Remove support for TCP and UDP services

cmd/nginx/flags.go

@@ -65,19 +65,6 @@ Takes the form "namespace/name". When used together with update-status, the
 controller mirrors the address of this service's endpoints to the load-balancer
 status of all Ingress objects it satisfies.`)
 
-		tcpConfigMapName = flags.String("tcp-services-configmap", "",
-			`Name of the ConfigMap containing the definition of the TCP services to expose.
-The key in the map indicates the external port to be used. The value is a
-reference to a Service in the form "namespace/name:port", where "port" can
-either be a port number or name. TCP ports 80 and 443 are reserved by the
-controller for servicing HTTP traffic.`)
-
-		udpConfigMapName = flags.String("udp-services-configmap", "",
-			`Name of the ConfigMap containing the definition of the UDP services to expose.
-The key in the map indicates the external port to be used. The value is a
-reference to a Service in the form "namespace/name:port", where "port" can
-either be a port name or number.`)
-
 		resyncPeriod = flags.Duration("sync-period", 0,
 			`Period at which the controller forces the repopulation of its local object stores. Disabled by default.`)
 
@@ -240,8 +227,6 @@ dynamic certificates functionality is enabled. Please check the flags --enable-s
 		DefaultService:              *defaultSvc,
 		Namespace:                   *watchNamespace,
 		ConfigMapName:               *configMap,
-		TCPConfigMapName:            *tcpConfigMapName,
-		UDPConfigMapName:            *udpConfigMapName,
 		DefaultSSLCertificate:       *defSSLCertificate,
 		DefaultHealthzURL:           *defHealthzURL,
 		PublishService:              *publishSvc,

internal/ingress/controller/config/config.go

@@ -692,8 +692,6 @@ type TemplateConfig struct {
 	Backends                    []*ingress.Backend
 	PassthroughBackends         []*ingress.SSLPassthroughBackend
 	Servers                     []*ingress.Server
-	TCPBackends                 []ingress.L4Service
-	UDPBackends                 []ingress.L4Service
 	HealthzURI                  string
 	CustomErrors                bool
 	Cfg                         Configuration

internal/ingress/controller/controller.go

@@ -21,7 +21,6 @@ import (
 	"math/rand"
 	"sort"
 	"strconv"
-	"strings"
 	"time"
 
 	"github.com/golang/glog"
@@ -61,11 +60,6 @@ type Configuration struct {
 
 	ForceNamespaceIsolation bool
 
-	// +optional
-	TCPConfigMapName string
-	// +optional
-	UDPConfigMapName string
-
 	DefaultHealthzURL     string
 	DefaultSSLCertificate string
 
@@ -160,8 +154,6 @@ func (n *NGINXController) syncIngress(interface{}) error {
 	pcfg := &ingress.Configuration{
 		Backends:              upstreams,
 		Servers:               servers,
-		TCPEndpoints:          n.getStreamServices(n.cfg.TCPConfigMapName, apiv1.ProtocolTCP),
-		UDPEndpoints:          n.getStreamServices(n.cfg.UDPConfigMapName, apiv1.ProtocolUDP),
 		PassthroughBackends:   passUpstreams,
 		BackendConfigChecksum: n.store.GetBackendConfiguration().Checksum,
 	}
@@ -225,136 +217,6 @@ func (n *NGINXController) syncIngress(interface{}) error {
 	return nil
 }
 
-func (n *NGINXController) getStreamServices(configmapName string, proto apiv1.Protocol) []ingress.L4Service {
-	if configmapName == "" {
-		return []ingress.L4Service{}
-	}
-	glog.V(3).Infof("Obtaining information about %v stream services from ConfigMap %q", proto, configmapName)
-
-	_, _, err := k8s.ParseNameNS(configmapName)
-	if err != nil {
-		glog.Errorf("Error parsing ConfigMap reference %q: %v", configmapName, err)
-		return []ingress.L4Service{}
-	}
-
-	configmap, err := n.store.GetConfigMap(configmapName)
-	if err != nil {
-		glog.Errorf("Error getting ConfigMap %q: %v", configmapName, err)
-		return []ingress.L4Service{}
-	}
-
-	var svcs []ingress.L4Service
-	var svcProxyProtocol ingress.ProxyProtocol
-
-	rp := []int{
-		n.cfg.ListenPorts.HTTP,
-		n.cfg.ListenPorts.HTTPS,
-		n.cfg.ListenPorts.SSLProxy,
-		n.cfg.ListenPorts.Status,
-		n.cfg.ListenPorts.Health,
-		n.cfg.ListenPorts.Default,
-	}
-	reserverdPorts := sets.NewInt(rp...)
-
-	// svcRef format: <(str)namespace>/<(str)service>:<(intstr)port>[:<("PROXY")decode>:<("PROXY")encode>]
-	for port, svcRef := range configmap.Data {
-		externalPort, err := strconv.Atoi(port)
-		if err != nil {
-			glog.Warningf("%q is not a valid %v port number", port, proto)
-			continue
-		}
-
-		if reserverdPorts.Has(externalPort) {
-			glog.Warningf("Port %d cannot be used for %v stream services. It is reserved for the Ingress controller.", externalPort, proto)
-			continue
-		}
-
-		nsSvcPort := strings.Split(svcRef, ":")
-		if len(nsSvcPort) < 2 {
-			glog.Warningf("Invalid Service reference %q for %v port %d", svcRef, proto, externalPort)
-			continue
-		}
-
-		nsName := nsSvcPort[0]
-		svcPort := nsSvcPort[1]
-		svcProxyProtocol.Decode = false
-		svcProxyProtocol.Encode = false
-
-		// Proxy Protocol is only compatible with TCP Services
-		if len(nsSvcPort) >= 3 && proto == apiv1.ProtocolTCP {
-			if len(nsSvcPort) >= 3 && strings.ToUpper(nsSvcPort[2]) == "PROXY" {
-				svcProxyProtocol.Decode = true
-			}
-			if len(nsSvcPort) == 4 && strings.ToUpper(nsSvcPort[3]) == "PROXY" {
-				svcProxyProtocol.Encode = true
-			}
-		}
-
-		svcNs, svcName, err := k8s.ParseNameNS(nsName)
-		if err != nil {
-			glog.Warningf("%v", err)
-			continue
-		}
-
-		svc, err := n.store.GetService(nsName)
-		if err != nil {
-			glog.Warningf("Error getting Service %q: %v", nsName, err)
-			continue
-		}
-
-		var endps []ingress.Endpoint
-		targetPort, err := strconv.Atoi(svcPort)
-		if err != nil {
-			// not a port number, fall back to using port name
-			glog.V(3).Infof("Searching Endpoints with %v port name %q for Service %q", proto, svcPort, nsName)
-			for _, sp := range svc.Spec.Ports {
-				if sp.Name == svcPort {
-					if sp.Protocol == proto {
-						endps = getEndpoints(svc, &sp, proto, &healthcheck.Config{}, n.store.GetServiceEndpoints)
-						break
-					}
-				}
-			}
-		} else {
-			glog.V(3).Infof("Searching Endpoints with %v port number %d for Service %q", proto, targetPort, nsName)
-			for _, sp := range svc.Spec.Ports {
-				if sp.Port == int32(targetPort) {
-					if sp.Protocol == proto {
-						endps = getEndpoints(svc, &sp, proto, &healthcheck.Config{}, n.store.GetServiceEndpoints)
-						break
-					}
-				}
-			}
-		}
-
-		// stream services cannot contain empty upstreams and there is
-		// no default backend equivalent
-		if len(endps) == 0 {
-			glog.Warningf("Service %q does not have any active Endpoint for %v port %v", nsName, proto, svcPort)
-			continue
-		}
-
-		svcs = append(svcs, ingress.L4Service{
-			Port: externalPort,
-			Backend: ingress.L4Backend{
-				Name:          svcName,
-				Namespace:     svcNs,
-				Port:          intstr.FromString(svcPort),
-				Protocol:      proto,
-				ProxyProtocol: svcProxyProtocol,
-			},
-			Endpoints: endps,
-		})
-	}
-
-	// Keep upstream order sorted to reduce unnecessary nginx config reloads.
-	sort.SliceStable(svcs, func(i, j int) bool {
-		return svcs[i].Port < svcs[j].Port
-	})
-
-	return svcs
-}
-
 // getDefaultUpstream returns the upstream associated with the default backend.
 // Configures the upstream to return HTTP code 503 in case of error.
 func (n *NGINXController) getDefaultUpstream() *ingress.Backend {

internal/ingress/controller/nginx.go

@@ -112,8 +112,6 @@ func NewNGINXController(config *Configuration, mc metric.Collector, fs file.File
 		config.EnableSSLChainCompletion,
 		config.Namespace,
 		config.ConfigMapName,
-		config.TCPConfigMapName,
-		config.UDPConfigMapName,
 		config.DefaultSSLCertificate,
 		config.ResyncPeriod,
 		config.Client,
@@ -580,8 +578,6 @@ func (n *NGINXController) OnUpdate(ingressCfg ingress.Configuration) error {
 		Backends:                    ingressCfg.Backends,
 		PassthroughBackends:         ingressCfg.PassthroughBackends,
 		Servers:                     ingressCfg.Servers,
-		TCPBackends:                 ingressCfg.TCPEndpoints,
-		UDPBackends:                 ingressCfg.UDPEndpoints,
 		HealthzURI:                  ngxHealthPath,
 		CustomErrors:                len(cfg.CustomHTTPErrors) > 0,
 		Cfg:                         cfg,

internal/ingress/controller/store/store.go

@@ -218,7 +218,7 @@ type k8sStore struct {
 
 // New creates a new object store to be used in the ingress controller
 func New(checkOCSP bool,
-	namespace, configmap, tcp, udp, defaultSSLCertificate string,
+	namespace, configmap, defaultSSLCertificate string,
 	resyncPeriod time.Duration,
 	client clientset.Interface,
 	fs file.Filesystem,
@@ -473,7 +473,7 @@ func New(checkOCSP bool,
 			cm := obj.(*corev1.ConfigMap)
 			key := k8s.MetaNamespaceKey(cm)
 			// updates to configuration configmaps can trigger an update
-			if key == configmap || key == tcp || key == udp {
+			if key == configmap {
 				recorder.Eventf(cm, corev1.EventTypeNormal, "CREATE", fmt.Sprintf("ConfigMap %v", key))
 				if key == configmap {
 					store.setConfig(cm)
@@ -489,7 +489,7 @@ func New(checkOCSP bool,
 				cm := cur.(*corev1.ConfigMap)
 				key := k8s.MetaNamespaceKey(cm)
 				// updates to configuration configmaps can trigger an update
-				if key == configmap || key == tcp || key == udp {
+				if key == configmap {
 					recorder.Eventf(cm, corev1.EventTypeNormal, "UPDATE", fmt.Sprintf("ConfigMap %v", key))
 					if key == configmap {
 						store.setConfig(cm)

internal/ingress/controller/store/store_test.go

@@ -32,6 +32,7 @@ import (
 
 	"encoding/base64"
 	"io/ioutil"
+
 	"k8s.io/api/core/v1"
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/kubernetes/fake"
@@ -62,8 +63,6 @@ func TestStore(t *testing.T) {
 		storer := New(true,
 			ns,
 			fmt.Sprintf("%v/config", ns),
-			fmt.Sprintf("%v/tcp", ns),
-			fmt.Sprintf("%v/udp", ns),
 			"",
 			10*time.Minute,
 			clientSet,
@@ -150,8 +149,6 @@ func TestStore(t *testing.T) {
 		storer := New(true,
 			ns,
 			fmt.Sprintf("%v/config", ns),
-			fmt.Sprintf("%v/tcp", ns),
-			fmt.Sprintf("%v/udp", ns),
 			"",
 			10*time.Minute,
 			clientSet,
@@ -298,8 +295,6 @@ func TestStore(t *testing.T) {
 		storer := New(true,
 			ns,
 			fmt.Sprintf("%v/config", ns),
-			fmt.Sprintf("%v/tcp", ns),
-			fmt.Sprintf("%v/udp", ns),
 			"",
 			10*time.Minute,
 			clientSet,
@@ -387,8 +382,6 @@ func TestStore(t *testing.T) {
 		storer := New(true,
 			ns,
 			fmt.Sprintf("%v/config", ns),
-			fmt.Sprintf("%v/tcp", ns),
-			fmt.Sprintf("%v/udp", ns),
 			"",
 			10*time.Minute,
 			clientSet,
@@ -499,8 +492,6 @@ func TestStore(t *testing.T) {
 		storer := New(true,
 			ns,
 			fmt.Sprintf("%v/config", ns),
-			fmt.Sprintf("%v/tcp", ns),
-			fmt.Sprintf("%v/udp", ns),
 			"",
 			10*time.Minute,
 			clientSet,

internal/ingress/types.go

@@ -53,12 +53,6 @@ type Configuration struct {
 	Backends []*Backend `json:"backends,omitempty"`
 	// Servers
 	Servers []*Server `json:"servers,omitempty"`
-	// TCPEndpoints contain endpoints for tcp streams handled by this backend
-	// +optional
-	TCPEndpoints []L4Service `json:"tcpEndpoints,omitempty"`
-	// UDPEndpoints contain endpoints for udp streams handled by this backend
-	// +optional
-	UDPEndpoints []L4Service `json:"udpEndpoints,omitempty"`
 	// PassthroughBackend contains the backends used for SSL passthrough.
 	// It contains information about the associated Server Name Indication (SNI).
 	// +optional

internal/ingress/types_equals.go

@@ -53,44 +53,6 @@ func (c1 *Configuration) Equal(c2 *Configuration) bool {
 		}
 	}
 
-	if len(c1.TCPEndpoints) != len(c2.TCPEndpoints) {
-		return false
-	}
-
-	for _, tcp1 := range c1.TCPEndpoints {
-		found := false
-		for _, tcp2 := range c2.TCPEndpoints {
-			if (&tcp1).Equal(&tcp2) {
-				found = true
-				break
-			}
-		}
-		if !found {
-			return false
-		}
-	}
-
-	if len(c1.UDPEndpoints) != len(c2.UDPEndpoints) {
-		return false
-	}
-
-	for _, udp1 := range c1.UDPEndpoints {
-		found := false
-		for _, udp2 := range c2.UDPEndpoints {
-			if (&udp1).Equal(&udp2) {
-				found = true
-				break
-			}
-		}
-		if !found {
-			return false
-		}
-	}
-
-	if len(c1.PassthroughBackends) != len(c2.PassthroughBackends) {
-		return false
-	}
-
 	for _, ptb1 := range c1.PassthroughBackends {
 		found := false
 		for _, ptb2 := range c2.PassthroughBackends {