Improve nginx controller performance

kubernetes · Aug 26, 2017 · fabe37b · fabe37b
1 parent 6d0243a
commit fabe37b
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 31 deletions.
diff --git a/controllers/nginx/pkg/cmd/controller/nginx.go b/controllers/nginx/pkg/cmd/controller/nginx.go
@@ -164,6 +164,8 @@ type NGINXController struct {
 	proxy *proxy
 
 	ports *config.ListenPorts
+
+	backendDefaults defaults.Backend
 }
 
 // Start start a new NGINX master process running in foreground.
@@ -223,12 +225,7 @@ func (n *NGINXController) start(cmd *exec.Cmd, done chan error) {
 
 // BackendDefaults returns the nginx defaults
 func (n NGINXController) BackendDefaults() defaults.Backend {
-	if n.configmap == nil {
-		d := config.NewDefault()
-		return d.Backend
-	}
-
-	return ngx_template.ReadConfig(n.configmap.Data).Backend
+	return n.backendDefaults
 }
 
 // printDiff returns the difference between the running configuration
@@ -423,6 +420,7 @@ func (n *NGINXController) SetConfig(cmap *api_v1.ConfigMap) {
 
 	n.isProxyProtocolEnabled = false
 	if cmap == nil {
+		n.backendDefaults = config.NewDefault().Backend
 		return
 	}
 
@@ -434,6 +432,8 @@ func (n *NGINXController) SetConfig(cmap *api_v1.ConfigMap) {
 			return
 		}
 	}
+
+	n.backendDefaults = ngx_template.ReadConfig(n.configmap.Data).Backend
 }
 
 // SetListers sets the configured store listers in the generic ingress controller

diff --git a/core/pkg/ingress/controller/controller.go b/core/pkg/ingress/controller/controller.go
@@ -19,7 +19,6 @@ package controller
 import (
 	"fmt"
 	"math/rand"
-	"os"
 	"reflect"
 	"sort"
 	"strconv"
@@ -42,7 +41,6 @@ import (
 	"k8s.io/client-go/tools/cache"
 	"k8s.io/client-go/tools/record"
 	"k8s.io/client-go/util/flowcontrol"
-	"k8s.io/ingress/core/pkg/file"
 	"k8s.io/ingress/core/pkg/ingress"
 	"k8s.io/ingress/core/pkg/ingress/annotations/class"
 	"k8s.io/ingress/core/pkg/ingress/annotations/healthcheck"
@@ -62,12 +60,17 @@ const (
 	defUpstreamName = "upstream-default-backend"
 	defServerName   = "_"
 	rootLocation    = "/"
+
+	fakeCertificate = "default-fake-certificate"
 )
 
 var (
 	// list of ports that cannot be used by TCP or UDP services
 	reservedPorts = []string{"80", "443", "8181", "18080"}
 
+	fakeCertificatePath = ""
+	fakeCertificateSHA  = ""
+
 	cloner = conversion.NewCloner()
 )
 
@@ -1051,32 +1054,12 @@ func (ic *GenericController) createServers(data []interface{},
 		NextUpstream:   bdef.ProxyNextUpstream,
 	}
 
-	// This adds the Default Certificate to Default Backend (or generates a new self signed one)
-	var defaultPemFileName, defaultPemSHA string
+	defaultPemFileName := fakeCertificatePath
+	defaultPemSHA := fakeCertificateSHA
 
 	// Tries to fetch the default Certificate. If it does not exists, generate a new self signed one.
 	defaultCertificate, err := ic.getPemCertificate(ic.cfg.DefaultSSLCertificate)
-	if err != nil {
-		// This means the Default Secret does not exists, so we will create a new one.
-		fakeCertificate := "default-fake-certificate"
-		fakeCertificatePath := fmt.Sprintf("%v/%v.pem", ingress.DefaultSSLDirectory, fakeCertificate)
-
-		// Only generates a new certificate if it doesn't exists physically
-		_, err = os.Stat(fakeCertificatePath)
-		if err != nil {
-			glog.V(3).Infof("No Default SSL Certificate found. Generating a new one")
-			defCert, defKey := ssl.GetFakeSSLCert()
-			defaultCertificate, err = ssl.AddOrUpdateCertAndKey(fakeCertificate, defCert, defKey, []byte{})
-			if err != nil {
-				glog.Fatalf("Error generating self signed certificate: %v", err)
-			}
-			defaultPemFileName = defaultCertificate.PemFileName
-			defaultPemSHA = defaultCertificate.PemSHA
-		} else {
-			defaultPemFileName = fakeCertificatePath
-			defaultPemSHA = file.SHA1(fakeCertificatePath)
-		}
-	} else {
+	if err == nil {
 		defaultPemFileName = defaultCertificate.PemFileName
 		defaultPemSHA = defaultCertificate.PemSHA
 	}
@@ -1362,6 +1345,8 @@ func (ic GenericController) Start() {
 		}
 	}
 
+	createDefaultSSLCertificate()
+
 	go ic.syncQueue.Run(time.Second, ic.stopCh)
 
 	if ic.syncStatus != nil {
@@ -1370,3 +1355,14 @@ func (ic GenericController) Start() {
 
 	<-ic.stopCh
 }
+
+func createDefaultSSLCertificate() {
+	defCert, defKey := ssl.GetFakeSSLCert()
+	c, err := ssl.AddOrUpdateCertAndKey(fakeCertificate, defCert, defKey, []byte{})
+	if err != nil {
+		glog.Fatalf("Error generating self signed certificate: %v", err)
+	}
+
+	fakeCertificateSHA = c.PemSHA
+	fakeCertificatePath = c.PemFileName
+}