Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
k8s-ingress
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
3
Merge Requests
3
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Open sidebar
uplex-varnish
k8s-ingress
Commits
81a73994
Commit
81a73994
authored
Sep 02, 2020
by
Geoff Simmons
1
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
The admin Secret is identified by an annotation on the admin Service.
parent
3d3879a9
Changes
16
Hide whitespace changes
Inline
Side-by-side
Showing
16 changed files
with
49 additions
and
54 deletions
+49
-54
admin-service.yaml
charts/viking-service/templates/admin-service.yaml
+2
-0
admin-svc.yaml
deploy/admin-svc.yaml
+2
-0
admin-svc-coffee.yaml
...s/architectures/cluster-and-ns-wide/admin-svc-coffee.yaml
+2
-0
admin-svc-system.yaml
...s/architectures/cluster-and-ns-wide/admin-svc-system.yaml
+2
-0
admin-svc.yaml
examples/architectures/clusterwide/admin-svc.yaml
+2
-0
admin-svc-coffee.yaml
...ples/architectures/multi-controller/admin-svc-coffee.yaml
+2
-0
admin-svc-tea.yaml
examples/architectures/multi-controller/admin-svc-tea.yaml
+2
-0
admin-svc-coffee.yaml
...ples/architectures/multi-varnish-ns/admin-svc-coffee.yaml
+2
-0
admin-svc-tea.yaml
examples/architectures/multi-varnish-ns/admin-svc-tea.yaml
+2
-0
varnish.yaml
examples/file-cache/varnish.yaml
+2
-0
admin-svc.yaml
examples/namespace/admin-svc.yaml
+2
-0
cli-args.yaml
examples/varnish_pod_template/cli-args.yaml
+2
-0
env.yaml
examples/varnish_pod_template/env.yaml
+2
-0
proxy.yaml
examples/varnish_pod_template/proxy.yaml
+2
-0
secret.go
pkg/controller/secret.go
+6
-21
service.go
pkg/controller/service.go
+15
-33
No files found.
charts/viking-service/templates/admin-service.yaml
View file @
81a73994
...
@@ -9,6 +9,8 @@ metadata:
...
@@ -9,6 +9,8 @@ metadata:
# This label is used by the controller to find the pods to control.
# This label is used by the controller to find the pods to control.
app
:
varnish-ingress
app
:
varnish-ingress
name
:
{{
printf "%s-admin" (include "viking-service.fullname" . | trunc 57)
}}
name
:
{{
printf "%s-admin" (include "viking-service.fullname" . | trunc 57)
}}
annotations
:
viking.uplex.de/admSecret
:
{{
template "viking-service.admin-secret-name" .
}}
spec
:
spec
:
clusterIP
:
None
clusterIP
:
None
ports
:
ports
:
...
...
deploy/admin-svc.yaml
View file @
81a73994
...
@@ -4,6 +4,8 @@ metadata:
...
@@ -4,6 +4,8 @@ metadata:
name
:
varnish-ingress-admin
name
:
varnish-ingress-admin
labels
:
labels
:
app
:
varnish-ingress
app
:
varnish-ingress
annotations
:
viking.uplex.de/admSecret
:
adm-secret
spec
:
spec
:
clusterIP
:
None
clusterIP
:
None
ports
:
ports
:
...
...
examples/architectures/cluster-and-ns-wide/admin-svc-coffee.yaml
View file @
81a73994
...
@@ -5,6 +5,8 @@ metadata:
...
@@ -5,6 +5,8 @@ metadata:
namespace
:
cafe
namespace
:
cafe
labels
:
labels
:
app
:
varnish-ingress
app
:
varnish-ingress
annotations
:
viking.uplex.de/admSecret
:
adm-secret
spec
:
spec
:
clusterIP
:
None
clusterIP
:
None
ports
:
ports
:
...
...
examples/architectures/cluster-and-ns-wide/admin-svc-system.yaml
View file @
81a73994
...
@@ -5,6 +5,8 @@ metadata:
...
@@ -5,6 +5,8 @@ metadata:
namespace
:
kube-system
namespace
:
kube-system
labels
:
labels
:
app
:
varnish-ingress
app
:
varnish-ingress
annotations
:
viking.uplex.de/admSecret
:
adm-secret
spec
:
spec
:
clusterIP
:
None
clusterIP
:
None
ports
:
ports
:
...
...
examples/architectures/clusterwide/admin-svc.yaml
View file @
81a73994
...
@@ -5,6 +5,8 @@ metadata:
...
@@ -5,6 +5,8 @@ metadata:
namespace
:
kube-system
namespace
:
kube-system
labels
:
labels
:
app
:
varnish-ingress
app
:
varnish-ingress
annotations
:
viking.uplex.de/admSecret
:
adm-secret
spec
:
spec
:
clusterIP
:
None
clusterIP
:
None
ports
:
ports
:
...
...
examples/architectures/multi-controller/admin-svc-coffee.yaml
View file @
81a73994
...
@@ -5,6 +5,8 @@ metadata:
...
@@ -5,6 +5,8 @@ metadata:
namespace
:
cafe
namespace
:
cafe
labels
:
labels
:
app
:
varnish-ingress
app
:
varnish-ingress
annotations
:
viking.uplex.de/admSecret
:
coffee-secret
spec
:
spec
:
clusterIP
:
None
clusterIP
:
None
ports
:
ports
:
...
...
examples/architectures/multi-controller/admin-svc-tea.yaml
View file @
81a73994
...
@@ -5,6 +5,8 @@ metadata:
...
@@ -5,6 +5,8 @@ metadata:
namespace
:
cafe
namespace
:
cafe
labels
:
labels
:
app
:
varnish-ingress
app
:
varnish-ingress
annotations
:
viking.uplex.de/admSecret
:
tea-secret
spec
:
spec
:
clusterIP
:
None
clusterIP
:
None
ports
:
ports
:
...
...
examples/architectures/multi-varnish-ns/admin-svc-coffee.yaml
View file @
81a73994
...
@@ -5,6 +5,8 @@ metadata:
...
@@ -5,6 +5,8 @@ metadata:
namespace
:
cafe
namespace
:
cafe
labels
:
labels
:
app
:
varnish-ingress
app
:
varnish-ingress
annotations
:
viking.uplex.de/admSecret
:
coffee-secret
spec
:
spec
:
clusterIP
:
None
clusterIP
:
None
ports
:
ports
:
...
...
examples/architectures/multi-varnish-ns/admin-svc-tea.yaml
View file @
81a73994
...
@@ -5,6 +5,8 @@ metadata:
...
@@ -5,6 +5,8 @@ metadata:
namespace
:
cafe
namespace
:
cafe
labels
:
labels
:
app
:
varnish-ingress
app
:
varnish-ingress
annotations
:
viking.uplex.de/admSecret
:
tea-secret
spec
:
spec
:
clusterIP
:
None
clusterIP
:
None
ports
:
ports
:
...
...
examples/file-cache/varnish.yaml
View file @
81a73994
...
@@ -25,6 +25,8 @@ metadata:
...
@@ -25,6 +25,8 @@ metadata:
name
:
viking-service-file-cache-admin
name
:
viking-service-file-cache-admin
labels
:
labels
:
app
:
varnish-ingress
app
:
varnish-ingress
annotations
:
viking.uplex.de/admSecret
:
adm-secret
spec
:
spec
:
clusterIP
:
None
clusterIP
:
None
ports
:
ports
:
...
...
examples/namespace/admin-svc.yaml
View file @
81a73994
...
@@ -5,6 +5,8 @@ metadata:
...
@@ -5,6 +5,8 @@ metadata:
namespace
:
varnish-ingress
namespace
:
varnish-ingress
labels
:
labels
:
app
:
varnish-ingress
app
:
varnish-ingress
annotations
:
viking.uplex.de/admSecret
:
adm-secret
spec
:
spec
:
clusterIP
:
None
clusterIP
:
None
ports
:
ports
:
...
...
examples/varnish_pod_template/cli-args.yaml
View file @
81a73994
...
@@ -25,6 +25,8 @@ metadata:
...
@@ -25,6 +25,8 @@ metadata:
name
:
pod-template-examples-admin
name
:
pod-template-examples-admin
labels
:
labels
:
app
:
varnish-ingress
app
:
varnish-ingress
annotations
:
viking.uplex.de/admSecret
:
adm-secret
spec
:
spec
:
clusterIP
:
None
clusterIP
:
None
ports
:
ports
:
...
...
examples/varnish_pod_template/env.yaml
View file @
81a73994
...
@@ -25,6 +25,8 @@ metadata:
...
@@ -25,6 +25,8 @@ metadata:
name
:
pod-template-examples-admin
name
:
pod-template-examples-admin
labels
:
labels
:
app
:
varnish-ingress
app
:
varnish-ingress
annotations
:
viking.uplex.de/admSecret
:
adm-secret
spec
:
spec
:
clusterIP
:
None
clusterIP
:
None
ports
:
ports
:
...
...
examples/varnish_pod_template/proxy.yaml
View file @
81a73994
...
@@ -25,6 +25,8 @@ metadata:
...
@@ -25,6 +25,8 @@ metadata:
name
:
pod-template-examples-admin
name
:
pod-template-examples-admin
labels
:
labels
:
app
:
varnish-ingress
app
:
varnish-ingress
annotations
:
viking.uplex.de/admSecret
:
adm-secret
spec
:
spec
:
clusterIP
:
None
clusterIP
:
None
ports
:
ports
:
...
...
pkg/controller/secret.go
View file @
81a73994
...
@@ -47,6 +47,7 @@ const (
...
@@ -47,6 +47,7 @@ const (
admSecretKey
=
"admin"
admSecretKey
=
"admin"
dplaneSecretKey
=
"dataplaneapi"
dplaneSecretKey
=
"dataplaneapi"
vikingSecretLabelKey
=
vikingLabelPfx
+
"secret"
vikingSecretLabelKey
=
vikingLabelPfx
+
"secret"
vikingAdmSecretKey
=
vikingLabelPfx
+
"admSecret"
vikingAdmSecretVal
=
"admin"
vikingAdmSecretVal
=
"admin"
vikingAuthSecretVal
=
"auth"
vikingAuthSecretVal
=
"auth"
)
)
...
@@ -139,33 +140,17 @@ func (worker *NamespaceWorker) deleteTLSSecret(
...
@@ -139,33 +140,17 @@ func (worker *NamespaceWorker) deleteTLSSecret(
}
}
func
(
worker
*
NamespaceWorker
)
getVarnishSvcsForSecret
(
func
(
worker
*
NamespaceWorker
)
getVarnishSvcsForSecret
(
secretName
string
)
([]
*
api_v1
.
Service
,
error
)
{
secretName
string
,
)
([]
*
api_v1
.
Service
,
error
)
{
var
secrSvcs
[]
*
api_v1
.
Service
var
secrSvcs
[]
*
api_v1
.
Service
svcs
,
err
:=
worker
.
svc
.
List
(
varnishIngressSelector
)
svcs
,
err
:=
worker
.
svc
.
List
(
varnishIngressSelector
)
if
err
!=
nil
{
if
err
!=
nil
{
return
secrSvcs
,
err
return
secrSvcs
,
err
}
}
for
_
,
svc
:=
range
svcs
{
for
_
,
svc
:=
range
svcs
{
pods
,
err
:=
worker
.
getPods
(
svc
)
if
s
,
ok
:=
svc
.
Annotations
[
vikingAdmSecretKey
];
ok
&&
if
err
!=
nil
{
s
==
secretName
{
return
secrSvcs
,
err
secrSvcs
=
append
(
secrSvcs
,
svc
)
}
if
len
(
pods
.
Items
)
==
0
{
continue
}
// The secret is meant for the service if a
// SecretVolumeSource is specified in the Pod spec
// that names the secret.
pod
:=
pods
.
Items
[
0
]
for
_
,
vol
:=
range
pod
.
Spec
.
Volumes
{
if
vol
.
Secret
==
nil
{
continue
}
if
vol
.
Secret
.
SecretName
==
secretName
{
secrSvcs
=
append
(
secrSvcs
,
svc
)
}
}
}
}
}
return
secrSvcs
,
nil
return
secrSvcs
,
nil
...
...
pkg/controller/service.go
View file @
81a73994
...
@@ -317,42 +317,24 @@ func (worker *NamespaceWorker) syncSvc(key string) update.Status {
...
@@ -317,42 +317,24 @@ func (worker *NamespaceWorker) syncSvc(key string) update.Status {
return
status
return
status
}
}
secrName
:=
""
worker
.
log
.
Tracef
(
"Searching annotations for the secret for %s/%s"
,
worker
.
log
.
Tracef
(
"Searching Pods for the secret for %s/%s"
,
svc
.
Namespace
,
svc
.
Name
)
svc
.
Namespace
,
svc
.
Name
)
pods
,
err
:=
worker
.
getPods
(
svc
)
secrName
,
ok
:=
svc
.
Annotations
[
vikingAdmSecretKey
]
if
err
!=
nil
{
if
!
ok
{
return
IncompleteIfNotFound
(
err
,
return
update
.
MakeFatal
(
"Cannot get a Pod for service %s/%s: %v"
,
"Service %s/%s: missing required annotation %s"
,
svc
.
Namespace
,
svc
.
Name
,
err
)
svc
.
Namespace
,
svc
.
Name
,
vikingAdmSecretKey
)
}
if
len
(
pods
.
Items
)
==
0
{
return
update
.
MakeIncomplete
(
"No Pods for Service: %s/%s"
,
svc
.
Namespace
,
svc
.
Name
)
}
pod
:=
&
pods
.
Items
[
0
]
for
_
,
vol
:=
range
pod
.
Spec
.
Volumes
{
if
secretVol
:=
vol
.
Secret
;
secretVol
!=
nil
{
secrName
=
secretVol
.
SecretName
break
}
}
}
if
secrName
!=
""
{
worker
.
log
.
Infof
(
"Found secret name %s for Service %s/%s"
,
secrName
,
worker
.
log
.
Infof
(
"Found secret name %s/%s for Service %s/%s"
,
svc
.
Namespace
,
svc
.
Name
)
worker
.
namespace
,
secrName
,
svc
.
Namespace
,
svc
.
Name
)
if
secret
,
err
:=
worker
.
vsecr
.
Get
(
secrName
);
err
==
nil
{
if
secret
,
err
:=
worker
.
vsecr
.
Get
(
secrName
);
err
==
nil
{
err
=
worker
.
setSecret
(
secret
)
err
=
worker
.
setSecret
(
secret
)
if
err
!=
nil
{
if
err
!=
nil
{
return
update
.
MakeIncomplete
(
"%v"
,
err
)
return
update
.
MakeIncomplete
(
"%v"
,
err
)
}
}
else
{
worker
.
log
.
Warnf
(
"Cannot get Secret %s: %v"
,
secrName
,
err
)
}
}
}
else
{
}
else
{
worker
.
log
.
Warnf
(
"No secret found for Service %s/%s"
,
worker
.
log
.
Warnf
(
"Cannot get Secret %s: %v"
,
secrName
,
err
)
svc
.
Namespace
,
svc
.
Name
)
}
}
if
len
(
offldAddrs
)
>
0
{
if
len
(
offldAddrs
)
>
0
{
...
@@ -360,7 +342,7 @@ func (worker *NamespaceWorker) syncSvc(key string) update.Status {
...
@@ -360,7 +342,7 @@ func (worker *NamespaceWorker) syncSvc(key string) update.Status {
"%+v"
,
svc
.
Namespace
,
svc
.
Name
,
offldAddrs
)
"%+v"
,
svc
.
Namespace
,
svc
.
Name
,
offldAddrs
)
status
:=
worker
.
hController
.
AddOrUpdateOffloader
(
status
:=
worker
.
hController
.
AddOrUpdateOffloader
(
svc
.
Namespace
+
"/"
+
svc
.
Name
,
offldAddrs
,
svc
.
Namespace
+
"/"
+
svc
.
Name
,
offldAddrs
,
worker
.
n
amespace
+
"/"
+
secrName
)
svc
.
N
amespace
+
"/"
+
secrName
)
if
status
.
IsError
()
{
if
status
.
IsError
()
{
return
status
return
status
}
}
...
@@ -369,7 +351,7 @@ func (worker *NamespaceWorker) syncSvc(key string) update.Status {
...
@@ -369,7 +351,7 @@ func (worker *NamespaceWorker) syncSvc(key string) update.Status {
svc
.
Name
,
addrs
)
svc
.
Name
,
addrs
)
return
worker
.
vController
.
AddOrUpdateVarnishSvc
(
return
worker
.
vController
.
AddOrUpdateVarnishSvc
(
svc
.
Namespace
+
"/"
+
svc
.
Name
,
addrs
,
svc
.
Namespace
+
"/"
+
svc
.
Name
,
addrs
,
worker
.
n
amespace
+
"/"
+
secrName
,
!
updateVCL
)
svc
.
N
amespace
+
"/"
+
secrName
,
!
updateVCL
)
}
}
func
(
worker
*
NamespaceWorker
)
addSvc
(
key
string
)
update
.
Status
{
func
(
worker
*
NamespaceWorker
)
addSvc
(
key
string
)
update
.
Status
{
...
...
Nils Goroll
@slink
mentioned in commit
cdb28bac
·
Sep 03, 2020
mentioned in commit
cdb28bac
mentioned in commit cdb28bac279d846d6a4c584172db6fe79c3ad2c6
Toggle commit list
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment