Skip to content

Commit

Permalink
Remove redundant newlines in generated v1 configuration (#4699)
Browse files Browse the repository at this point in the history
  • Loading branch information
@oseoin
oseoin authored Nov 25, 2023
1 parent 046ef03 commit 40979b3
Show file tree
Hide file tree
Showing 8 changed files with 619 additions and 621 deletions.
137 changes: 69 additions & 68 deletions internal/configs/version1/nginx-plus.ingress.tmpl
View file
Original file line number Diff line number Diff line change
@@ -1,16 +1,16 @@
{{- /*gotype: github.com/nginxinc/kubernetes-ingress/internal/configs/version1.IngressNginxConfig*/ -}}
# configuration for {{.Ingress.Namespace}}/{{.Ingress.Name}}
{{range $upstream := .Upstreams}}
{{- range $upstream := .Upstreams}}
upstream {{$upstream.Name}} {
zone {{$upstream.Name}} {{if ne $upstream.UpstreamZoneSize "0"}}{{$upstream.UpstreamZoneSize}}{{else}}512k{{end}};
{{if $upstream.LBMethod }}{{$upstream.LBMethod}};{{end}}
{{range $server := $upstream.UpstreamServers}}
{{- if $upstream.LBMethod }}{{$upstream.LBMethod}};{{end}}
{{- range $server := $upstream.UpstreamServers}}
server {{$server.Address}} max_fails={{$server.MaxFails}} fail_timeout={{$server.FailTimeout}} max_conns={{$server.MaxConns}}
{{- if $server.SlowStart}} slow_start={{$server.SlowStart}}{{end}}{{if $server.Resolve}} resolve{{end}};{{end}}
{{if $upstream.StickyCookie}}
{{- if $upstream.StickyCookie}}
sticky cookie {{$upstream.StickyCookie}};
{{end}}
{{if $.Keepalive}}keepalive {{$.Keepalive}};{{end}}
{{- end}}
{{- if $.Keepalive}}keepalive {{$.Keepalive}};{{end}}
{{- if $upstream.UpstreamServers -}}
{{- if $upstream.Queue}}
queue {{$upstream.Queue}} timeout={{$upstream.QueueTimeout}}s;
Expand All @@ -21,46 +21,46 @@ upstream {{$upstream.Name}} {

{{range $server := .Servers}}
server {
{{if $server.SpiffeCerts}}
{{- if $server.SpiffeCerts}}
listen 443 ssl;
{{if not $server.DisableIPV6}}listen [::]:443 ssl;{{end}}
{{- if not $server.DisableIPV6}}listen [::]:443 ssl;{{end}}
ssl_certificate /etc/nginx/secrets/spiffe_cert.pem;
ssl_certificate_key /etc/nginx/secrets/spiffe_key.pem;
{{else}}
{{if not $server.GRPCOnly}}
{{range $port := $server.Ports}}
{{- else}}
{{- if not $server.GRPCOnly}}
{{- range $port := $server.Ports}}
listen {{$port}}{{if $server.ProxyProtocol}} proxy_protocol{{end}};
{{if not $server.DisableIPV6}}listen [::]:{{$port}}{{if $server.ProxyProtocol}} proxy_protocol{{end}};{{end}}
{{- if not $server.DisableIPV6}}listen [::]:{{$port}}{{if $server.ProxyProtocol}} proxy_protocol{{end}};{{end}}
{{- end}}
{{- end}}
{{end}}

{{if $server.SSL}}
{{if $server.TLSPassthrough}}
{{- if $server.SSL}}
{{- if $server.TLSPassthrough}}
listen unix:/var/lib/nginx/passthrough-https.sock ssl proxy_protocol;
set_real_ip_from unix:;
real_ip_header proxy_protocol;
{{else}}
{{- else}}
{{- range $port := $server.SSLPorts}}
listen {{$port}} ssl{{if $server.ProxyProtocol}} proxy_protocol{{end}};
{{if not $server.DisableIPV6}}listen [::]:{{$port}} ssl{{if $server.ProxyProtocol}} proxy_protocol{{end}};{{end}}
{{- if not $server.DisableIPV6}}listen [::]:{{$port}} ssl{{if $server.ProxyProtocol}} proxy_protocol{{end}};{{end}}
{{- end}}
{{end}}
{{if $server.HTTP2}}
{{- end}}
{{- if $server.HTTP2}}
http2 on;
{{end}}
{{if $server.SSLRejectHandshake}}
{{- end}}
{{- if $server.SSLRejectHandshake}}
ssl_reject_handshake on;
{{else}}
{{- else}}
ssl_certificate {{$server.SSLCertificate}};
ssl_certificate_key {{$server.SSLCertificateKey}};
{{end}}
{{end}}
{{end}}
{{- end}}
{{- end}}
{{- end}}

