/grpc; return 403 "\n"; }
Expand All @@ -340,5 +341,5 @@ server {
location @grpcerror502 { default_type application/grpc; return 502 "\n"; }
location @grpcerror503 { default_type application/grpc; return 503 "\n"; }
location @grpcerror504 { default_type application/grpc; return 504 "\n"; }
{{end}}
{{- end}}
}{{end}}