Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
k8s-ingress
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
3
Merge Requests
3
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Open sidebar
uplex-varnish
k8s-ingress
Commits
81a73994
Commit
81a73994
authored
Sep 02, 2020
by
Geoff Simmons
1
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
The admin Secret is identified by an annotation on the admin Service.
parent
3d3879a9
Changes
16
Hide whitespace changes
Inline
Side-by-side
Showing
16 changed files
with
49 additions
and
54 deletions
+49
-54
admin-service.yaml
charts/viking-service/templates/admin-service.yaml
+2
-0
admin-svc.yaml
deploy/admin-svc.yaml
+2
-0
admin-svc-coffee.yaml
...s/architectures/cluster-and-ns-wide/admin-svc-coffee.yaml
+2
-0
admin-svc-system.yaml
...s/architectures/cluster-and-ns-wide/admin-svc-system.yaml
+2
-0
admin-svc.yaml
examples/architectures/clusterwide/admin-svc.yaml
+2
-0
admin-svc-coffee.yaml
...ples/architectures/multi-controller/admin-svc-coffee.yaml
+2
-0
admin-svc-tea.yaml
examples/architectures/multi-controller/admin-svc-tea.yaml
+2
-0
admin-svc-coffee.yaml
...ples/architectures/multi-varnish-ns/admin-svc-coffee.yaml
+2
-0
admin-svc-tea.yaml
examples/architectures/multi-varnish-ns/admin-svc-tea.yaml
+2
-0
varnish.yaml
examples/file-cache/varnish.yaml
+2
-0
admin-svc.yaml
examples/namespace/admin-svc.yaml
+2
-0
cli-args.yaml
examples/varnish_pod_template/cli-args.yaml
+2
-0
env.yaml
examples/varnish_pod_template/env.yaml
+2
-0
proxy.yaml
examples/varnish_pod_template/proxy.yaml
+2
-0
secret.go
pkg/controller/secret.go
+6
-21
service.go
pkg/controller/service.go
+15
-33
No files found.
charts/viking-service/templates/admin-service.yaml
View file @
81a73994
...
...
@@ -9,6 +9,8 @@ metadata:
# This label is used by the controller to find the pods to control.
app
:
varnish-ingress
name
:
{{
printf "%s-admin" (include "viking-service.fullname" . | trunc 57)
}}
annotations
:
viking.uplex.de/admSecret
:
{{
template "viking-service.admin-secret-name" .
}}
spec
:
clusterIP
:
None
ports
:
...
...
deploy/admin-svc.yaml
View file @
81a73994
...
...
@@ -4,6 +4,8 @@ metadata:
name
:
varnish-ingress-admin
labels
:
app
:
varnish-ingress
annotations
:
viking.uplex.de/admSecret
:
adm-secret
spec
:
clusterIP
:
None
ports
:
...
...
examples/architectures/cluster-and-ns-wide/admin-svc-coffee.yaml
View file @
81a73994
...
...
@@ -5,6 +5,8 @@ metadata:
namespace
:
cafe
labels
:
app
:
varnish-ingress
annotations
:
viking.uplex.de/admSecret
:
adm-secret
spec
:
clusterIP
:
None
ports
:
...
...
examples/architectures/cluster-and-ns-wide/admin-svc-system.yaml
View file @
81a73994
...
...
@@ -5,6 +5,8 @@ metadata:
namespace
:
kube-system
labels
:
app
:
varnish-ingress
annotations
:
viking.uplex.de/admSecret
:
adm-secret
spec
:
clusterIP
:
None
ports
:
...
...
examples/architectures/clusterwide/admin-svc.yaml
View file @
81a73994
...
...
@@ -5,6 +5,8 @@ metadata:
namespace
:
kube-system
labels
:
app
:
varnish-ingress
annotations
:
viking.uplex.de/admSecret
:
adm-secret
spec
:
clusterIP
:
None
ports
:
...
...
examples/architectures/multi-controller/admin-svc-coffee.yaml
View file @
81a73994
...
...
@@ -5,6 +5,8 @@ metadata:
namespace
:
cafe
labels
:
app
:
varnish-ingress
annotations
:
viking.uplex.de/admSecret
:
coffee-secret
spec
:
clusterIP
:
None
ports
:
...
...
examples/architectures/multi-controller/admin-svc-tea.yaml
View file @
81a73994
...
...
@@ -5,6 +5,8 @@ metadata:
namespace
:
cafe
labels
:
app
:
varnish-ingress
annotations
:
viking.uplex.de/admSecret
:
tea-secret
spec
:
clusterIP
:
None
ports
:
...
...
examples/architectures/multi-varnish-ns/admin-svc-coffee.yaml
View file @
81a73994
...
...
@@ -5,6 +5,8 @@ metadata:
namespace
:
cafe
labels
:
app
:
varnish-ingress
annotations
:
viking.uplex.de/admSecret
:
coffee-secret
spec
:
clusterIP
:
None
ports
:
...
...
examples/architectures/multi-varnish-ns/admin-svc-tea.yaml
View file @
81a73994
...
...
@@ -5,6 +5,8 @@ metadata:
namespace
:
cafe
labels
:
app
:
varnish-ingress
annotations
:
viking.uplex.de/admSecret
:
tea-secret
spec
:
clusterIP
:
None
ports
:
...
...
examples/file-cache/varnish.yaml
View file @
81a73994
...
...
@@ -25,6 +25,8 @@ metadata:
name
:
viking-service-file-cache-admin
labels
:
app
:
varnish-ingress
annotations
:
viking.uplex.de/admSecret
:
adm-secret
spec
:
clusterIP
:
None
ports
:
...
...
examples/namespace/admin-svc.yaml
View file @
81a73994
...
...
@@ -5,6 +5,8 @@ metadata:
namespace
:
varnish-ingress
labels
:
app
:
varnish-ingress
annotations
:
viking.uplex.de/admSecret
:
adm-secret
spec
:
clusterIP
:
None
ports
:
...
...
examples/varnish_pod_template/cli-args.yaml
View file @
81a73994
...
...
@@ -25,6 +25,8 @@ metadata:
name
:
pod-template-examples-admin
labels
:
app
:
varnish-ingress
annotations
:
viking.uplex.de/admSecret
:
adm-secret
spec
:
clusterIP
:
None
ports
:
...
...
examples/varnish_pod_template/env.yaml
View file @
81a73994
...
...
@@ -25,6 +25,8 @@ metadata:
name
:
pod-template-examples-admin
labels
:
app
:
varnish-ingress
annotations
:
viking.uplex.de/admSecret
:
adm-secret
spec
:
clusterIP
:
None
ports
:
...
...
examples/varnish_pod_template/proxy.yaml
View file @
81a73994
...
...
@@ -25,6 +25,8 @@ metadata:
name
:
pod-template-examples-admin
labels
:
app
:
varnish-ingress
annotations
:
viking.uplex.de/admSecret
:
adm-secret
spec
:
clusterIP
:
None
ports
:
...
...
pkg/controller/secret.go
View file @
81a73994
...
...
@@ -47,6 +47,7 @@ const (
admSecretKey
=
"admin"
dplaneSecretKey
=
"dataplaneapi"
vikingSecretLabelKey
=
vikingLabelPfx
+
"secret"
vikingAdmSecretKey
=
vikingLabelPfx
+
"admSecret"
vikingAdmSecretVal
=
"admin"
vikingAuthSecretVal
=
"auth"
)
...
...
@@ -139,33 +140,17 @@ func (worker *NamespaceWorker) deleteTLSSecret(
}
func
(
worker
*
NamespaceWorker
)
getVarnishSvcsForSecret
(
secretName
string
)
([]
*
api_v1
.
Service
,
error
)
{
secretName
string
,
)
([]
*
api_v1
.
Service
,
error
)
{
var
secrSvcs
[]
*
api_v1
.
Service
svcs
,
err
:=
worker
.
svc
.
List
(
varnishIngressSelector
)
if
err
!=
nil
{
return
secrSvcs
,
err
}
for
_
,
svc
:=
range
svcs
{
pods
,
err
:=
worker
.
getPods
(
svc
)
if
err
!=
nil
{
return
secrSvcs
,
err
}
if
len
(
pods
.
Items
)
==
0
{
continue
}
// The secret is meant for the service if a
// SecretVolumeSource is specified in the Pod spec
// that names the secret.
pod
:=
pods
.
Items
[
0
]
for
_
,
vol
:=
range
pod
.
Spec
.
Volumes
{
if
vol
.
Secret
==
nil
{
continue
}
if
vol
.
Secret
.
SecretName
==
secretName
{
secrSvcs
=
append
(
secrSvcs
,
svc
)
}
if
s
,
ok
:=
svc
.
Annotations
[
vikingAdmSecretKey
];
ok
&&
s
==
secretName
{
secrSvcs
=
append
(
secrSvcs
,
svc
)
}
}
return
secrSvcs
,
nil
...
...
pkg/controller/service.go
View file @
81a73994
...
...
@@ -317,42 +317,24 @@ func (worker *NamespaceWorker) syncSvc(key string) update.Status {
return
status
}
secrName
:=
""
worker
.
log
.
Tracef
(
"Searching Pods for the secret for %s/%s"
,
worker
.
log
.
Tracef
(
"Searching annotations for the secret for %s/%s"
,
svc
.
Namespace
,
svc
.
Name
)
pods
,
err
:=
worker
.
getPods
(
svc
)
if
err
!=
nil
{
return
IncompleteIfNotFound
(
err
,
"Cannot get a Pod for service %s/%s: %v"
,
svc
.
Namespace
,
svc
.
Name
,
err
)
}
if
len
(
pods
.
Items
)
==
0
{
return
update
.
MakeIncomplete
(
"No Pods for Service: %s/%s"
,
svc
.
Namespace
,
svc
.
Name
)
}
pod
:=
&
pods
.
Items
[
0
]
for
_
,
vol
:=
range
pod
.
Spec
.
Volumes
{
if
secretVol
:=
vol
.
Secret
;
secretVol
!=
nil
{
secrName
=
secretVol
.
SecretName
break
}
secrName
,
ok
:=
svc
.
Annotations
[
vikingAdmSecretKey
]
if
!
ok
{
return
update
.
MakeFatal
(
"Service %s/%s: missing required annotation %s"
,
svc
.
Namespace
,
svc
.
Name
,
vikingAdmSecretKey
)
}
if
secrName
!=
""
{
worker
.
log
.
Infof
(
"Found secret name %s/%s for Service %s/%s"
,
worker
.
namespace
,
secrName
,
svc
.
Namespace
,
svc
.
Name
)
worker
.
log
.
Infof
(
"Found secret name %s for Service %s/%s"
,
secrName
,
svc
.
Namespace
,
svc
.
Name
)
if
secret
,
err
:=
worker
.
vsecr
.
Get
(
secrName
);
err
==
nil
{
err
=
worker
.
setSecret
(
secret
)
if
err
!=
nil
{
return
update
.
MakeIncomplete
(
"%v"
,
err
)
}
}
else
{
worker
.
log
.
Warnf
(
"Cannot get Secret %s: %v"
,
secrName
,
err
)
if
secret
,
err
:=
worker
.
vsecr
.
Get
(
secrName
);
err
==
nil
{
err
=
worker
.
setSecret
(
secret
)
if
err
!=
nil
{
return
update
.
MakeIncomplete
(
"%v"
,
err
)
}
}
else
{
worker
.
log
.
Warnf
(
"No secret found for Service %s/%s"
,
svc
.
Namespace
,
svc
.
Name
)
worker
.
log
.
Warnf
(
"Cannot get Secret %s: %v"
,
secrName
,
err
)
}
if
len
(
offldAddrs
)
>
0
{
...
...
@@ -360,7 +342,7 @@ func (worker *NamespaceWorker) syncSvc(key string) update.Status {
"%+v"
,
svc
.
Namespace
,
svc
.
Name
,
offldAddrs
)
status
:=
worker
.
hController
.
AddOrUpdateOffloader
(
svc
.
Namespace
+
"/"
+
svc
.
Name
,
offldAddrs
,
worker
.
n
amespace
+
"/"
+
secrName
)
svc
.
N
amespace
+
"/"
+
secrName
)
if
status
.
IsError
()
{
return
status
}
...
...
@@ -369,7 +351,7 @@ func (worker *NamespaceWorker) syncSvc(key string) update.Status {
svc
.
Name
,
addrs
)
return
worker
.
vController
.
AddOrUpdateVarnishSvc
(
svc
.
Namespace
+
"/"
+
svc
.
Name
,
addrs
,
worker
.
n
amespace
+
"/"
+
secrName
,
!
updateVCL
)
svc
.
N
amespace
+
"/"
+
secrName
,
!
updateVCL
)
}
func
(
worker
*
NamespaceWorker
)
addSvc
(
key
string
)
update
.
Status
{
...
...
Nils Goroll
@slink
mentioned in commit
cdb28bac
·
Sep 03, 2020
mentioned in commit
cdb28bac
mentioned in commit cdb28bac279d846d6a4c584172db6fe79c3ad2c6
Toggle commit list
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment