Prefetch ConfigMap

ConfigMap is applied to the NGINX Config before Config is generated

This removes the need for additional NGINX Config generations on startup

.gitignore

@@ -28,6 +28,10 @@ osx-nginx-plus-ingress
 nginx-plus-ingress
 nginx-controller/nginx-controller
 
+# Ingress Controller templates
+nginx-controller/nginx-plus.ingress.tmpl
+nginx-controller/nginx-plus.tmpl
+
 # NGINX Plus license files
 *.crt
 *.key

nginx-controller/controller/controller.go

@@ -433,256 +433,7 @@ func (lbc *LoadBalancerController) syncCfgm(task Task) {
 
  if cfgmExists {
  cfgm := obj.(*api_v1.ConfigMap)
-
- if serverTokens, exists, err := nginx.GetMapKeyAsBool(cfgm.Data, "server-tokens", cfgm); exists {
- if err != nil {
- if lbc.nginxPlus {
- cfg.ServerTokens = cfgm.Data["server-tokens"]
- } else {
- glog.Error(err)
- }
- } else {
- cfg.ServerTokens = "off"
- if serverTokens {
- cfg.ServerTokens = "on"
- }
- }
- }
-
- if lbMethod, exists := cfgm.Data["lb-method"]; exists {
- if lbc.nginxPlus {
- if parsedMethod, err := nginx.ParseLBMethodForPlus(lbMethod); err != nil {
- glog.Errorf("Configmap %s/%s: Invalid value for the lb-method key: got %q: %v", cfgm.GetNamespace(), cfgm.GetName(), lbMethod, err)
- } else {
- cfg.LBMethod = parsedMethod
- }
- } else {
- if parsedMethod, err := nginx.ParseLBMethod(lbMethod); err != nil {
- glog.Errorf("Configmap %s/%s: Invalid value for the lb-method key: got %q: %v", cfgm.GetNamespace(), cfgm.GetName(), lbMethod, err)
- } else {
- cfg.LBMethod = parsedMethod
- }
- }
- }
-
- if proxyConnectTimeout, exists := cfgm.Data["proxy-connect-timeout"]; exists {
- cfg.ProxyConnectTimeout = proxyConnectTimeout
- }
- if proxyReadTimeout, exists := cfgm.Data["proxy-read-timeout"]; exists {
- cfg.ProxyReadTimeout = proxyReadTimeout
- }
- if proxyHideHeaders, exists, err := nginx.GetMapKeyAsStringSlice(cfgm.Data, "proxy-hide-headers", cfgm, ","); exists {
- if err != nil {
- glog.Error(err)
- } else {
- cfg.ProxyHideHeaders = proxyHideHeaders
- }
- }
- if proxyPassHeaders, exists, err := nginx.GetMapKeyAsStringSlice(cfgm.Data, "proxy-pass-headers", cfgm, ","); exists {
- if err != nil {
- glog.Error(err)
- } else {
- cfg.ProxyPassHeaders = proxyPassHeaders
- }
- }
- if clientMaxBodySize, exists := cfgm.Data["client-max-body-size"]; exists {
- cfg.ClientMaxBodySize = clientMaxBodySize
- }
- if serverNamesHashBucketSize, exists := cfgm.Data["server-names-hash-bucket-size"]; exists {
- cfg.MainServerNamesHashBucketSize = serverNamesHashBucketSize
- }
- if serverNamesHashMaxSize, exists := cfgm.Data["server-names-hash-max-size"]; exists {
- cfg.MainServerNamesHashMaxSize = serverNamesHashMaxSize
- }
- if HTTP2, exists, err := nginx.GetMapKeyAsBool(cfgm.Data, "http2", cfgm); exists {
- if err != nil {
- glog.Error(err)
- } else {
- cfg.HTTP2 = HTTP2
- }
- }
- if redirectToHTTPS, exists, err := nginx.GetMapKeyAsBool(cfgm.Data, "redirect-to-https", cfgm); exists {
- if err != nil {
- glog.Error(err)
- } else {
- cfg.RedirectToHTTPS = redirectToHTTPS
- }
- }
- if sslRedirect, exists, err := nginx.GetMapKeyAsBool(cfgm.Data, "ssl-redirect", cfgm); exists {
- if err != nil {
- glog.Error(err)
- } else {
- cfg.SSLRedirect = sslRedirect
- }
- }
-
- // HSTS block
- if hsts, exists, err := nginx.GetMapKeyAsBool(cfgm.Data, "hsts", cfgm); exists {
- if err != nil {
- glog.Error(err)
- } else {
- parsingErrors := false
-
- hstsMaxAge, existsMA, err := nginx.GetMapKeyAsInt(cfgm.Data, "hsts-max-age", cfgm)
- if existsMA && err != nil {
- glog.Error(err)
- parsingErrors = true
- }
- hstsIncludeSubdomains, existsIS, err := nginx.GetMapKeyAsBool(cfgm.Data, "hsts-include-subdomains", cfgm)
- if existsIS && err != nil {
- glog.Error(err)
- parsingErrors = true
- }
-
- if parsingErrors {
- glog.Errorf("Configmap %s/%s: There are configuration issues with hsts annotations, skipping options for all hsts settings", cfgm.GetNamespace(), cfgm.GetName())
- } else {
- cfg.HSTS = hsts
- if existsMA {
- cfg.HSTSMaxAge = hstsMaxAge
- }
- if existsIS {
- cfg.HSTSIncludeSubdomains = hstsIncludeSubdomains
- }
- }
- }
- }
-
- if proxyProtocol, exists, err := nginx.GetMapKeyAsBool(cfgm.Data, "proxy-protocol", cfgm); exists {
- if err != nil {
- glog.Error(err)
- } else {
- cfg.ProxyProtocol = proxyProtocol
- }
- }
-
- // ngx_http_realip_module
- if realIPHeader, exists := cfgm.Data["real-ip-header"]; exists {
- cfg.RealIPHeader = realIPHeader
- }
- if setRealIPFrom, exists, err := nginx.GetMapKeyAsStringSlice(cfgm.Data, "set-real-ip-from", cfgm, ","); exists {
- if err != nil {
- glog.Error(err)
- } else {
- cfg.SetRealIPFrom = setRealIPFrom
- }
- }
- if realIPRecursive, exists, err := nginx.GetMapKeyAsBool(cfgm.Data, "real-ip-recursive", cfgm); exists {
- if err != nil {
- glog.Error(err)
- } else {
- cfg.RealIPRecursive = realIPRecursive
- }
- }
-
- // SSL block
- if sslProtocols, exists := cfgm.Data["ssl-protocols"]; exists {
- cfg.MainServerSSLProtocols = sslProtocols
- }
- if sslPreferServerCiphers, exists, err := nginx.GetMapKeyAsBool(cfgm.Data, "ssl-prefer-server-ciphers", cfgm); exists {
- if err != nil {
- glog.Error(err)
- } else {
- cfg.MainServerSSLPreferServerCiphers = sslPreferServerCiphers
- }
- }
- if sslCiphers, exists := cfgm.Data["ssl-ciphers"]; exists {
- cfg.MainServerSSLCiphers = strings.Trim(sslCiphers, "\n")
- }
- if sslDHParamFile, exists := cfgm.Data["ssl-dhparam-file"]; exists {
- sslDHParamFile = strings.Trim(sslDHParamFile, "\n")
- fileName, err := lbc.cnf.AddOrUpdateDHParam(sslDHParamFile)
- if err != nil {
- glog.Errorf("Configmap %s/%s: Could not update dhparams: %v", cfgm.GetNamespace(), cfgm.GetName(), err)
- } else {
- cfg.MainServerSSLDHParam = fileName
- }
- }
-
- if logFormat, exists := cfgm.Data["log-format"]; exists {
- cfg.MainLogFormat = logFormat
- }
- if proxyBuffering, exists, err := nginx.GetMapKeyAsBool(cfgm.Data, "proxy-buffering", cfgm); exists {
- if err != nil {
- glog.Error(err)
- } else {
- cfg.ProxyBuffering = proxyBuffering
- }
- }
- if proxyBuffers, exists := cfgm.Data["proxy-buffers"]; exists {
- cfg.ProxyBuffers = proxyBuffers
- }
- if proxyBufferSize, exists := cfgm.Data["proxy-buffer-size"]; exists {
- cfg.ProxyBufferSize = proxyBufferSize
- }
- if proxyMaxTempFileSize, exists := cfgm.Data["proxy-max-temp-file-size"]; exists {
- cfg.ProxyMaxTempFileSize = proxyMaxTempFileSize
- }
-
- if mainMainSnippets, exists, err := nginx.GetMapKeyAsStringSlice(cfgm.Data, "main-snippets", cfgm, "\n"); exists {
- if err != nil {
- glog.Error(err)
- } else {
- cfg.MainMainSnippets = mainMainSnippets
- }
- }
- if mainHTTPSnippets, exists, err := nginx.GetMapKeyAsStringSlice(cfgm.Data, "http-snippets", cfgm, "\n"); exists {
- if err != nil {
- glog.Error(err)
- } else {
- cfg.MainHTTPSnippets = mainHTTPSnippets
- }
- }
- if locationSnippets, exists, err := nginx.GetMapKeyAsStringSlice(cfgm.Data, "location-snippets", cfgm, "\n"); exists {
- if err != nil {
- glog.Error(err)
- } else {
- cfg.LocationSnippets = locationSnippets
- }
- }
- if serverSnippets, exists, err := nginx.GetMapKeyAsStringSlice(cfgm.Data, "server-snippets", cfgm, "\n"); exists {
- if err != nil {
- glog.Error(err)
- } else {
- cfg.ServerSnippets = serverSnippets
- }
- }
- if _, exists, err := nginx.GetMapKeyAsInt(cfgm.Data, "worker-processes", cfgm); exists {
- if err != nil && cfgm.Data["worker-processes"] != "auto" {
- glog.Errorf("Configmap %s/%s: Invalid value for worker-processes key: must be an integer or the string 'auto', got %q", cfgm.GetNamespace(), cfgm.GetName(), cfgm.Data["worker-processes"])
- } else {
- cfg.MainWorkerProcesses = cfgm.Data["worker-processes"]
- }
- }
- if workerCPUAffinity, exists := cfgm.Data["worker-cpu-affinity"]; exists {
- cfg.MainWorkerCPUAffinity = workerCPUAffinity
- }
- if workerShutdownTimeout, exists := cfgm.Data["worker-shutdown-timeout"]; exists {
- cfg.MainWorkerShutdownTimeout = workerShutdownTimeout
- }
- if workerConnections, exists := cfgm.Data["worker-connections"]; exists {
- cfg.MainWorkerConnections = workerConnections
- }
- if workerRlimitNofile, exists := cfgm.Data["worker-rlimit-nofile"]; exists {
- cfg.MainWorkerRlimitNofile = workerRlimitNofile
- }
- if keepalive, exists, err := nginx.GetMapKeyAsInt(cfgm.Data, "keepalive", cfgm); exists {
- if err != nil {
- glog.Error(err)
- } else {
- cfg.Keepalive = keepalive
- }
- }
- if maxFails, exists, err := nginx.GetMapKeyAsInt(cfgm.Data, "max-fails", cfgm); exists {
- if err != nil {
- glog.Error(err)
- } else {
- cfg.MaxFails = maxFails
- }
- }
- if failTimeout, exists := cfgm.Data["fail-timeout"]; exists {
- cfg.FailTimeout = failTimeout
- }
+ cfg = nginx.ParseConfigMap(cfgm, lbc.nginxPlus)
  }
 
  mergeableIngresses := make(map[string]*nginx.MergeableIngresses)
@@ -1277,9 +1028,9 @@ func (lbc *LoadBalancerController) isNginxIngress(ing *extensions.Ingress) bool
  return class == lbc.ingressClass
  }
  return class == lbc.ingressClass || class == ""
- } else {
- return !lbc.useIngressClassOnly
  }
+ return !lbc.useIngressClassOnly
+
 }
 
 // isHealthCheckEnabled checks if health checks are enabled so we can only query pods if enabled.

nginx-controller/main.go

@@ -130,10 +130,32 @@ func main() {
  }
  }
 
+ cfg := nginx.NewDefaultConfig()
+ if *nginxConfigMaps != "" {
+ ns, name, err := controller.ParseNamespaceName(*nginxConfigMaps)
+ if err != nil {
+ glog.Fatalf("Error parsing the nginx-configmaps argument: %v", err)
+ }
+ cfm, err := kubeClient.CoreV1().ConfigMaps(ns).Get(name, meta_v1.GetOptions{})
+ if err != nil {
+ glog.Fatalf("Error when getting %v: %v", *nginxConfigMaps, err)
+ }
+ cfg = nginx.ParseConfigMap(cfm, *nginxPlus)
+ if cfg.MainServerSSLDHParamFileContent != nil {
+ fileName, err := ngxc.AddOrUpdateDHParam(*cfg.MainServerSSLDHParamFileContent)
+ if err != nil {
+ glog.Fatalf("Configmap %s/%s: Could not update dhparams: %v", ns, name, err)
+ } else {
+ cfg.MainServerSSLDHParam = fileName
+ }
+ }
+ }
+ ngxConfig := nginx.GenerateNginxMainConfig(cfg)
+ ngxc.UpdateMainConfigFile(ngxConfig)
+
  nginxDone := make(chan error, 1)
  ngxc.Start(nginxDone)
 
- nginxConfig := nginx.NewDefaultConfig()
  var nginxAPI *plus.NginxAPIController
  if *nginxPlus {
  time.Sleep(500 * time.Millisecond)
@@ -142,8 +164,8 @@ func main() {
  glog.Fatalf("Failed to create NginxAPIController: %v", err)
  }
  }
- cnf := nginx.NewConfigurator(ngxc, nginxConfig, nginxAPI)
 
+ cnf := nginx.NewConfigurator(ngxc, cfg, nginxAPI)
  lbc := controller.NewLoadBalancerController(kubeClient, 30*time.Second, *watchNamespace, cnf, *nginxConfigMaps, *defaultServerSecret, *nginxPlus, *ingressClass, *useIngressClassOnly)
  go handleTermination(lbc, ngxc, nginxDone)
  lbc.Run()