Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
k8s-ingress
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
3
Merge Requests
3
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Open sidebar
uplex-varnish
k8s-ingress
Commits
ae7f797c
Commit
ae7f797c
authored
Feb 21, 2021
by
Geoff Simmons
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Implement TemplateConfig sync for all template types.
parent
dce8d546
Changes
13
Expand all
Hide whitespace changes
Inline
Side-by-side
Showing
13 changed files
with
1517 additions
and
34 deletions
+1517
-34
templateconfig.go
pkg/controller/templateconfig.go
+94
-0
auth_tmpl.go
pkg/varnish/vcl/auth_tmpl.go
+24
-0
recv_disposition_tmpl.go
pkg/varnish/vcl/recv_disposition_tmpl.go
+26
-0
rewrite_tmpl.go
pkg/varnish/vcl/rewrite_tmpl.go
+26
-0
self_shard_tmpl.go
pkg/varnish/vcl/self_shard_tmpl.go
+26
-0
vcl_tmpl.go
pkg/varnish/vcl/vcl_tmpl.go
+27
-0
Makefile
test/e2e/tmplcfg/Makefile
+4
-2
acl.yaml
test/e2e/tmplcfg/acl.yaml
+0
-24
auth-secrets.yaml
test/e2e/tmplcfg/auth-secrets.yaml
+13
-0
cafe.vtc
test/e2e/tmplcfg/cafe.vtc
+27
-6
tmplcfg.yaml
test/e2e/tmplcfg/tmplcfg.yaml
+529
-1
values.yaml
test/e2e/tmplcfg/values.yaml
+615
-1
vcfg.yaml
test/e2e/tmplcfg/vcfg.yaml
+106
-0
No files found.
pkg/controller/templateconfig.go
View file @
ae7f797c
...
...
@@ -47,6 +47,18 @@ func (worker *NamespaceWorker) syncTcfg(key string) update.Status {
tcfg
.
Name
,
tcfg
)
updates
:=
make
([]
string
,
0
,
ntmpls
)
if
tcfg
.
Spec
.
Ingress
!=
""
{
if
err
=
vcl
.
SetIngressTmpl
(
tcfg
.
Spec
.
Ingress
);
err
!=
nil
{
return
update
.
MakeFatal
(
"TemplateConfig %s/%s: Cannot parse ingress "
+
"template: %v"
,
tcfg
.
Namespace
,
tcfg
.
Name
,
err
)
}
worker
.
log
.
Infof
(
"TemplateConfig %s/%s: updated ingress template"
,
tcfg
.
Namespace
,
tcfg
.
Name
)
updates
=
append
(
updates
,
"ingress"
)
}
if
tcfg
.
Spec
.
ACL
!=
""
{
if
err
=
vcl
.
SetACLTmpl
(
tcfg
.
Spec
.
ACL
);
err
!=
nil
{
return
update
.
MakeFatal
(
...
...
@@ -58,6 +70,53 @@ func (worker *NamespaceWorker) syncTcfg(key string) update.Status {
tcfg
.
Namespace
,
tcfg
.
Name
)
updates
=
append
(
updates
,
"acl"
)
}
if
tcfg
.
Spec
.
Auth
!=
""
{
if
err
=
vcl
.
SetAuthTmpl
(
tcfg
.
Spec
.
Auth
);
err
!=
nil
{
return
update
.
MakeFatal
(
"TemplateConfig %s/%s: Cannot parse auth "
+
"template: %v"
,
tcfg
.
Namespace
,
tcfg
.
Name
,
err
)
}
worker
.
log
.
Infof
(
"TemplateConfig %s/%s: updated auth template"
,
tcfg
.
Namespace
,
tcfg
.
Name
)
updates
=
append
(
updates
,
"auth"
)
}
if
tcfg
.
Spec
.
ReqDisp
!=
""
{
if
err
=
vcl
.
SetReqDispTmpl
(
tcfg
.
Spec
.
ReqDisp
);
err
!=
nil
{
return
update
.
MakeFatal
(
"TemplateConfig %s/%s: Cannot parse reqDisp "
+
"template: %v"
,
tcfg
.
Namespace
,
tcfg
.
Name
,
err
)
}
worker
.
log
.
Infof
(
"TemplateConfig %s/%s: updated reqDisp template"
,
tcfg
.
Namespace
,
tcfg
.
Name
)
updates
=
append
(
updates
,
"reqDisp"
)
}
if
tcfg
.
Spec
.
Rewrite
!=
""
{
if
err
=
vcl
.
SetRewriteTmpl
(
tcfg
.
Spec
.
Rewrite
);
err
!=
nil
{
return
update
.
MakeFatal
(
"TemplateConfig %s/%s: Cannot parse rewrite "
+
"template: %v"
,
tcfg
.
Namespace
,
tcfg
.
Name
,
err
)
}
worker
.
log
.
Infof
(
"TemplateConfig %s/%s: updated rewrite template"
,
tcfg
.
Namespace
,
tcfg
.
Name
)
updates
=
append
(
updates
,
"rewrite"
)
}
if
tcfg
.
Spec
.
Shard
!=
""
{
if
err
=
vcl
.
SetShardTmpl
(
tcfg
.
Spec
.
Shard
);
err
!=
nil
{
return
update
.
MakeFatal
(
"TemplateConfig %s/%s: Cannot parse shard "
+
"template: %v"
,
tcfg
.
Namespace
,
tcfg
.
Name
,
err
)
}
worker
.
log
.
Infof
(
"TemplateConfig %s/%s: updated shard template"
,
tcfg
.
Namespace
,
tcfg
.
Name
)
updates
=
append
(
updates
,
"shard"
)
}
return
update
.
MakeSuccess
(
"TemplateConfig %s/%s: updated templates: %v"
,
tcfg
.
Namespace
,
...
...
@@ -76,7 +135,12 @@ func (worker *NamespaceWorker) deleteTcfg(obj interface{}) update.Status {
tcfg
,
ok
:=
obj
.
(
*
vcr_v1alpha1
.
TemplateConfig
)
if
!
ok
||
tcfg
==
nil
{
worker
.
log
.
Warnf
(
"Delete TemplateConfig: not found: %v"
,
obj
)
vcl
.
ResetIngressTmpl
()
vcl
.
ResetACLTmpl
()
vcl
.
ResetAuthTmpl
()
vcl
.
ResetReqDispTmpl
()
vcl
.
ResetRewriteTmpl
()
vcl
.
ResetShardTmpl
()
return
update
.
MakeSuccess
(
"TemplateConfig: all templates reset"
)
}
...
...
@@ -84,12 +148,42 @@ func (worker *NamespaceWorker) deleteTcfg(obj interface{}) update.Status {
tcfg
.
Name
)
resets
:=
make
([]
string
,
0
,
ntmpls
)
if
tcfg
.
Spec
.
Ingress
!=
""
{
vcl
.
ResetIngressTmpl
()
worker
.
log
.
Infof
(
"TemplateConfig %s/%s: reset ingress template"
,
tcfg
.
Namespace
,
tcfg
.
Name
)
resets
=
append
(
resets
,
"ingress"
)
}
if
tcfg
.
Spec
.
ACL
!=
""
{
vcl
.
ResetACLTmpl
()
worker
.
log
.
Infof
(
"TemplateConfig %s/%s: reset ACL template"
,
tcfg
.
Namespace
,
tcfg
.
Name
)
resets
=
append
(
resets
,
"acl"
)
}
if
tcfg
.
Spec
.
Auth
!=
""
{
vcl
.
ResetAuthTmpl
()
worker
.
log
.
Infof
(
"TemplateConfig %s/%s: reset auth template"
,
tcfg
.
Namespace
,
tcfg
.
Name
)
resets
=
append
(
resets
,
"auth"
)
}
if
tcfg
.
Spec
.
ReqDisp
!=
""
{
vcl
.
ResetReqDispTmpl
()
worker
.
log
.
Infof
(
"TemplateConfig %s/%s: reset reqDisp template"
,
tcfg
.
Namespace
,
tcfg
.
Name
)
resets
=
append
(
resets
,
"reqDisp"
)
}
if
tcfg
.
Spec
.
Rewrite
!=
""
{
vcl
.
ResetRewriteTmpl
()
worker
.
log
.
Infof
(
"TemplateConfig %s/%s: reset rewrite template"
,
tcfg
.
Namespace
,
tcfg
.
Name
)
resets
=
append
(
resets
,
"rewrite"
)
}
if
tcfg
.
Spec
.
Shard
!=
""
{
vcl
.
ResetShardTmpl
()
worker
.
log
.
Infof
(
"TemplateConfig %s/%s: reset shard template"
,
tcfg
.
Namespace
,
tcfg
.
Name
)
resets
=
append
(
resets
,
"shard"
)
}
return
update
.
MakeSuccess
(
"TemplateConfig %s/%s: reset templates: %v"
,
tcfg
.
Namespace
,
...
...
pkg/varnish/vcl/auth_tmpl.go
View file @
ae7f797c
...
...
@@ -91,3 +91,27 @@ var authFuncs = template.FuncMap{
var
authTmpl
=
template
.
Must
(
template
.
New
(
authTmplName
)
.
Funcs
(
authFuncs
)
.
Parse
(
authTmplSrc
))
// ResetAuthTmpl sets the VCL template for the VarnishConfig auth
// feature to its current "official" value. Invoked on TemplateConfig
// deletion, only needed when devmode is activated for the controller.
func
ResetAuthTmpl
()
{
authTmpl
=
template
.
Must
(
template
.
New
(
authTmplName
)
.
Funcs
(
authFuncs
)
.
Parse
(
authTmplSrc
))
}
// SetAuthTmpl parses src as a text/template, using the FuncMap
// defined for the auth template, which is used to generate VCL for
// the VarnishConfig auth feature. On success, the auth template is
// replaced. If the parse fails, then the error is returned and the
// auth template is unchanged.
//
// Only used when devmode is activated for the controller.
func
SetAuthTmpl
(
src
string
)
error
{
newTmpl
,
err
:=
template
.
New
(
authTmplName
)
.
Funcs
(
authFuncs
)
.
Parse
(
src
)
if
err
!=
nil
{
return
err
}
authTmpl
=
newTmpl
return
nil
}
pkg/varnish/vcl/recv_disposition_tmpl.go
View file @
ae7f797c
...
...
@@ -126,3 +126,29 @@ var reqDispFuncs = template.FuncMap{
var
reqDispTmpl
=
template
.
Must
(
template
.
New
(
reqDispTmplName
)
.
Funcs
(
reqDispFuncs
)
.
Parse
(
reqDispTmplSrc
))
// ResetReqDispTmpl sets the VCL template for the VarnishConfig
// reqDisp feature to its current "official" value. Invoked on
// TemplateConfig deletion, only needed when devmode is activated for
// the controller.
func
ResetReqDispTmpl
()
{
reqDispTmpl
=
template
.
Must
(
template
.
New
(
reqDispTmplName
)
.
Funcs
(
reqDispFuncs
)
.
Parse
(
reqDispTmplSrc
))
}
// SetReqDispTmpl parses src as a text/template, using the FuncMap
// defined for the reqDisp template, which is used to generate VCL for
// the VarnishConfig reqDisp feature. On success, the reqDisp template
// is replaced. If the parse fails, then the error is returned and the
// reqDisp template is unchanged.
//
// Only used when devmode is activated for the controller.
func
SetReqDispTmpl
(
src
string
)
error
{
newTmpl
,
err
:=
template
.
New
(
reqDispTmplName
)
.
Funcs
(
reqDispFuncs
)
.
Parse
(
src
)
if
err
!=
nil
{
return
err
}
reqDispTmpl
=
newTmpl
return
nil
}
pkg/varnish/vcl/rewrite_tmpl.go
View file @
ae7f797c
...
...
@@ -272,3 +272,29 @@ var rewriteFuncs = template.FuncMap{
var
rewriteTmpl
=
template
.
Must
(
template
.
New
(
rewriteTmplName
)
.
Funcs
(
rewriteFuncs
)
.
Parse
(
rewriteTmplSrc
))
// ResetRewriteTmpl sets the VCL template for the VarnishConfig
// rewrite feature to its current "official" value. Invoked on
// TemplateConfig deletion, only needed when devmode is activated for
// the controller.
func
ResetRewriteTmpl
()
{
rewriteTmpl
=
template
.
Must
(
template
.
New
(
rewriteTmplName
)
.
Funcs
(
rewriteFuncs
)
.
Parse
(
rewriteTmplSrc
))
}
// SetRewriteTmpl parses src as a text/template, using the FuncMap
// defined for the rewrite template, which is used to generate VCL for
// the VarnishConfig rewrite feature. On success, the rewrite template
// is replaced. If the parse fails, then the error is returned and the
// rewrite template is unchanged.
//
// Only used when devmode is activated for the controller.
func
SetRewriteTmpl
(
src
string
)
error
{
newTmpl
,
err
:=
template
.
New
(
rewriteTmplName
)
.
Funcs
(
rewriteFuncs
)
.
Parse
(
src
)
if
err
!=
nil
{
return
err
}
rewriteTmpl
=
newTmpl
return
nil
}
pkg/varnish/vcl/self_shard_tmpl.go
View file @
ae7f797c
...
...
@@ -241,3 +241,29 @@ var shardFuncMap = template.FuncMap{
var
shardTmpl
=
template
.
Must
(
template
.
New
(
selfShardName
)
.
Funcs
(
shardFuncMap
)
.
Parse
(
selfShardTmplSrc
))
// ResetShardTmpl sets the VCL template for the VarnishConfig
// shard feature to its current "official" value. Invoked on
// TemplateConfig deletion, only needed when devmode is activated for
// the controller.
func
ResetShardTmpl
()
{
shardTmpl
=
template
.
Must
(
template
.
New
(
selfShardName
)
.
Funcs
(
shardFuncMap
)
.
Parse
(
selfShardTmplSrc
))
}
// SetShardTmpl parses src as a text/template, using the FuncMap
// defined for the shard template, which is used to generate VCL for
// the VarnishConfig shard feature. On success, the shard template
// is replaced. If the parse fails, then the error is returned and the
// shard template is unchanged.
//
// Only used when devmode is activated for the controller.
func
SetShardTmpl
(
src
string
)
error
{
newTmpl
,
err
:=
template
.
New
(
selfShardName
)
.
Funcs
(
shardFuncMap
)
.
Parse
(
src
)
if
err
!=
nil
{
return
err
}
shardTmpl
=
newTmpl
return
nil
}
pkg/varnish/vcl/vcl_tmpl.go
View file @
ae7f797c
...
...
@@ -284,3 +284,30 @@ var vclFuncs = template.FuncMap{
var
ingressTmpl
=
template
.
Must
(
template
.
New
(
ingTmplName
)
.
Funcs
(
vclFuncs
)
.
Parse
(
ingTmplSrc
))
// ResetIngressTmpl sets the VCL template for Ingress implementation
// (routing rules and bakend configuration) to its current "official"
// value. Invoked on TemplateConfig deletion, only needed when devmode
// is activated for the controller.
func
ResetIngressTmpl
()
{
ingressTmpl
=
template
.
Must
(
template
.
New
(
ingTmplName
)
.
Funcs
(
vclFuncs
)
.
Parse
(
ingTmplSrc
))
}
// SetIngressTmpl parses src as a text/template, using the FuncMap
// defined for the ingress template, which is used to generate VCL for
// Ingress implementaion -- routing rules and backend configuration,
// including configuration set for the BackendConfig custom
// resource. On success, the ingress template is replaced. If the
// parse fails, then the error is returned and the shard template is
// unchanged.
//
// Only used when devmode is activated for the controller.
func
SetIngressTmpl
(
src
string
)
error
{
newTmpl
,
err
:=
template
.
New
(
ingTmplName
)
.
Funcs
(
vclFuncs
)
.
Parse
(
src
)
if
err
!=
nil
{
return
err
}
ingressTmpl
=
newTmpl
return
nil
}
test/e2e/tmplcfg/Makefile
View file @
ae7f797c
...
...
@@ -104,7 +104,8 @@ deploy-kubectl:
@
kubectl apply
-f
varnish.yaml
@
kubectl apply
-f
controller.yaml
@
kubectl apply
-f
tmplcfg.yaml
@
kubectl apply
-f
acl.yaml
@
kubectl apply
-f
auth-secrets.yaml
@
kubectl apply
-f
vcfg.yaml
@
kubectl apply
-f
cafe.yaml
@
kubectl apply
-f
cafe-ingress.yaml
...
...
@@ -129,7 +130,8 @@ undeploy-helm:
undeploy-kubectl
:
@
kubectl delete
-f
cafe-ingress.yaml
@
kubectl delete
-f
cafe.yaml
@
kubectl delete
-f
acl.yaml
@
kubectl delete
-f
vcfg.yaml
@
kubectl delete
-f
auth-secrets.yaml
@
kubectl delete
-f
tmplcfg.yaml
@
kubectl delete
-f
controller.yaml
@
kubectl delete
-f
varnish.yaml
...
...
test/e2e/tmplcfg/acl.yaml
deleted
100644 → 0
View file @
dce8d546
apiVersion
:
"
ingress.varnish-cache.org/v1alpha1"
kind
:
VarnishConfig
metadata
:
namespace
:
dev
name
:
acl-example-cfg
spec
:
services
:
-
varnish-ingress-admin
acl
:
-
name
:
local-private-ip4
addrs
:
-
addr
:
127.0.0.0
mask-bits
:
8
-
addr
:
10.0.0.0
mask-bits
:
24
-
addr
:
172.16.0.0
mask-bits
:
12
-
addr
:
192.168.0.0
mask-bits
:
16
result-header
:
header
:
req.http.X-ACL-Match
success
:
"
matched"
failure
:
"
failed"
test/e2e/tmplcfg/auth-secrets.yaml
0 → 100644
View file @
ae7f797c
apiVersion
:
v1
kind
:
Secret
metadata
:
namespace
:
dev
name
:
coffee-creds
labels
:
viking.uplex.de/secret
:
auth
type
:
Opaque
stringData
:
coffee-admin
:
superpowers
foo
:
bar
baz
:
quux
Aladdin
:
open sesame
test/e2e/tmplcfg/cafe.vtc
View file @
ae7f797c
# looks like -*- vcl -*-
varnishtest "cafe example
, ACLs with modified VCL template
"
varnishtest "cafe example
with modified VCL templates
"
client c1 -connect "${localhost} ${localport}" {
txreq -url /tea -hdr "Host: cafe.example.com"
rxresp
expect resp.status == 200
expect resp.http.X-Backend ~ "^vk8s_dev_"
expect resp.http.Ingress-Template == "override"
expect resp.http.X-ACL-Match == "matched"
expect resp.http.Template == "acl"
expect resp.http.ACL-Template == "override"
expect resp.http.Auth-Template == "override"
expect resp.http.ReqDisp-Template == "override"
expect resp.http.X-Cache ~ "HIT|MISS"
expect resp.http.Rewrite-Template == "override"
expect resp.http.Shard-Template == "override"
txreq -url /coffee/black -hdr "Host: cafe.example.com"
rxresp
expect resp.status == 200
expect resp.http.X-A
CL-Match == "matched"
expect resp.http.
Template == "acl"
expect resp.http.X-A
uth-Status == 60401
expect resp.http.
WWW-Authenticate == {Basic realm="coffee", charset="UTF-8"}
txreq -url /coffee -hdr "Host: cafe.example.com"
# credentials foo:bar
txreq -url /coffee -hdr "Host: cafe.example.com" \
-hdr "Authorization: Basic Zm9vOmJhcg=="
rxresp
expect resp.status == 200
expect resp.http.X-Backend ~ "^vk8s_dev_"
expect resp.http.Ingress-Template == "override"
expect resp.http.X-ACL-Match == "matched"
expect resp.http.Template == "acl"
expect resp.http.ACL-Template == "override"
expect resp.http.Auth-Template == "override"
expect resp.http.ReqDisp-Template == "override"
expect resp.http.X-Cache ~ "HIT|MISS"
expect resp.http.Rewrite-Template == "override"
expect resp.http.Shard-Template == "override"
txreq -req PURGE -url /tea -hdr "Host: cafe.example.com"
rxresp
expect resp.status == 200
expect resp.reason == "Purged"
} -run
test/e2e/tmplcfg/tmplcfg.yaml
View file @
ae7f797c
This diff is collapsed.
Click to expand it.
test/e2e/tmplcfg/values.yaml
View file @
ae7f797c
This diff is collapsed.
Click to expand it.
test/e2e/tmplcfg/vcfg.yaml
0 → 100644
View file @
ae7f797c
apiVersion
:
"
ingress.varnish-cache.org/v1alpha1"
kind
:
VarnishConfig
metadata
:
namespace
:
dev
name
:
acl-example-cfg
spec
:
services
:
-
varnish-ingress-admin
acl
:
-
name
:
local-private-ip4
addrs
:
-
addr
:
127.0.0.0
mask-bits
:
8
-
addr
:
10.0.0.0
mask-bits
:
24
-
addr
:
172.16.0.0
mask-bits
:
12
-
addr
:
192.168.0.0
mask-bits
:
16
result-header
:
header
:
req.http.X-ACL-Match
success
:
"
matched"
failure
:
"
failed"
auth
:
-
realm
:
coffee
secretName
:
coffee-creds
type
:
basic
utf8
:
true
conditions
:
-
comparand
:
req.http.Host
value
:
cafe.example.com
compare
:
equal
-
comparand
:
req.url
value
:
^/coffee($|/)
compare
:
match
req-disposition
:
-
conditions
:
-
comparand
:
req.http.Host
compare
:
not-exists
-
comparand
:
req.esi_level
count
:
0
-
comparand
:
req.proto
compare
:
prefix
values
:
-
HTTP/1.1
match-flags
:
case-insensitive
:
true
disposition
:
action
:
synth
status
:
400
-
conditions
:
-
comparand
:
req.method
compare
:
equal
values
:
-
PURGE
disposition
:
action
:
purge
-
conditions
:
-
comparand
:
req.method
compare
:
not-equal
values
:
-
GET
-
HEAD
-
PUT
-
POST
-
TRACE
-
OPTIONS
-
DELETE
-
PATCH
-
CONNECT
disposition
:
action
:
synth
status
:
405
-
conditions
:
-
comparand
:
req.method
compare
:
not-equal
values
:
-
GET
-
HEAD
disposition
:
action
:
pass
rewrites
:
-
target
:
req.http.X-Cache
vcl-sub
:
hit
rules
:
-
rewrite
:
HIT
method
:
replace
-
target
:
req.http.X-Cache
vcl-sub
:
miss
rules
:
-
rewrite
:
MISS
method
:
replace
-
target
:
req.http.X-Cache
vcl-sub
:
pass
rules
:
-
rewrite
:
PASS
method
:
replace
-
target
:
resp.http.X-Cache
source
:
req.http.X-Cache
method
:
replace
self-sharding
:
{}
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment