Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
k8s-ingress
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
3
Merge Requests
3
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Open sidebar
uplex-varnish
k8s-ingress
Commits
6976e9ad
Commit
6976e9ad
authored
Apr 26, 2021
by
Geoff Simmons
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Refactor the VCL implementation of self-sharding & primary-only.
Updated code contributed by
@slink
.
parent
bd36d1da
Changes
14
Hide whitespace changes
Inline
Side-by-side
Showing
14 changed files
with
188 additions
and
226 deletions
+188
-226
cafe.vtc
examples/hello/cafe.vtc
+8
-0
Makefile
examples/self-sharding/Makefile
+14
-1
values-primary-only-by-clientid.yaml
examples/self-sharding/values-primary-only-by-clientid.yaml
+29
-0
varnishconfig.go
pkg/controller/varnishconfig.go
+10
-4
self_shard_tmpl.go
pkg/varnish/vcl/self_shard_tmpl.go
+20
-34
ingress_shard.golden
pkg/varnish/vcl/testdata/ingress_shard.golden
+8
-6
primaryonly_shard.golden
pkg/varnish/vcl/testdata/primaryonly_shard.golden
+14
-27
shard.golden
pkg/varnish/vcl/testdata/shard.golden
+8
-6
shard_by_digest.golden
pkg/varnish/vcl/testdata/shard_by_digest.golden
+14
-27
shard_by_key.golden
pkg/varnish/vcl/testdata/shard_by_key.golden
+14
-27
shard_by_url.golden
pkg/varnish/vcl/testdata/shard_by_url.golden
+14
-27
e2e.sh
test/e2e.sh
+3
-0
tmplcfg.yaml
test/e2e/tmplcfg/tmplcfg.yaml
+16
-33
values.yaml
test/e2e/tmplcfg/values.yaml
+16
-34
No files found.
examples/hello/cafe.vtc
View file @
6976e9ad
...
...
@@ -2,23 +2,31 @@
varnishtest "cafe example (hello world for Ingress)"
# The beresp may send Connection:close, if Varnish went to pipe due to
# primary-only. So we run each test in a separate connection.
client c1 -connect "${localhost} ${localport}" {
txreq -url /coffee/foo/bar -hdr "Host: cafe.example.com"
rxresp
expect resp.status == 200
expect resp.body ~ "(?m)^URI: /coffee/foo/bar$"
expect resp.body ~ "(?m)^Server name: coffee-[a-z0-9]+-[a-z0-9]+$"
} -run
client c1 -connect "${localhost} ${localport}" {
txreq -url /tea/baz/quux -hdr "Host: cafe.example.com"
rxresp
expect resp.status == 200
expect resp.body ~ "(?m)^URI: /tea/baz/quux$"
expect resp.body ~ "(?m)^Server name: tea-[a-z0-9]+-[a-z0-9]+$"
} -run
client c1 -connect "${localhost} ${localport}" {
txreq -url /coffee/foo/bar
rxresp
expect resp.status == 404
} -run
client c1 -connect "${localhost} ${localport}" {
txreq -url /milk -hdr "Host: cafe.example.com"
rxresp
expect resp.status == 404
...
...
examples/self-sharding/Makefile
View file @
6976e9ad
...
...
@@ -54,6 +54,10 @@ deploy-shard-by-key-helm:
@
helm
install
viking-ingress-shard-by-key
$(CHARTDIR)
/viking-test-app
\
--values
values-shard-by-key.yaml
deploy-primary-only-by-clientid-helm
:
@
helm
install
viking-ingress-primary-only-by-clientid
$(CHARTDIR)
/viking-test-app
\
--values
values-primary-only-by-clientid.yaml
deploy-cafe-kubectl
:
@
kubectl apply
-f
$(mkdir)
/../hello/cafe.yaml
@
kubectl apply
-f
$(mkdir)
/../hello/cafe-ingress.yaml
...
...
@@ -101,6 +105,10 @@ undeploy-shard-by-key-helm:
@
helm uninstall viking-ingress-shard-by-key
$(MAKE)
wait
undeploy-primary-only-by-clientid-helm
:
@
helm uninstall viking-ingress-primary-only-by-clientid
$(MAKE)
wait
undeploy-cafe-kubectl
:
@
kubectl delete
-f
$(mkdir)
/../hello/cafe-ingress.yaml
@
kubectl delete
-f
$(mkdir)
/../hello/cafe.yaml
...
...
@@ -152,6 +160,8 @@ deploy-shard-by-url: deploy-shard-by-url-helm
undeploy-shard-by-url
:
undeploy-shard-by-url-helm
deploy-shard-by-key
:
deploy-shard-by-key-helm
undeploy-shard-by-key
:
undeploy-shard-by-key-helm
deploy-primary-only-by-clientid
:
deploy-primary-only-by-clientid-helm
undeploy-primary-only-by-clientid
:
undeploy-primary-only-by-clientid-helm
endif
ifeq
($(EXAMPLE),self-sharding)
...
...
@@ -169,9 +179,12 @@ undeploy: undeploy-shard-by-url
else
ifeq
($(EXAMPLE),shard-by-key)
deploy
:
deploy-shard-by-key
undeploy
:
undeploy-shard-by-key
else
ifeq
($(EXAMPLE),primary-only-by-clientid)
deploy
:
deploy-primary-only-by-clientid
undeploy
:
undeploy-primary-only-by-clientid
else
deploy undeploy
:
$
(
error EXAMPLE must be
set
to self-sharding, primary-only, or shard-by-[digest|url|key]
)
$
(
error EXAMPLE must be
set
to self-sharding, primary-only
[-by-clientid]
, or shard-by-[digest|url|key]
)
endif
.PHONY
:
all $(MAKECMDGOALS)
examples/self-sharding/values-primary-only-by-clientid.yaml
0 → 100644
View file @
6976e9ad
apps
:
coffee
:
image
:
nginxdemos/hello:plain-text
replicas
:
2
tea
:
image
:
nginxdemos/hello:plain-text
replicas
:
3
ingress
:
name
:
cafe-ingress
rules
:
-
host
:
cafe.example.com
paths
:
-
path
:
/tea
app
:
tea
-
path
:
/coffee
app
:
coffee
vikingAdmSvc
:
varnish-ingress-admin
selfSharding
:
primaryOnly
:
true
key
:
client.identity
probe
:
timeout
:
6s
interval
:
6s
initial
:
2
window
:
4
threshold
:
3
pkg/controller/varnishconfig.go
View file @
6976e9ad
...
...
@@ -309,11 +309,17 @@ func (worker *NamespaceWorker) configSharding(spec *vcl.Spec,
Addresses
:
make
([]
vcl
.
Address
,
1
),
}
ns
,
name
:=
getTargetPod
(
addr
)
if
ns
!=
""
&&
name
!=
""
{
node
.
Name
=
eps
.
Name
node
.
Addresses
[
0
]
.
PodNamespace
=
ns
node
.
Addresses
[
0
]
.
PodName
=
name
if
ns
==
""
||
name
==
""
{
return
update
.
MakeFatal
(
"Pod namespace or name not "
+
"known for Endpoint "
+
"%s/%s ip=%s"
,
eps
.
Namespace
,
eps
.
Name
,
addr
.
IP
)
}
node
.
Name
=
eps
.
Name
node
.
Addresses
[
0
]
.
PodNamespace
=
ns
node
.
Addresses
[
0
]
.
PodName
=
name
node
.
Addresses
[
0
]
.
IP
=
addr
.
IP
node
.
Addresses
[
0
]
.
Port
=
httpPort
spec
.
ShardCluster
.
Nodes
=
...
...
pkg/varnish/vcl/self_shard_tmpl.go
View file @
6976e9ad
...
...
@@ -38,6 +38,7 @@ import std;
import directors;
import blob;
import blobdigest;
import taskvar;
probe vk8s_probe_varnish {
.request = "HEAD /vk8s_cluster_health HTTP/1.1"
...
...
@@ -61,7 +62,7 @@ probe vk8s_probe_varnish {
}
{{range $node := .Nodes -}}
backend {{
backend
Name $node}} {
backend {{
node
Name $node}} {
.host = "{{(index $node.Addresses 0).IP}}";
.port = "{{(index $node.Addresses 0).Port}}";
.probe = vk8s_probe_varnish;
...
...
@@ -80,23 +81,24 @@ sub vcl_init {
new vk8s_cluster = directors.shard();
vk8s_cluster.associate(vk8s_cluster_param.use());
{{range $node := .Nodes -}}
vk8s_cluster.add_backend({{
backend
Name $node}});
vk8s_cluster.add_backend({{
node
Name $node}});
{{end -}}
vk8s_cluster.reconfigure();
{{- digest_init . }}
{{ if .PrimaryOnly -}}
new vk8s_cluster_primary = taskvar.backend();
{{- end }}
}
sub vcl_recv {
{{ if .PrimaryOnly -}}
unset req.http.VK8S-Shard-Primary-Only;
{{- digest_update 'c' . }}
vk8s_cluster_primary.set(vk8s_cluster.backend(resolve=NOW
{{- key 'c' .}}));
if (remote.ip !~ vk8s_cluster_acl
&& "" + vk8s_cluster.backend(resolve=NOW
{{- key 'c' .}}) != server.identity) {
set req.http.VK8S-Shard-Primary-Only = "true";
set req.backend_hint = vk8s_cluster.backend(resolve=NOW
{{- key 'c' .}});
return (pass);
&& "" + vk8s_cluster_primary.get() != server.identity) {
set req.backend_hint = vk8s_cluster_primary.get();
return (pipe);
}
else {{ end }}if (remote.ip ~ vk8s_cluster_acl) {
if (req.http.Host == "vk8s_cluster") {
...
...
@@ -117,19 +119,8 @@ sub vcl_recv {
return (hash);
}
}
{{ if .PrimaryOnly }}
sub vcl_pass {
if (req.http.VK8S-Shard-Primary-Only) {
return (fetch);
}
}
{{ end }}
sub vcl_backend_fetch {
{{- if .PrimaryOnly }}
if (bereq.http.VK8S-Shard-Primary-Only) {
return (fetch);
}
{{- end }}
{{- digest_update 'b' . }}
vk8s_cluster_param.set({{ key 'b' .}});
if (bereq.retries == 0
...
