forked from STRRL/cloudflare-tunnel-ingress-controller
/
transform.go
123 lines (99 loc) 路 3.3 KB
/
transform.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
package controller
import (
"context"
"fmt"
"strings"
"sigs.k8s.io/controller-runtime/pkg/client"
"github.com/go-logr/logr"
"github.com/oliverbaehler/cloudflare-tunnel-ingress-controller/pkg/exposure"
"github.com/pkg/errors"
v1 "k8s.io/api/core/v1"
networkingv1 "k8s.io/api/networking/v1"
"k8s.io/apimachinery/pkg/types"
)
var (
host string
)
func FromIngressToExposure(ctx context.Context, logger logr.Logger, kubeClient client.Client, ingress networkingv1.Ingress) ([]exposure.Exposure, error) {
isDeleted := false
if ingress.DeletionTimestamp != nil {
isDeleted = true
}
if len(ingress.Spec.TLS) > 0 {
logger.Info("ingress has tls specified, SSL Passthrough is not supported, it will be ignored.")
}
var result []exposure.Exposure
for _, rule := range ingress.Spec.Rules {
if rule.Host == "" {
return nil, errors.Errorf("host in ingress %s/%s is empty", ingress.GetNamespace(), ingress.GetName())
}
hostname := rule.Host
scheme := "http"
if backendProtocol, ok := getAnnotation(ingress.Annotations, AnnotationBackendProtocol); ok {
scheme = backendProtocol
}
cfg, err := annotationProperties(ingress.Annotations)
if err != nil {
return nil, errors.Wrap(err, "parse annotation properties")
}
for _, path := range rule.HTTP.Paths {
namespacedName := types.NamespacedName{
Namespace: ingress.GetNamespace(),
Name: path.Backend.Service.Name,
}
service := v1.Service{}
err := kubeClient.Get(ctx, namespacedName, &service)
if err != nil {
return nil, errors.Wrapf(err, "fetch service %s", namespacedName)
}
// Consider External Service
if service.Spec.ExternalName != "" {
host = service.Spec.ExternalName
} else {
if service.Spec.ClusterIP == "" {
return nil, errors.Errorf("service %s has no cluster ip", namespacedName)
}
if service.Spec.ClusterIP == "None" {
return nil, errors.Errorf("service %s has None for cluster ip, headless service is not supported", namespacedName)
}
host = service.Spec.ClusterIP
}
var port int32
if path.Backend.Service.Port.Name != "" {
ok, extractedPort := getPortWithName(service.Spec.Ports, path.Backend.Service.Port.Name)
if !ok {
return nil, errors.Errorf("service %s has no port named %s", namespacedName, path.Backend.Service.Port.Name)
}
port = extractedPort
} else {
port = path.Backend.Service.Port.Number
}
// TODO: support other path types
if path.PathType == nil {
return nil, errors.Errorf("path type in ingress %s/%s is nil", ingress.GetNamespace(), ingress.GetName())
}
if *path.PathType != networkingv1.PathTypePrefix {
return nil, errors.Errorf("path type in ingress %s/%s is %s, which is not supported", ingress.GetNamespace(), ingress.GetName(), *path.PathType)
}
// Target
target := fmt.Sprintf("%s://%s:%d", scheme, host, port)
// TLS Verification
if strings.HasPrefix(target, "https://") {
if cfg.NoTLSVerify == nil {
cfg.NoTLSVerify = boolPointer(true)
}
}
// Overwrite Host Header with target
cfg.HTTPHostHeader = &hostname
pathPrefix := path.Path
result = append(result, exposure.Exposure{
Hostname: hostname,
ServiceTarget: target,
PathPrefix: pathPrefix,
IsDeleted: isDeleted,
OriginRequest: *cfg,
})
}
}
return result, nil
}