{{range $setRealIPFrom := $server.SetRealIPFrom}}
{{- range $setRealIPFrom := $server.SetRealIPFrom}}
set_real_ip_from {{$setRealIPFrom}};{{end}}
{{if $server.RealIPHeader}}real_ip_header {{$server.RealIPHeader}};{{end}}
{{if $server.RealIPRecursive}}real_ip_recursive on;{{end}}
{{- if $server.RealIPHeader}}real_ip_header {{$server.RealIPHeader}};{{end}}
{{- if $server.RealIPRecursive}}real_ip_recursive on;{{end}}

server_tokens "{{$server.ServerTokens}}";

Expand Down Expand Up @@ -104,34 +104,34 @@ server {
{{- end}}

{{if not $server.GRPCOnly}}
{{range $proxyHideHeader := $server.ProxyHideHeaders}}
{{- range $proxyHideHeader := $server.ProxyHideHeaders}}
proxy_hide_header {{$proxyHideHeader}};{{end}}
{{range $proxyPassHeader := $server.ProxyPassHeaders}}
{{- range $proxyPassHeader := $server.ProxyPassHeaders}}
proxy_pass_header {{$proxyPassHeader}};{{end}}
{{end}}
{{- end}}

{{- if and $server.HSTS (or $server.SSL $server.HSTSBehindProxy)}}
set $hsts_header_val "";
proxy_hide_header Strict-Transport-Security;
{{- if $server.HSTSBehindProxy}}
if ($http_x_forwarded_proto = 'https') {
{{else}}
{{- else}}
if ($https = on) {
{{- end}}
set $hsts_header_val "max-age={{$server.HSTSMaxAge}}; {{if $server.HSTSIncludeSubdomains}}includeSubDomains; {{end}}preload";
}

add_header Strict-Transport-Security "$hsts_header_val" always;
{{end}}
{{- end}}

{{if $server.SSL}}
{{if not $server.GRPCOnly}}
{{- if $server.SSL}}
{{- if not $server.GRPCOnly}}
{{- if $server.SSLRedirect}}
if ($scheme = http) {
return 301 https://$host:{{index $server.SSLPorts 0}}$request_uri;
}
{{- end}}
{{end}}
{{- end}}
{{- end}}

{{- if $server.RedirectToHTTPS}}
Expand All @@ -152,10 +152,10 @@ server {
{{- if $jwt.RedirectLocationName}}
error_page 401 {{$jwt.RedirectLocationName}};
{{end}}
{{end}}
{{- end}}

{{- if $server.ServerSnippets}}
{{range $value := $server.ServerSnippets}}
{{- range $value := $server.ServerSnippets}}
{{$value}}{{end}}
{{- end}}

Expand Down Expand Up @@ -184,13 +184,13 @@ server {
location {{ makeLocationPath $location $.Ingress.Annotations | printf }} {
set $service "{{$location.ServiceName}}";
status_zone "{{ $location.ServiceName }}";
{{with $location.MinionIngress}}
{{- with $location.MinionIngress}}
# location for minion {{$location.MinionIngress.Namespace}}/{{$location.MinionIngress.Name}}
set $resource_name "{{$location.MinionIngress.Name}}";
set $resource_namespace "{{$location.MinionIngress.Namespace}}";
{{end}}
{{if $location.GRPC}}
{{if not $server.GRPCOnly}}
{{- end}}
{{- if $location.GRPC}}
{{- if not $server.GRPCOnly}}
error_page 400 @grpcerror400;
error_page 401 @grpcerror401;
error_page 403 @grpcerror403;
Expand All @@ -204,17 +204,17 @@ server {
error_page 502 @grpcerror502;
error_page 503 @grpcerror503;
error_page 504 @grpcerror504;
{{end}}
{{- end}}

{{- if $location.LocationSnippets}}
{{range $value := $location.LocationSnippets}}
{{- range $value := $location.LocationSnippets}}
{{$value}}{{end}}
{{- end}}

{{with $jwt := $location.JWTAuth}}
{{- with $jwt := $location.JWTAuth}}
auth_jwt_key_file {{$jwt.Key}};
auth_jwt "{{.Realm}}"{{if $jwt.Token}} token={{$jwt.Token}}{{end}};
{{end}}
{{- end}}

{{- with $location.BasicAuth }}
auth_basic {{ printf "%q" .Realm }};
Expand All @@ -234,23 +234,23 @@ server {
{{- if $location.ProxyBufferSize}}
grpc_buffer_size {{$location.ProxyBufferSize}};
{{- end}}
{{if $.SpiffeClientCerts}}
{{- if $.SpiffeClientCerts}}
grpc_ssl_certificate /etc/nginx/secrets/spiffe_cert.pem;
grpc_ssl_certificate_key /etc/nginx/secrets/spiffe_key.pem;
grpc_ssl_trusted_certificate /etc/nginx/secrets/spiffe_rootca.pem;
grpc_ssl_server_name on;
grpc_ssl_verify on;
grpc_ssl_verify_depth 25;
grpc_ssl_name {{$location.ProxySSLName}};
{{end}}
{{if $location.SSL}}
{{- end}}
{{- if $location.SSL}}
grpc_pass grpcs://{{$location.Upstream.Name}};
{{else}}
{{- else}}
grpc_pass grpc://{{$location.Upstream.Name}};
{{end}}
{{else}}
{{- end}}
{{- else}}
proxy_http_version 1.1;
{{if $location.Websocket}}
{{- if $location.Websocket}}
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
{{- else}}
Expand All @@ -262,13 +262,13 @@ server {
{{$value}}{{end}}
{{- end}}

{{ with $jwt := $location.JWTAuth }}
{{- with $jwt := $location.JWTAuth }}
auth_jwt_key_file {{$jwt.Key}};
auth_jwt "{{.Realm}}"{{if $jwt.Token}} token={{$jwt.Token}}{{end}};
{{if $jwt.RedirectLocationName}}
{{- if $jwt.RedirectLocationName}}
error_page 401 {{$jwt.RedirectLocationName}};
{{end}}
{{end}}
{{- end}}
{{- end}}

{{- with $location.BasicAuth }}
auth_basic {{ printf "%q" .Realm }};
Expand All @@ -295,23 +295,24 @@ server {
{{- if $location.ProxyMaxTempFileSize}}
proxy_max_temp_file_size {{$location.ProxyMaxTempFileSize}};
{{- end}}
{{if $.SpiffeClientCerts}}
{{- if $.SpiffeClientCerts}}
proxy_ssl_certificate /etc/nginx/secrets/spiffe_cert.pem;
proxy_ssl_certificate_key /etc/nginx/secrets/spiffe_key.pem;
proxy_ssl_trusted_certificate /etc/nginx/secrets/spiffe_rootca.pem;
proxy_ssl_server_name on;
proxy_ssl_verify on;
proxy_ssl_verify_depth 25;
proxy_ssl_name {{$location.ProxySSLName}};
{{end}}
{{if $location.SSL}}
{{- end}}
{{- if $location.SSL}}
proxy_pass https://{{$location.Upstream.Name}}{{$location.Rewrite}};
{{else}}
{{- else}}
proxy_pass http://{{$location.Upstream.Name}}{{$location.Rewrite}};
{{end}}
{{end}}
}{{end}}
{{if $server.GRPCOnly}}
{{- end}}
{{- end}}
}
{{end -}}
{{- if $server.GRPCOnly}}
error_page 400 @grpcerror400;
error_page 401 @grpcerror401;
error_page 403 @grpcerror403;
Expand All @@ -325,8 +326,8 @@ server {
error_page 502 @grpcerror502;
error_page 503 @grpcerror503;
error_page 504 @grpcerror504;
{{end}}
{{if $server.HTTP2}}
{{- end}}
{{- if $server.HTTP2}}
location @grpcerror400 { default_type application/grpc; return 400 "\n"; }
location @grpcerror401 { default_type application/grpc; return 401 "\n"; }
location @grpcerror403 { default_type application/grpc; return 403 "\n"; }
Expand All @@ -340,5 +341,5 @@ server {
location @grpcerror502 { default_type application/grpc; return 502 "\n"; }
location @grpcerror503 { default_type application/grpc; return 503 "\n"; }
location @grpcerror504 { default_type application/grpc; return 504 "\n"; }
{{end}}
{{- end}}
}{{end}}
Loading

0 comments on commit 40979b3

Please sign in to comment.