...
@@ -143,11 +134,6 @@ sub vcl_backend_fetch {
}
sub vcl_backend_response {
{{- if .PrimaryOnly }}
if (bereq.http.VK8S-Shard-Primary-Only) {
return (deliver);
}
{{- end }}
if (bereq.backend == vk8s_cluster.backend(resolve=LAZY)) {
if (beresp.http.VK8S-Cluster-TTL) {
set beresp.ttl = std.duration(
...
...
@@ -171,13 +157,10 @@ sub vcl_backend_error {
}
sub vcl_deliver {
{{- if .PrimaryOnly }}
if (req.http.VK8S-Shard-Primary-Only) {
return (deliver);
}
{{- end }}
unset resp.http.VK8S-Cluster-TTL;
if (remote.ip ~ vk8s_cluster_acl) {
if (remote.ip ~ vk8s_cluster_acl
{{- if .PrimaryOnly }} && ! vk8s_cluster_primary.defined()
{{- end }}) {
if (! obj.uncacheable) {
set resp.http.VK8S-Cluster-TTL = obj.ttl;
}
...
...
@@ -234,8 +217,11 @@ var shardFuncMap = template.FuncMap{
"key"
:
keyParams
,
"digest_init"
:
digestInit
,
"digest_update"
:
digestUpdate
,
"backendName"
:
func
(
svc
Service
)
string
{
return
backendName
(
svc
,
svc
.
Addresses
[
0
])
"nodeName"
:
func
(
svc
Service
)
string
{
// MUST match -i setting in the varnishd invocaton
// (server.identity)
addr
:=
svc
.
Addresses
[
0
]
return
"vk8s_"
+
addr
.
PodNamespace
+
"_"
+
addr
.
PodName
},
}
...
...
pkg/varnish/vcl/testdata/ingress_shard.golden
View file @
6976e9ad
...
...
@@ -75,6 +75,7 @@ import std;
import directors;
import blob;
import blobdigest;
import taskvar;
probe vk8s_probe_varnish {
.request = "HEAD /vk8s_cluster_health HTTP/1.1"
...
...
@@ -87,19 +88,19 @@ probe vk8s_probe_varnish {
.threshold = 3;
}
backend vk8s_default_varnish-8445d4f7f-z2b9p
_80
{
backend vk8s_default_varnish-8445d4f7f-z2b9p {
.host = "172.17.0.12";
.port = "80";
.probe = vk8s_probe_varnish;
}
backend vk8s_
viking-service_172_17_0_13_80
{
backend vk8s_
_
{
.host = "172.17.0.13";
.port = "80";
.probe = vk8s_probe_varnish;
}
backend vk8s_default_varnish-8445d4f7f-ldljf
_80
{
backend vk8s_default_varnish-8445d4f7f-ldljf {
.host = "172.17.0.14";
.port = "80";
.probe = vk8s_probe_varnish;
...
...
@@ -115,10 +116,11 @@ sub vcl_init {
new vk8s_cluster_param = directors.shard_param();
new vk8s_cluster = directors.shard();
vk8s_cluster.associate(vk8s_cluster_param.use());
vk8s_cluster.add_backend(vk8s_default_varnish-8445d4f7f-z2b9p
_80
);
vk8s_cluster.add_backend(vk8s_
viking-service_172_17_0_13_80
);
vk8s_cluster.add_backend(vk8s_default_varnish-8445d4f7f-ldljf
_80
);
vk8s_cluster.add_backend(vk8s_default_varnish-8445d4f7f-z2b9p);
vk8s_cluster.add_backend(vk8s_
_
);
vk8s_cluster.add_backend(vk8s_default_varnish-8445d4f7f-ldljf);
vk8s_cluster.reconfigure();
}
sub vcl_recv {
...
...
pkg/varnish/vcl/testdata/primaryonly_shard.golden
View file @
6976e9ad
...
...
@@ -3,6 +3,7 @@ import std;
import directors;
import blob;
import blobdigest;
import taskvar;
probe vk8s_probe_varnish {
.request = "HEAD /vk8s_cluster_health HTTP/1.1"
...
...
@@ -15,19 +16,19 @@ probe vk8s_probe_varnish {
.threshold = 3;
}
backend vk8s_default_varnish-8445d4f7f-z2b9p
_80
{
backend vk8s_default_varnish-8445d4f7f-z2b9p {
.host = "172.17.0.12";
.port = "80";
.probe = vk8s_probe_varnish;
}
backend vk8s_
viking-service_172_17_0_13_80
{
backend vk8s_
_
{
.host = "172.17.0.13";
.port = "80";
.probe = vk8s_probe_varnish;
}
backend vk8s_default_varnish-8445d4f7f-ldljf
_80
{
backend vk8s_default_varnish-8445d4f7f-ldljf {
.host = "172.17.0.14";
.port = "80";
.probe = vk8s_probe_varnish;
...
...
@@ -43,19 +44,20 @@ sub vcl_init {
new vk8s_cluster_param = directors.shard_param();
new vk8s_cluster = directors.shard();
vk8s_cluster.associate(vk8s_cluster_param.use());
vk8s_cluster.add_backend(vk8s_default_varnish-8445d4f7f-z2b9p
_80
);
vk8s_cluster.add_backend(vk8s_
viking-service_172_17_0_13_80
);
vk8s_cluster.add_backend(vk8s_default_varnish-8445d4f7f-ldljf
_80
);
vk8s_cluster.add_backend(vk8s_default_varnish-8445d4f7f-z2b9p);
vk8s_cluster.add_backend(vk8s_
_
);
vk8s_cluster.add_backend(vk8s_default_varnish-8445d4f7f-ldljf);
vk8s_cluster.reconfigure();
new vk8s_cluster_primary = taskvar.backend();
}
sub vcl_recv {
unset req.http.VK8S-Shard-Primary-Only;
vk8s_cluster_primary.set(vk8s_cluster.backend(resolve=NOW));
if (remote.ip !~ vk8s_cluster_acl
&& "" + vk8s_cluster.backend(resolve=NOW) != server.identity) {
set req.http.VK8S-Shard-Primary-Only = "true";
set req.backend_hint = vk8s_cluster.backend(resolve=NOW);
return (pass);
&& "" + vk8s_cluster_primary.get() != server.identity) {
set req.backend_hint = vk8s_cluster_primary.get();
return (pipe);
}
else if (remote.ip ~ vk8s_cluster_acl) {
if (req.http.Host == "vk8s_cluster") {
...
...
@@ -77,16 +79,7 @@ sub vcl_recv {
}
}
sub vcl_pass {
if (req.http.VK8S-Shard-Primary-Only) {
return (fetch);
}
}
sub vcl_backend_fetch {
if (bereq.http.VK8S-Shard-Primary-Only) {
return (fetch);
}
vk8s_cluster_param.set();
if (bereq.retries == 0
&& !bereq.uncacheable
...
...
@@ -99,9 +92,6 @@ sub vcl_backend_fetch {
}
sub vcl_backend_response {
if (bereq.http.VK8S-Shard-Primary-Only) {
return (deliver);
}
if (bereq.backend == vk8s_cluster.backend(resolve=LAZY)) {
if (beresp.http.VK8S-Cluster-TTL) {
set beresp.ttl = std.duration(
...
...
@@ -125,11 +115,8 @@ sub vcl_backend_error {
}
sub vcl_deliver {
if (req.http.VK8S-Shard-Primary-Only) {
return (deliver);
}
unset resp.http.VK8S-Cluster-TTL;
if (remote.ip ~ vk8s_cluster_acl) {
if (remote.ip ~ vk8s_cluster_acl
&& ! vk8s_cluster_primary.defined()
) {
if (! obj.uncacheable) {
set resp.http.VK8S-Cluster-TTL = obj.ttl;
}
...
...
pkg/varnish/vcl/testdata/shard.golden
View file @
6976e9ad
...
...
@@ -3,6 +3,7 @@ import std;
import directors;
import blob;
import blobdigest;
import taskvar;
probe vk8s_probe_varnish {
.request = "HEAD /vk8s_cluster_health HTTP/1.1"
...
...
@@ -15,19 +16,19 @@ probe vk8s_probe_varnish {
.threshold = 3;
}
backend vk8s_default_varnish-8445d4f7f-z2b9p
_80
{
backend vk8s_default_varnish-8445d4f7f-z2b9p {
.host = "172.17.0.12";
.port = "80";
.probe = vk8s_probe_varnish;
}
backend vk8s_
viking-service_172_17_0_13_80
{
backend vk8s_
_
{
.host = "172.17.0.13";
.port = "80";
.probe = vk8s_probe_varnish;
}
backend vk8s_default_varnish-8445d4f7f-ldljf
_80
{
backend vk8s_default_varnish-8445d4f7f-ldljf {
.host = "172.17.0.14";
.port = "80";
.probe = vk8s_probe_varnish;
...
...
@@ -43,10 +44,11 @@ sub vcl_init {
new vk8s_cluster_param = directors.shard_param();
new vk8s_cluster = directors.shard();
vk8s_cluster.associate(vk8s_cluster_param.use());
vk8s_cluster.add_backend(vk8s_default_varnish-8445d4f7f-z2b9p
_80
);
vk8s_cluster.add_backend(vk8s_
viking-service_172_17_0_13_80
);
vk8s_cluster.add_backend(vk8s_default_varnish-8445d4f7f-ldljf
_80
);
vk8s_cluster.add_backend(vk8s_default_varnish-8445d4f7f-z2b9p);
vk8s_cluster.add_backend(vk8s_
_
);
vk8s_cluster.add_backend(vk8s_default_varnish-8445d4f7f-ldljf);
vk8s_cluster.reconfigure();
}
sub vcl_recv {
...
...
pkg/varnish/vcl/testdata/shard_by_digest.golden
View file @
6976e9ad
...
...
@@ -3,6 +3,7 @@ import std;
import directors;
import blob;
import blobdigest;
import taskvar;
probe vk8s_probe_varnish {
.request = "HEAD /vk8s_cluster_health HTTP/1.1"
...
...
@@ -15,19 +16,19 @@ probe vk8s_probe_varnish {
.threshold = 3;
}
backend vk8s_default_varnish-8445d4f7f-z2b9p
_80
{
backend vk8s_default_varnish-8445d4f7f-z2b9p {
.host = "172.17.0.12";
.port = "80";
.probe = vk8s_probe_varnish;
}
backend vk8s_
viking-service_172_17_0_13_80
{
backend vk8s_
_
{
.host = "172.17.0.13";
.port = "80";
.probe = vk8s_probe_varnish;
}
backend vk8s_default_varnish-8445d4f7f-ldljf
_80
{
backend vk8s_default_varnish-8445d4f7f-ldljf {
.host = "172.17.0.14";
.port = "80";
.probe = vk8s_probe_varnish;
...
...
@@ -43,21 +44,22 @@ sub vcl_init {
new vk8s_cluster_param = directors.shard_param();
new vk8s_cluster = directors.shard();
vk8s_cluster.associate(vk8s_cluster_param.use());
vk8s_cluster.add_backend(vk8s_default_varnish-8445d4f7f-z2b9p
_80
);
vk8s_cluster.add_backend(vk8s_
viking-service_172_17_0_13_80
);
vk8s_cluster.add_backend(vk8s_default_varnish-8445d4f7f-ldljf
_80
);
vk8s_cluster.add_backend(vk8s_default_varnish-8445d4f7f-z2b9p);
vk8s_cluster.add_backend(vk8s_
_
);
vk8s_cluster.add_backend(vk8s_default_varnish-8445d4f7f-ldljf);
vk8s_cluster.reconfigure();
new vk8s_shard_digest = blobdigest.digest(SHA3_512);
new vk8s_cluster_primary = taskvar.backend();
}
sub vcl_recv {
unset req.http.VK8S-Shard-Primary-Only;
vk8s_shard_digest.update(blob.decode(encoded=req.http.Host));
vk8s_cluster_primary.set(vk8s_cluster.backend(resolve=NOW, by=BLOB, key_blob=vk8s_shard_digest.final()));
if (remote.ip !~ vk8s_cluster_acl
&& "" + vk8s_cluster.backend(resolve=NOW, by=BLOB, key_blob=vk8s_shard_digest.final()) != server.identity) {
set req.http.VK8S-Shard-Primary-Only = "true";
set req.backend_hint = vk8s_cluster.backend(resolve=NOW, by=BLOB, key_blob=vk8s_shard_digest.final());
return (pass);
&& "" + vk8s_cluster_primary.get() != server.identity) {
set req.backend_hint = vk8s_cluster_primary.get();
return (pipe);
}
else if (remote.ip ~ vk8s_cluster_acl) {
if (req.http.Host == "vk8s_cluster") {
...
...
@@ -79,16 +81,7 @@ sub vcl_recv {
}
}
sub vcl_pass {
if (req.http.VK8S-Shard-Primary-Only) {
return (fetch);
}
}
sub vcl_backend_fetch {
if (bereq.http.VK8S-Shard-Primary-Only) {
return (fetch);
}
vk8s_shard_digest.update(blob.decode(encoded=bereq.http.Host));
vk8s_cluster_param.set(by=BLOB, key_blob=vk8s_shard_digest.final());
if (bereq.retries == 0
...
...
@@ -102,9 +95,6 @@ sub vcl_backend_fetch {
}
sub vcl_backend_response {
if (bereq.http.VK8S-Shard-Primary-Only) {
return (deliver);
}
if (bereq.backend == vk8s_cluster.backend(resolve=LAZY)) {
if (beresp.http.VK8S-Cluster-TTL) {
set beresp.ttl = std.duration(
...
...
@@ -128,11 +118,8 @@ sub vcl_backend_error {
}
sub vcl_deliver {
if (req.http.VK8S-Shard-Primary-Only) {
return (deliver);
}
unset resp.http.VK8S-Cluster-TTL;
if (remote.ip ~ vk8s_cluster_acl) {
if (remote.ip ~ vk8s_cluster_acl
&& ! vk8s_cluster_primary.defined()
) {
if (! obj.uncacheable) {
set resp.http.VK8S-Cluster-TTL = obj.ttl;
}
...
...
pkg/varnish/vcl/testdata/shard_by_key.golden
View file @
6976e9ad
...
...
@@ -3,6 +3,7 @@ import std;
import directors;
import blob;
import blobdigest;
import taskvar;
probe vk8s_probe_varnish {
.request = "HEAD /vk8s_cluster_health HTTP/1.1"
...
...
@@ -15,19 +16,19 @@ probe vk8s_probe_varnish {
.threshold = 3;
}
backend vk8s_default_varnish-8445d4f7f-z2b9p
_80
{
backend vk8s_default_varnish-8445d4f7f-z2b9p {
.host = "172.17.0.12";
.port = "80";
.probe = vk8s_probe_varnish;
}
backend vk8s_
viking-service_172_17_0_13_80
{
backend vk8s_
_
{
.host = "172.17.0.13";
.port = "80";
.probe = vk8s_probe_varnish;
}
backend vk8s_default_varnish-8445d4f7f-ldljf
_80
{
backend vk8s_default_varnish-8445d4f7f-ldljf {
.host = "172.17.0.14";
.port = "80";
.probe = vk8s_probe_varnish;
...
...
@@ -43,19 +44,20 @@ sub vcl_init {
new vk8s_cluster_param = directors.shard_param();
new vk8s_cluster = directors.shard();
vk8s_cluster.associate(vk8s_cluster_param.use());
vk8s_cluster.add_backend(vk8s_default_varnish-8445d4f7f-z2b9p
_80
);
vk8s_cluster.add_backend(vk8s_
viking-service_172_17_0_13_80
);
vk8s_cluster.add_backend(vk8s_default_varnish-8445d4f7f-ldljf
_80
);
vk8s_cluster.add_backend(vk8s_default_varnish-8445d4f7f-z2b9p);
vk8s_cluster.add_backend(vk8s_
_
);
vk8s_cluster.add_backend(vk8s_default_varnish-8445d4f7f-ldljf);
vk8s_cluster.reconfigure();
new vk8s_cluster_primary = taskvar.backend();
}
sub vcl_recv {
unset req.http.VK8S-Shard-Primary-Only;
vk8s_cluster_primary.set(vk8s_cluster.backend(resolve=NOW, by=KEY, key=vk8s_cluster.key(req.http.Host)));
if (remote.ip !~ vk8s_cluster_acl
&& "" + vk8s_cluster.backend(resolve=NOW, by=KEY, key=vk8s_cluster.key(req.http.Host)) != server.identity) {
set req.http.VK8S-Shard-Primary-Only = "true";
set req.backend_hint = vk8s_cluster.backend(resolve=NOW, by=KEY, key=vk8s_cluster.key(req.http.Host));
return (pass);
&& "" + vk8s_cluster_primary.get() != server.identity) {
set req.backend_hint = vk8s_cluster_primary.get();
return (pipe);
}
else if (remote.ip ~ vk8s_cluster_acl) {
if (req.http.Host == "vk8s_cluster") {
...
...
@@ -77,16 +79,7 @@ sub vcl_recv {
}
}
sub vcl_pass {
if (req.http.VK8S-Shard-Primary-Only) {
return (fetch);
}
}
sub vcl_backend_fetch {
if (bereq.http.VK8S-Shard-Primary-Only) {
return (fetch);
}
vk8s_cluster_param.set(by=KEY, key=vk8s_cluster.key(bereq.http.Host));
if (bereq.retries == 0
&& !bereq.uncacheable
...
...
@@ -99,9 +92,6 @@ sub vcl_backend_fetch {
}
sub vcl_backend_response {
if (bereq.http.VK8S-Shard-Primary-Only) {
return (deliver);
}
if (bereq.backend == vk8s_cluster.backend(resolve=LAZY)) {
if (beresp.http.VK8S-Cluster-TTL) {
set beresp.ttl = std.duration(
...
...
@@ -125,11 +115,8 @@ sub vcl_backend_error {
}
sub vcl_deliver {
if (req.http.VK8S-Shard-Primary-Only) {
return (deliver);
}
unset resp.http.VK8S-Cluster-TTL;
if (remote.ip ~ vk8s_cluster_acl) {
if (remote.ip ~ vk8s_cluster_acl
&& ! vk8s_cluster_primary.defined()
) {
if (! obj.uncacheable) {
set resp.http.VK8S-Cluster-TTL = obj.ttl;
}
...
...
pkg/varnish/vcl/testdata/shard_by_url.golden
View file @
6976e9ad
...
...
@@ -3,6 +3,7 @@ import std;
import directors;
import blob;
import blobdigest;
import taskvar;
probe vk8s_probe_varnish {
.request = "HEAD /vk8s_cluster_health HTTP/1.1"
...
...
@@ -15,19 +16,19 @@ probe vk8s_probe_varnish {
.threshold = 3;
}
backend vk8s_default_varnish-8445d4f7f-z2b9p
_80
{
backend vk8s_default_varnish-8445d4f7f-z2b9p {
.host = "172.17.0.12";
.port = "80";
.probe = vk8s_probe_varnish;
}
backend vk8s_
viking-service_172_17_0_13_80
{
backend vk8s_
_
{
.host = "172.17.0.13";
.port = "80";
.probe = vk8s_probe_varnish;
}
backend vk8s_default_varnish-8445d4f7f-ldljf
_80
{
backend vk8s_default_varnish-8445d4f7f-ldljf {
.host = "172.17.0.14";
.port = "80";
.probe = vk8s_probe_varnish;
...
...
@@ -43,19 +44,20 @@ sub vcl_init {
new vk8s_cluster_param = directors.shard_param();
new vk8s_cluster = directors.shard();
vk8s_cluster.associate(vk8s_cluster_param.use());
vk8s_cluster.add_backend(vk8s_default_varnish-8445d4f7f-z2b9p
_80
);
vk8s_cluster.add_backend(vk8s_
viking-service_172_17_0_13_80
);
vk8s_cluster.add_backend(vk8s_default_varnish-8445d4f7f-ldljf
_80
);
vk8s_cluster.add_backend(vk8s_default_varnish-8445d4f7f-z2b9p);
vk8s_cluster.add_backend(vk8s_
_
);
vk8s_cluster.add_backend(vk8s_default_varnish-8445d4f7f-ldljf);
vk8s_cluster.reconfigure();
new vk8s_cluster_primary = taskvar.backend();
}
sub vcl_recv {
unset req.http.VK8S-Shard-Primary-Only;
vk8s_cluster_primary.set(vk8s_cluster.backend(resolve=NOW, by=URL));
if (remote.ip !~ vk8s_cluster_acl
&& "" + vk8s_cluster.backend(resolve=NOW, by=URL) != server.identity) {
set req.http.VK8S-Shard-Primary-Only = "true";
set req.backend_hint = vk8s_cluster.backend(resolve=NOW, by=URL);
return (pass);
&& "" + vk8s_cluster_primary.get() != server.identity) {
set req.backend_hint = vk8s_cluster_primary.get();
return (pipe);
}
else if (remote.ip ~ vk8s_cluster_acl) {
if (req.http.Host == "vk8s_cluster") {
...
...
@@ -77,16 +79,7 @@ sub vcl_recv {
}
}
sub vcl_pass {
if (req.http.VK8S-Shard-Primary-Only) {
return (fetch);
}
}
sub vcl_backend_fetch {
if (bereq.http.VK8S-Shard-Primary-Only) {
return (fetch);
}
vk8s_cluster_param.set(by=URL);
if (bereq.retries == 0
&& !bereq.uncacheable
...
...
@@ -99,9 +92,6 @@ sub vcl_backend_fetch {
}
sub vcl_backend_response {
if (bereq.http.VK8S-Shard-Primary-Only) {
return (deliver);
}
if (bereq.backend == vk8s_cluster.backend(resolve=LAZY)) {
if (beresp.http.VK8S-Cluster-TTL) {
set beresp.ttl = std.duration(
...
...
@@ -125,11 +115,8 @@ sub vcl_backend_error {
}
sub vcl_deliver {
if (req.http.VK8S-Shard-Primary-Only) {
return (deliver);
}
unset resp.http.VK8S-Cluster-TTL;
if (remote.ip ~ vk8s_cluster_acl) {
if (remote.ip ~ vk8s_cluster_acl
&& ! vk8s_cluster_primary.defined()
) {
if (! obj.uncacheable) {
set resp.http.VK8S-Cluster-TTL = obj.ttl;
}
...
...
test/e2e.sh
View file @
6976e9ad
...
...
@@ -80,6 +80,9 @@ make EXAMPLE=shard-by-url deploy verify undeploy
echo
Self-sharding by key example
make
EXAMPLE
=
shard-by-key deploy verify undeploy
echo
Primary-only self-sharding by client.identity as key
make
EXAMPLE
=
primary-only-by-clientid deploy verify undeploy
echo
Basic Authentication example
cd
${
MYPATH
}
/../examples/authentication/
make
EXAMPLE
=
basic-auth deploy verify undeploy
...
...
test/e2e/tmplcfg/tmplcfg.yaml
View file @
6976e9ad
...
...
@@ -426,6 +426,7 @@ spec:
import directors;
import blob;
import blobdigest;
import taskvar;
probe vk8s_probe_varnish {
.request = "HEAD /vk8s_cluster_health HTTP/1.1"
...
...
@@ -449,7 +450,7 @@ spec:
}
{{range $node := .Nodes -}}
backend {{
backend
Name $node}} {
backend {{
node
Name $node}} {
.host = "{{(index $node.Addresses 0).IP}}";
.port = "{{(index $node.Addresses 0).Port}}";
.probe = vk8s_probe_varnish;
...
...
@@ -468,23 +469,24 @@ spec:
new vk8s_cluster = directors.shard();
vk8s_cluster.associate(vk8s_cluster_param.use());
{{range $node := .Nodes -}}
vk8s_cluster.add_backend({{
backend
Name $node}});
vk8s_cluster.add_backend({{
node
Name $node}});
{{end -}}
vk8s_cluster.reconfigure();
{{- digest_init . }}
{{ if .PrimaryOnly -}}
new vk8s_cluster_primary = taskvar.backend();
{{
- end
}}
}
sub vcl_recv {
{{ if .PrimaryOnly -}}
unset req.http.VK8S-Shard-Primary-Only;
{{- digest_update 'c' . }}
vk8s_cluster_primary.set(vk8s_cluster.backend(resolve=NOW
{{
- key 'c' .
}}
));
if (remote.ip !~ vk8s_cluster_acl
&& "" + vk8s_cluster.backend(resolve=NOW
{{- key 'c' .}}) != server.identity) {
set req.http.VK8S-Shard-Primary-Only = "true";
set req.backend_hint = vk8s_cluster.backend(resolve=NOW
{{- key 'c' .}});
return (pass);
&&
"
"
+ vk8s_cluster_primary.get() != server.identity) {
set req.backend_hint = vk8s_cluster_primary.get();
return (pipe);
}
else {{ end }}if (remote.ip ~ vk8s_cluster_acl) {
if (req.http.Host == "vk8s_cluster") {
...
...
@@ -505,19 +507,8 @@ spec:
return (hash);
}
}
{{ if .PrimaryOnly }}
sub vcl_pass {
if (req.http.VK8S-Shard-Primary-Only) {
return (fetch);
}
}
{{ end }}
sub vcl_backend_fetch {
{{- if .PrimaryOnly }}
if (bereq.http.VK8S-Shard-Primary-Only) {
return (fetch);
}
{{- end }}
{{- digest_update 'b' . }}
vk8s_cluster_param.set({{ key 'b' .}});
if (bereq.retries == 0
...
...
@@ -531,11 +522,7 @@ spec:
}
sub vcl_backend_response {
{{- if .PrimaryOnly }}
if (bereq.http.VK8S-Shard-Primary-Only) {
return (deliver);
}
{{- end }}
set beresp.http.Shard-Template = "override";
if (bereq.backend == vk8s_cluster.backend(resolve=LAZY)) {
if (beresp.http.VK8S-Cluster-TTL) {
set beresp.ttl = std.duration(
...
...
@@ -560,13 +547,9 @@ spec:
sub vcl_deliver {
set resp.http.Shard-Template = "override";
{{- if .PrimaryOnly }}
if (req.http.VK8S-Shard-Primary-Only) {
return (deliver);
}
{{- end }}
unset resp.http.VK8S-Cluster-TTL;
if (remote.ip ~ vk8s_cluster_acl) {
if (remote.ip ~ vk8s_cluster_acl
{{
- if .PrimaryOnly
}}
&&
!
vk8s_cluster_primary.defined()
{{
- end
}}
) {
if (! obj.uncacheable) {
set resp.http.VK8S-Cluster-TTL = obj.ttl;
}
...
...
test/e2e/tmplcfg/values.yaml
View file @
6976e9ad
...
...
@@ -546,6 +546,7 @@ templates:
import directors;
import blob;
import blobdigest;
import taskvar;
probe vk8s_probe_varnish {
.request = "HEAD /vk8s_cluster_health HTTP/1.1"
...
...
@@ -569,7 +570,7 @@ templates:
}
{{range $node := .Nodes -}}
backend {{
backend
Name $node}} {
backend {{
node
Name $node}} {
.host = "{{(index $node.Addresses 0).IP}}";
.port = "{{(index $node.Addresses 0).Port}}";
.probe = vk8s_probe_varnish;
...
...
@@ -588,23 +589,24 @@ templates:
new vk8s_cluster = directors.shard();
vk8s_cluster.associate(vk8s_cluster_param.use());
{{range $node := .Nodes -}}
vk8s_cluster.add_backend({{
backend
Name $node}});
vk8s_cluster.add_backend({{
node
Name $node}});
{{end -}}
vk8s_cluster.reconfigure();
{{- digest_init . }}
{{ if .PrimaryOnly -}}
new vk8s_cluster_primary = taskvar.backend();
{{- end }}
}
sub vcl_recv {
{{ if .PrimaryOnly -}}
unset req.http.VK8S-Shard-Primary-Only;
{{- digest_update 'c' . }}
vk8s_cluster_primary.set(vk8s_cluster.backend(resolve=NOW
{{- key 'c' .}}));
if (remote.ip !~ vk8s_cluster_acl
&& "" + vk8s_cluster.backend(resolve=NOW
{{- key 'c' .}}) != server.identity) {
set req.http.VK8S-Shard-Primary-Only = "true";
set req.backend_hint = vk8s_cluster.backend(resolve=NOW
{{- key 'c' .}});
return (pass);
&& "" + vk8s_cluster_primary.get() != server.identity) {
set req.backend_hint = vk8s_cluster_primary.get();
return (pipe);
}
else {{ end }}if (remote.ip ~ vk8s_cluster_acl) {
if (req.http.Host == "vk8s_cluster") {
...
...
@@ -625,19 +627,8 @@ templates:
return (hash);
}
}
{{ if .PrimaryOnly }}
sub vcl_pass {
if (req.http.VK8S-Shard-Primary-Only) {
return (fetch);
}
}
{{ end }}
sub vcl_backend_fetch {
{{- if .PrimaryOnly }}
if (bereq.http.VK8S-Shard-Primary-Only) {
return (fetch);
}
{{- end }}
{{- digest_update 'b' . }}
vk8s_cluster_param.set({{ key 'b' .}});
if (bereq.retries == 0
...
...
@@ -651,11 +642,7 @@ templates:
}
sub vcl_backend_response {
{{- if .PrimaryOnly }}
if (bereq.http.VK8S-Shard-Primary-Only) {
return (deliver);
}
{{- end }}
set beresp.http.Shard-Template = "override";
if (bereq.backend == vk8s_cluster.backend(resolve=LAZY)) {
if (beresp.http.VK8S-Cluster-TTL) {
set beresp.ttl = std.duration(
...
...
@@ -679,14 +666,9 @@ templates:
}
sub vcl_deliver {
set resp.http.Shard-Template = "override";
{{- if .PrimaryOnly }}
if (req.http.VK8S-Shard-Primary-Only) {
return (deliver);
}
{{- end }}
unset resp.http.VK8S-Cluster-TTL;
if (remote.ip ~ vk8s_cluster_acl) {
if (remote.ip ~ vk8s_cluster_acl
{{- if .PrimaryOnly }} && ! vk8s_cluster_primary.defined()
{{- end }}) {
if (! obj.uncacheable) {
set resp.http.VK8S-Cluster-TTL = obj.ttl;
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment