From b303c5918a363fd22a87e3ebeb11bce0f77d16e1 Mon Sep 17 00:00:00 2001 From: dean-coakley Date: Thu, 21 Jun 2018 13:55:42 +0100 Subject: [PATCH] Prefetch ConfigMap ConfigMap is applied to the NGINX Config before Config is generated This removes the need for additional NGINX Config generations on startup --- .gitignore | 4 + nginx-controller/controller/controller.go | 255 +-------------------- nginx-controller/main.go | 26 ++- nginx-controller/nginx/config.go | 259 ++++++++++++++++++++++ nginx-controller/nginx/configurator.go | 20 +- nginx-controller/nginx/nginx.go | 8 - 6 files changed, 306 insertions(+), 266 deletions(-) diff --git a/.gitignore b/.gitignore index c7a0295301..e0cecce55f 100644 --- a/.gitignore +++ b/.gitignore @@ -28,6 +28,10 @@ osx-nginx-plus-ingress nginx-plus-ingress nginx-controller/nginx-controller +# Ingress Controller templates +nginx-controller/nginx-plus.ingress.tmpl +nginx-controller/nginx-plus.tmpl + # NGINX Plus license files *.crt *.key diff --git a/nginx-controller/controller/controller.go b/nginx-controller/controller/controller.go index a2ba755377..738f3e01bf 100644 --- a/nginx-controller/controller/controller.go +++ b/nginx-controller/controller/controller.go @@ -433,256 +433,7 @@ func (lbc *LoadBalancerController) syncCfgm(task Task) { if cfgmExists { cfgm := obj.(*api_v1.ConfigMap) - - if serverTokens, exists, err := nginx.GetMapKeyAsBool(cfgm.Data, "server-tokens", cfgm); exists { - if err != nil { - if lbc.nginxPlus { - cfg.ServerTokens = cfgm.Data["server-tokens"] - } else { - glog.Error(err) - } - } else { - cfg.ServerTokens = "off" - if serverTokens { - cfg.ServerTokens = "on" - } - } - } - - if lbMethod, exists := cfgm.Data["lb-method"]; exists { - if lbc.nginxPlus { - if parsedMethod, err := nginx.ParseLBMethodForPlus(lbMethod); err != nil { - glog.Errorf("Configmap %s/%s: Invalid value for the lb-method key: got %q: %v", cfgm.GetNamespace(), cfgm.GetName(), lbMethod, err) - } else { - cfg.LBMethod = parsedMethod - } - } else { - if parsedMethod, err := nginx.ParseLBMethod(lbMethod); err != nil { - glog.Errorf("Configmap %s/%s: Invalid value for the lb-method key: got %q: %v", cfgm.GetNamespace(), cfgm.GetName(), lbMethod, err) - } else { - cfg.LBMethod = parsedMethod - } - } - } - - if proxyConnectTimeout, exists := cfgm.Data["proxy-connect-timeout"]; exists { - cfg.ProxyConnectTimeout = proxyConnectTimeout - } - if proxyReadTimeout, exists := cfgm.Data["proxy-read-timeout"]; exists { - cfg.ProxyReadTimeout = proxyReadTimeout - } - if proxyHideHeaders, exists, err := nginx.GetMapKeyAsStringSlice(cfgm.Data, "proxy-hide-headers", cfgm, ","); exists { - if err != nil { - glog.Error(err) - } else { - cfg.ProxyHideHeaders = proxyHideHeaders - } - } - if proxyPassHeaders, exists, err := nginx.GetMapKeyAsStringSlice(cfgm.Data, "proxy-pass-headers", cfgm, ","); exists { - if err != nil { - glog.Error(err) - } else { - cfg.ProxyPassHeaders = proxyPassHeaders - } - } - if clientMaxBodySize, exists := cfgm.Data["client-max-body-size"]; exists { - cfg.ClientMaxBodySize = clientMaxBodySize - } - if serverNamesHashBucketSize, exists := cfgm.Data["server-names-hash-bucket-size"]; exists { - cfg.MainServerNamesHashBucketSize = serverNamesHashBucketSize - } - if serverNamesHashMaxSize, exists := cfgm.Data["server-names-hash-max-size"]; exists { - cfg.MainServerNamesHashMaxSize = serverNamesHashMaxSize - } - if HTTP2, exists, err := nginx.GetMapKeyAsBool(cfgm.Data, "http2", cfgm); exists { - if err != nil { - glog.Error(err) - } else { - cfg.HTTP2 = HTTP2 - } - } - if redirectToHTTPS, exists, err := nginx.GetMapKeyAsBool(cfgm.Data, "redirect-to-https", cfgm); exists { - if err != nil { - glog.Error(err) - } else { - cfg.RedirectToHTTPS = redirectToHTTPS - } - } - if sslRedirect, exists, err := nginx.GetMapKeyAsBool(cfgm.Data, "ssl-redirect", cfgm); exists { - if err != nil { - glog.Error(err) - } else { - cfg.SSLRedirect = sslRedirect - } - } - - // HSTS block - if hsts, exists, err := nginx.GetMapKeyAsBool(cfgm.Data, "hsts", cfgm); exists { - if err != nil { - glog.Error(err) - } else { - parsingErrors := false - - hstsMaxAge, existsMA, err := nginx.GetMapKeyAsInt(cfgm.Data, "hsts-max-age", cfgm) - if existsMA && err != nil { - glog.Error(err) - parsingErrors = true - } - hstsIncludeSubdomains, existsIS, err := nginx.GetMapKeyAsBool(cfgm.Data, "hsts-include-subdomains", cfgm) - if existsIS && err != nil { - glog.Error(err) - parsingErrors = true - } - - if parsingErrors { - glog.Errorf("Configmap %s/%s: There are configuration issues with hsts annotations, skipping options for all hsts settings", cfgm.GetNamespace(), cfgm.GetName()) - } else { - cfg.HSTS = hsts - if existsMA { - cfg.HSTSMaxAge = hstsMaxAge - } - if existsIS { - cfg.HSTSIncludeSubdomains = hstsIncludeSubdomains - } - } - } - } - - if proxyProtocol, exists, err := nginx.GetMapKeyAsBool(cfgm.Data, "proxy-protocol", cfgm); exists { - if err != nil { - glog.Error(err) - } else { - cfg.ProxyProtocol = proxyProtocol - } - } - - // ngx_http_realip_module - if realIPHeader, exists := cfgm.Data["real-ip-header"]; exists { - cfg.RealIPHeader = realIPHeader - } - if setRealIPFrom, exists, err := nginx.GetMapKeyAsStringSlice(cfgm.Data, "set-real-ip-from", cfgm, ","); exists { - if err != nil { - glog.Error(err) - } else { - cfg.SetRealIPFrom = setRealIPFrom - } - } - if realIPRecursive, exists, err := nginx.GetMapKeyAsBool(cfgm.Data, "real-ip-recursive", cfgm); exists { - if err != nil { - glog.Error(err) - } else { - cfg.RealIPRecursive = realIPRecursive - } - } - - // SSL block - if sslProtocols, exists := cfgm.Data["ssl-protocols"]; exists { - cfg.MainServerSSLProtocols = sslProtocols - } - if sslPreferServerCiphers, exists, err := nginx.GetMapKeyAsBool(cfgm.Data, "ssl-prefer-server-ciphers", cfgm); exists { - if err != nil { - glog.Error(err) - } else { - cfg.MainServerSSLPreferServerCiphers = sslPreferServerCiphers - } - } - if sslCiphers, exists := cfgm.Data["ssl-ciphers"]; exists { - cfg.MainServerSSLCiphers = strings.Trim(sslCiphers, "\n") - } - if sslDHParamFile, exists := cfgm.Data["ssl-dhparam-file"]; exists { - sslDHParamFile = strings.Trim(sslDHParamFile, "\n") - fileName, err := lbc.cnf.AddOrUpdateDHParam(sslDHParamFile) - if err != nil { - glog.Errorf("Configmap %s/%s: Could not update dhparams: %v", cfgm.GetNamespace(), cfgm.GetName(), err) - } else { - cfg.MainServerSSLDHParam = fileName - } - } - - if logFormat, exists := cfgm.Data["log-format"]; exists { - cfg.MainLogFormat = logFormat - } - if proxyBuffering, exists, err := nginx.GetMapKeyAsBool(cfgm.Data, "proxy-buffering", cfgm); exists { - if err != nil { - glog.Error(err) - } else { - cfg.ProxyBuffering = proxyBuffering - } - } - if proxyBuffers, exists := cfgm.Data["proxy-buffers"]; exists { - cfg.ProxyBuffers = proxyBuffers - } - if proxyBufferSize, exists := cfgm.Data["proxy-buffer-size"]; exists { - cfg.ProxyBufferSize = proxyBufferSize - } - if proxyMaxTempFileSize, exists := cfgm.Data["proxy-max-temp-file-size"]; exists { - cfg.ProxyMaxTempFileSize = proxyMaxTempFileSize - } - - if mainMainSnippets, exists, err := nginx.GetMapKeyAsStringSlice(cfgm.Data, "main-snippets", cfgm, "\n"); exists { - if err != nil { - glog.Error(err) - } else { - cfg.MainMainSnippets = mainMainSnippets - } - } - if mainHTTPSnippets, exists, err := nginx.GetMapKeyAsStringSlice(cfgm.Data, "http-snippets", cfgm, "\n"); exists { - if err != nil { - glog.Error(err) - } else { - cfg.MainHTTPSnippets = mainHTTPSnippets - } - } - if locationSnippets, exists, err := nginx.GetMapKeyAsStringSlice(cfgm.Data, "location-snippets", cfgm, "\n"); exists { - if err != nil { - glog.Error(err) - } else { - cfg.LocationSnippets = locationSnippets - } - } - if serverSnippets, exists, err := nginx.GetMapKeyAsStringSlice(cfgm.Data, "server-snippets", cfgm, "\n"); exists { - if err != nil { - glog.Error(err) - } else { - cfg.ServerSnippets = serverSnippets - } - } - if _, exists, err := nginx.GetMapKeyAsInt(cfgm.Data, "worker-processes", cfgm); exists { - if err != nil && cfgm.Data["worker-processes"] != "auto" { - glog.Errorf("Configmap %s/%s: Invalid value for worker-processes key: must be an integer or the string 'auto', got %q", cfgm.GetNamespace(), cfgm.GetName(), cfgm.Data["worker-processes"]) - } else { - cfg.MainWorkerProcesses = cfgm.Data["worker-processes"] - } - } - if workerCPUAffinity, exists := cfgm.Data["worker-cpu-affinity"]; exists { - cfg.MainWorkerCPUAffinity = workerCPUAffinity - } - if workerShutdownTimeout, exists := cfgm.Data["worker-shutdown-timeout"]; exists { - cfg.MainWorkerShutdownTimeout = workerShutdownTimeout - } - if workerConnections, exists := cfgm.Data["worker-connections"]; exists { - cfg.MainWorkerConnections = workerConnections - } - if workerRlimitNofile, exists := cfgm.Data["worker-rlimit-nofile"]; exists { - cfg.MainWorkerRlimitNofile = workerRlimitNofile - } - if keepalive, exists, err := nginx.GetMapKeyAsInt(cfgm.Data, "keepalive", cfgm); exists { - if err != nil { - glog.Error(err) - } else { - cfg.Keepalive = keepalive - } - } - if maxFails, exists, err := nginx.GetMapKeyAsInt(cfgm.Data, "max-fails", cfgm); exists { - if err != nil { - glog.Error(err) - } else { - cfg.MaxFails = maxFails - } - } - if failTimeout, exists := cfgm.Data["fail-timeout"]; exists { - cfg.FailTimeout = failTimeout - } + cfg = nginx.ParseConfigMap(cfgm, lbc.nginxPlus) } mergeableIngresses := make(map[string]*nginx.MergeableIngresses) @@ -1277,9 +1028,9 @@ func (lbc *LoadBalancerController) isNginxIngress(ing *extensions.Ingress) bool return class == lbc.ingressClass } return class == lbc.ingressClass || class == "" - } else { - return !lbc.useIngressClassOnly } + return !lbc.useIngressClassOnly + } // isHealthCheckEnabled checks if health checks are enabled so we can only query pods if enabled. diff --git a/nginx-controller/main.go b/nginx-controller/main.go index 22290d7c9a..9980c3a76e 100644 --- a/nginx-controller/main.go +++ b/nginx-controller/main.go @@ -130,10 +130,32 @@ func main() { } } + cfg := nginx.NewDefaultConfig() + if *nginxConfigMaps != "" { + ns, name, err := controller.ParseNamespaceName(*nginxConfigMaps) + if err != nil { + glog.Fatalf("Error parsing the nginx-configmaps argument: %v", err) + } + cfm, err := kubeClient.CoreV1().ConfigMaps(ns).Get(name, meta_v1.GetOptions{}) + if err != nil { + glog.Fatalf("Error when getting %v: %v", *nginxConfigMaps, err) + } + cfg = nginx.ParseConfigMap(cfm, *nginxPlus) + if cfg.MainServerSSLDHParamFileContent != nil { + fileName, err := ngxc.AddOrUpdateDHParam(*cfg.MainServerSSLDHParamFileContent) + if err != nil { + glog.Fatalf("Configmap %s/%s: Could not update dhparams: %v", ns, name, err) + } else { + cfg.MainServerSSLDHParam = fileName + } + } + } + ngxConfig := nginx.GenerateNginxMainConfig(cfg) + ngxc.UpdateMainConfigFile(ngxConfig) + nginxDone := make(chan error, 1) ngxc.Start(nginxDone) - nginxConfig := nginx.NewDefaultConfig() var nginxAPI *plus.NginxAPIController if *nginxPlus { time.Sleep(500 * time.Millisecond) @@ -142,8 +164,8 @@ func main() { glog.Fatalf("Failed to create NginxAPIController: %v", err) } } - cnf := nginx.NewConfigurator(ngxc, nginxConfig, nginxAPI) + cnf := nginx.NewConfigurator(ngxc, cfg, nginxAPI) lbc := controller.NewLoadBalancerController(kubeClient, 30*time.Second, *watchNamespace, cnf, *nginxConfigMaps, *defaultServerSecret, *nginxPlus, *ingressClass, *useIngressClassOnly) go handleTermination(lbc, ngxc, nginxDone) lbc.Run() diff --git a/nginx-controller/nginx/config.go b/nginx-controller/nginx/config.go index f32ccb958a..84da7e292a 100644 --- a/nginx-controller/nginx/config.go +++ b/nginx-controller/nginx/config.go @@ -1,5 +1,13 @@ package nginx +import ( + "strings" + + "github.com/golang/glog" + + api_v1 "k8s.io/api/core/v1" +) + // Config holds NGINX configuration parameters type Config struct { LocationSnippets []string @@ -50,6 +58,7 @@ type Config struct { MainServerSSLPreferServerCiphers bool MainServerSSLCiphers string MainServerSSLDHParam string + MainServerSSLDHParamFileContent *string JWTRealm string JWTKey string @@ -80,3 +89,253 @@ func NewDefaultConfig() *Config { LBMethod: "least_conn", } } + +// ParseConfigMap Parse ConfigMap to Config +func ParseConfigMap(cfgm *api_v1.ConfigMap, nginxPlus bool) *Config { + cfg := NewDefaultConfig() + if serverTokens, exists, err := GetMapKeyAsBool(cfgm.Data, "server-tokens", cfgm); exists { + if err != nil { + if nginxPlus { + cfg.ServerTokens = cfgm.Data["server-tokens"] + } else { + glog.Error(err) + } + } else { + cfg.ServerTokens = "off" + if serverTokens { + cfg.ServerTokens = "on" + } + } + } + + if lbMethod, exists := cfgm.Data["lb-method"]; exists { + if nginxPlus { + if parsedMethod, err := ParseLBMethodForPlus(lbMethod); err != nil { + glog.Errorf("Configmap %s/%s: Invalid value for the lb-method key: got %q: %v", cfgm.GetNamespace(), cfgm.GetName(), lbMethod, err) + } else { + cfg.LBMethod = parsedMethod + } + } else { + if parsedMethod, err := ParseLBMethod(lbMethod); err != nil { + glog.Errorf("Configmap %s/%s: Invalid value for the lb-method key: got %q: %v", cfgm.GetNamespace(), cfgm.GetName(), lbMethod, err) + } else { + cfg.LBMethod = parsedMethod + } + } + } + + if proxyConnectTimeout, exists := cfgm.Data["proxy-connect-timeout"]; exists { + cfg.ProxyConnectTimeout = proxyConnectTimeout + } + if proxyReadTimeout, exists := cfgm.Data["proxy-read-timeout"]; exists { + cfg.ProxyReadTimeout = proxyReadTimeout + } + if proxyHideHeaders, exists, err := GetMapKeyAsStringSlice(cfgm.Data, "proxy-hide-headers", cfgm, ","); exists { + if err != nil { + glog.Error(err) + } else { + cfg.ProxyHideHeaders = proxyHideHeaders + } + } + if proxyPassHeaders, exists, err := GetMapKeyAsStringSlice(cfgm.Data, "proxy-pass-headers", cfgm, ","); exists { + if err != nil { + glog.Error(err) + } else { + cfg.ProxyPassHeaders = proxyPassHeaders + } + } + if clientMaxBodySize, exists := cfgm.Data["client-max-body-size"]; exists { + cfg.ClientMaxBodySize = clientMaxBodySize + } + if serverNamesHashBucketSize, exists := cfgm.Data["server-names-hash-bucket-size"]; exists { + cfg.MainServerNamesHashBucketSize = serverNamesHashBucketSize + } + if serverNamesHashMaxSize, exists := cfgm.Data["server-names-hash-max-size"]; exists { + cfg.MainServerNamesHashMaxSize = serverNamesHashMaxSize + } + if HTTP2, exists, err := GetMapKeyAsBool(cfgm.Data, "http2", cfgm); exists { + if err != nil { + glog.Error(err) + } else { + cfg.HTTP2 = HTTP2 + } + } + if redirectToHTTPS, exists, err := GetMapKeyAsBool(cfgm.Data, "redirect-to-https", cfgm); exists { + if err != nil { + glog.Error(err) + } else { + cfg.RedirectToHTTPS = redirectToHTTPS + } + } + if sslRedirect, exists, err := GetMapKeyAsBool(cfgm.Data, "ssl-redirect", cfgm); exists { + if err != nil { + glog.Error(err) + } else { + cfg.SSLRedirect = sslRedirect + } + } + + // HSTS block + if hsts, exists, err := GetMapKeyAsBool(cfgm.Data, "hsts", cfgm); exists { + if err != nil { + glog.Error(err) + } else { + parsingErrors := false + + hstsMaxAge, existsMA, err := GetMapKeyAsInt(cfgm.Data, "hsts-max-age", cfgm) + if existsMA && err != nil { + glog.Error(err) + parsingErrors = true + } + hstsIncludeSubdomains, existsIS, err := GetMapKeyAsBool(cfgm.Data, "hsts-include-subdomains", cfgm) + if existsIS && err != nil { + glog.Error(err) + parsingErrors = true + } + + if parsingErrors { + glog.Errorf("Configmap %s/%s: There are configuration issues with hsts annotations, skipping options for all hsts settings", cfgm.GetNamespace(), cfgm.GetName()) + } else { + cfg.HSTS = hsts + if existsMA { + cfg.HSTSMaxAge = hstsMaxAge + } + if existsIS { + cfg.HSTSIncludeSubdomains = hstsIncludeSubdomains + } + } + } + } + + if proxyProtocol, exists, err := GetMapKeyAsBool(cfgm.Data, "proxy-protocol", cfgm); exists { + if err != nil { + glog.Error(err) + } else { + cfg.ProxyProtocol = proxyProtocol + } + } + + // ngx_http_realip_module + if realIPHeader, exists := cfgm.Data["real-ip-header"]; exists { + cfg.RealIPHeader = realIPHeader + } + if setRealIPFrom, exists, err := GetMapKeyAsStringSlice(cfgm.Data, "set-real-ip-from", cfgm, ","); exists { + if err != nil { + glog.Error(err) + } else { + cfg.SetRealIPFrom = setRealIPFrom + } + } + if realIPRecursive, exists, err := GetMapKeyAsBool(cfgm.Data, "real-ip-recursive", cfgm); exists { + if err != nil { + glog.Error(err) + } else { + cfg.RealIPRecursive = realIPRecursive + } + } + + // SSL block + if sslProtocols, exists := cfgm.Data["ssl-protocols"]; exists { + cfg.MainServerSSLProtocols = sslProtocols + } + if sslPreferServerCiphers, exists, err := GetMapKeyAsBool(cfgm.Data, "ssl-prefer-server-ciphers", cfgm); exists { + if err != nil { + glog.Error(err) + } else { + cfg.MainServerSSLPreferServerCiphers = sslPreferServerCiphers + } + } + if sslCiphers, exists := cfgm.Data["ssl-ciphers"]; exists { + cfg.MainServerSSLCiphers = strings.Trim(sslCiphers, "\n") + } + if sslDHParamFile, exists := cfgm.Data["ssl-dhparam-file"]; exists { + sslDHParamFile = strings.Trim(sslDHParamFile, "\n") + cfg.MainServerSSLDHParamFileContent = &sslDHParamFile + } + + if logFormat, exists := cfgm.Data["log-format"]; exists { + cfg.MainLogFormat = logFormat + } + if proxyBuffering, exists, err := GetMapKeyAsBool(cfgm.Data, "proxy-buffering", cfgm); exists { + if err != nil { + glog.Error(err) + } else { + cfg.ProxyBuffering = proxyBuffering + } + } + if proxyBuffers, exists := cfgm.Data["proxy-buffers"]; exists { + cfg.ProxyBuffers = proxyBuffers + } + if proxyBufferSize, exists := cfgm.Data["proxy-buffer-size"]; exists { + cfg.ProxyBufferSize = proxyBufferSize + } + if proxyMaxTempFileSize, exists := cfgm.Data["proxy-max-temp-file-size"]; exists { + cfg.ProxyMaxTempFileSize = proxyMaxTempFileSize + } + + if mainMainSnippets, exists, err := GetMapKeyAsStringSlice(cfgm.Data, "main-snippets", cfgm, "\n"); exists { + if err != nil { + glog.Error(err) + } else { + cfg.MainMainSnippets = mainMainSnippets + } + } + if mainHTTPSnippets, exists, err := GetMapKeyAsStringSlice(cfgm.Data, "http-snippets", cfgm, "\n"); exists { + if err != nil { + glog.Error(err) + } else { + cfg.MainHTTPSnippets = mainHTTPSnippets + } + } + if locationSnippets, exists, err := GetMapKeyAsStringSlice(cfgm.Data, "location-snippets", cfgm, "\n"); exists { + if err != nil { + glog.Error(err) + } else { + cfg.LocationSnippets = locationSnippets + } + } + if serverSnippets, exists, err := GetMapKeyAsStringSlice(cfgm.Data, "server-snippets", cfgm, "\n"); exists { + if err != nil { + glog.Error(err) + } else { + cfg.ServerSnippets = serverSnippets + } + } + if _, exists, err := GetMapKeyAsInt(cfgm.Data, "worker-processes", cfgm); exists { + if err != nil && cfgm.Data["worker-processes"] != "auto" { + glog.Errorf("Configmap %s/%s: Invalid value for worker-processes key: must be an integer or the string 'auto', got %q", cfgm.GetNamespace(), cfgm.GetName(), cfgm.Data["worker-processes"]) + } else { + cfg.MainWorkerProcesses = cfgm.Data["worker-processes"] + } + } + if workerCPUAffinity, exists := cfgm.Data["worker-cpu-affinity"]; exists { + cfg.MainWorkerCPUAffinity = workerCPUAffinity + } + if workerShutdownTimeout, exists := cfgm.Data["worker-shutdown-timeout"]; exists { + cfg.MainWorkerShutdownTimeout = workerShutdownTimeout + } + if workerConnections, exists := cfgm.Data["worker-connections"]; exists { + cfg.MainWorkerConnections = workerConnections + } + if workerRlimitNofile, exists := cfgm.Data["worker-rlimit-nofile"]; exists { + cfg.MainWorkerRlimitNofile = workerRlimitNofile + } + if keepalive, exists, err := GetMapKeyAsInt(cfgm.Data, "keepalive", cfgm); exists { + if err != nil { + glog.Error(err) + } else { + cfg.Keepalive = keepalive + } + } + if maxFails, exists, err := GetMapKeyAsInt(cfgm.Data, "max-fails", cfgm); exists { + if err != nil { + glog.Error(err) + } else { + cfg.MaxFails = maxFails + } + } + if failTimeout, exists := cfgm.Data["fail-timeout"]; exists { + cfg.FailTimeout = failTimeout + } + return cfg +} diff --git a/nginx-controller/nginx/configurator.go b/nginx-controller/nginx/configurator.go index 31bee1274e..eb693805c0 100644 --- a/nginx-controller/nginx/configurator.go +++ b/nginx-controller/nginx/configurator.go @@ -1013,10 +1013,9 @@ func mergeMasterAnnotationsIntoMinion(minionAnnotations map[string]string, maste } } -// UpdateConfig updates NGINX Configuration parameters -func (cnf *Configurator) UpdateConfig(config *Config, ingExes []*IngressEx, mergeableIngs map[string]*MergeableIngresses) error { - cnf.config = config - mainCfg := &NginxMainConfig{ +// GenerateNginxMainConfig generate NginxMainConfig from Config +func GenerateNginxMainConfig(config *Config) *NginxMainConfig { + nginxCfg := &NginxMainConfig{ MainSnippets: config.MainMainSnippets, HTTPSnippets: config.MainHTTPSnippets, ServerNamesHashBucketSize: config.MainServerNamesHashBucketSize, @@ -1035,7 +1034,20 @@ func (cnf *Configurator) UpdateConfig(config *Config, ingExes []*IngressEx, merg WorkerConnections: config.MainWorkerConnections, WorkerRlimitNofile: config.MainWorkerRlimitNofile, } + return nginxCfg +} +// UpdateConfig updates NGINX Configuration parameters +func (cnf *Configurator) UpdateConfig(config *Config, ingExes []*IngressEx, mergeableIngs map[string]*MergeableIngresses) error { + cnf.config = config + if cnf.config.MainServerSSLDHParamFileContent != nil { + fileName, err := cnf.nginx.AddOrUpdateDHParam(*cnf.config.MainServerSSLDHParamFileContent) + if err != nil { + return fmt.Errorf("Error when updating dhparams: %v", err) + } + config.MainServerSSLDHParam = fileName + } + mainCfg := GenerateNginxMainConfig(config) cnf.nginx.UpdateMainConfigFile(mainCfg) for _, ingEx := range ingExes { diff --git a/nginx-controller/nginx/nginx.go b/nginx-controller/nginx/nginx.go index 361555c2c7..f40258e372 100644 --- a/nginx-controller/nginx/nginx.go +++ b/nginx-controller/nginx/nginx.go @@ -178,14 +178,6 @@ func NewNginxController(nginxConfPath string, local bool, healthStatus bool, ngi nginxIngressTemplatePath: nginxIngressTemplatePath, } - cfg := &NginxMainConfig{ - ServerNamesHashMaxSize: NewDefaultConfig().MainServerNamesHashMaxSize, - ServerTokens: NewDefaultConfig().ServerTokens, - WorkerProcesses: NewDefaultConfig().MainWorkerProcesses, - WorkerConnections: NewDefaultConfig().MainWorkerConnections, - } - ngxc.UpdateMainConfigFile(cfg) - return &ngxc, nil }