2016-02-08 21:57:32 +01:00
|
|
|
package provider
|
|
|
|
|
|
|
|
import (
|
2017-03-07 13:09:11 +01:00
|
|
|
"fmt"
|
|
|
|
"os"
|
2016-06-22 18:31:14 +02:00
|
|
|
"reflect"
|
2016-05-18 17:30:42 +01:00
|
|
|
"strconv"
|
2016-04-25 16:56:06 +02:00
|
|
|
"strings"
|
2016-02-08 21:57:32 +01:00
|
|
|
"text/template"
|
|
|
|
"time"
|
2016-09-12 21:06:21 +02:00
|
|
|
|
2016-12-30 09:21:13 +01:00
|
|
|
"github.com/cenk/backoff"
|
|
|
|
"github.com/containous/traefik/job"
|
2016-11-11 23:50:20 +01:00
|
|
|
"github.com/containous/traefik/log"
|
|
|
|
"github.com/containous/traefik/provider/k8s"
|
|
|
|
"github.com/containous/traefik/safe"
|
|
|
|
"github.com/containous/traefik/types"
|
2016-12-30 09:21:13 +01:00
|
|
|
"k8s.io/client-go/1.5/pkg/api/v1"
|
|
|
|
"k8s.io/client-go/1.5/pkg/util/intstr"
|
2016-02-08 21:57:32 +01:00
|
|
|
)
|
|
|
|
|
2016-08-16 19:13:18 +02:00
|
|
|
var _ Provider = (*Kubernetes)(nil)
|
|
|
|
|
2017-02-07 00:04:30 +01:00
|
|
|
const (
|
|
|
|
annotationFrontendRuleType = "traefik.frontend.rule.type"
|
|
|
|
ruleTypePathPrefixStrip = "PathPrefixStrip"
|
|
|
|
ruleTypePathStrip = "PathStrip"
|
|
|
|
ruleTypePath = "Path"
|
|
|
|
ruleTypePathPrefix = "PathPrefix"
|
|
|
|
)
|
|
|
|
|
2016-02-08 21:57:32 +01:00
|
|
|
// Kubernetes holds configurations of the Kubernetes provider.
|
|
|
|
type Kubernetes struct {
|
2016-06-24 09:58:42 +02:00
|
|
|
BaseProvider `mapstructure:",squash"`
|
2017-03-07 13:09:11 +01:00
|
|
|
Endpoint string `description:"Kubernetes server endpoint (required for external cluster client)"`
|
|
|
|
Token string `description:"Kubernetes bearer token (not needed for in-cluster client)"`
|
|
|
|
CertAuthFilePath string `description:"Kubernetes certificate authority file path (not needed for in-cluster client)"`
|
2016-11-11 23:50:20 +01:00
|
|
|
DisablePassHostHeaders bool `description:"Kubernetes disable PassHost Headers"`
|
|
|
|
Namespaces k8s.Namespaces `description:"Kubernetes namespaces"`
|
|
|
|
LabelSelector string `description:"Kubernetes api label selector to use"`
|
2016-06-22 18:31:14 +02:00
|
|
|
lastConfiguration safe.Safe
|
2016-02-08 21:57:32 +01:00
|
|
|
}
|
|
|
|
|
2016-11-11 23:50:20 +01:00
|
|
|
func (provider *Kubernetes) newK8sClient() (k8s.Client, error) {
|
2017-03-07 13:09:11 +01:00
|
|
|
withEndpoint := ""
|
2016-11-11 23:50:20 +01:00
|
|
|
if provider.Endpoint != "" {
|
2017-03-07 13:09:11 +01:00
|
|
|
withEndpoint = fmt.Sprintf(" with endpoint %v", provider.Endpoint)
|
2016-02-08 21:57:32 +01:00
|
|
|
}
|
2017-03-07 13:09:11 +01:00
|
|
|
|
|
|
|
if os.Getenv("KUBERNETES_SERVICE_HOST") != "" && os.Getenv("KUBERNETES_SERVICE_PORT") != "" {
|
|
|
|
log.Infof("Creating in-cluster Kubernetes client%s\n", withEndpoint)
|
|
|
|
return k8s.NewInClusterClient(provider.Endpoint)
|
|
|
|
}
|
|
|
|
|
|
|
|
log.Infof("Creating cluster-external Kubernetes client%s\n", withEndpoint)
|
|
|
|
return k8s.NewExternalClusterClient(provider.Endpoint, provider.Token, provider.CertAuthFilePath)
|
2016-04-19 19:23:08 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
// Provide allows the provider to provide configurations to traefik
|
|
|
|
// using the given configuration channel.
|
2016-11-09 19:27:04 +01:00
|
|
|
func (provider *Kubernetes) Provide(configurationChan chan<- types.ConfigMessage, pool *safe.Pool, constraints types.Constraints) error {
|
2016-11-11 23:50:20 +01:00
|
|
|
k8sClient, err := provider.newK8sClient()
|
2016-02-08 21:57:32 +01:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2016-05-30 15:05:58 +02:00
|
|
|
provider.Constraints = append(provider.Constraints, constraints...)
|
2016-02-08 21:57:32 +01:00
|
|
|
|
|
|
|
pool.Go(func(stop chan bool) {
|
|
|
|
operation := func() error {
|
|
|
|
for {
|
2016-12-03 21:20:39 +01:00
|
|
|
stopWatch := make(chan struct{}, 1)
|
2016-05-19 20:09:01 +02:00
|
|
|
defer close(stopWatch)
|
2016-08-19 11:09:54 +02:00
|
|
|
log.Debugf("Using label selector: '%s'", provider.LabelSelector)
|
2016-11-11 23:50:20 +01:00
|
|
|
eventsChan, err := k8sClient.WatchAll(provider.LabelSelector, stopWatch)
|
2016-04-25 16:56:06 +02:00
|
|
|
if err != nil {
|
|
|
|
log.Errorf("Error watching kubernetes events: %v", err)
|
2016-05-19 20:09:01 +02:00
|
|
|
timer := time.NewTimer(1 * time.Second)
|
|
|
|
select {
|
|
|
|
case <-timer.C:
|
|
|
|
return err
|
|
|
|
case <-stop:
|
|
|
|
return nil
|
|
|
|
}
|
2016-04-25 16:56:06 +02:00
|
|
|
}
|
|
|
|
for {
|
|
|
|
select {
|
|
|
|
case <-stop:
|
|
|
|
return nil
|
|
|
|
case event := <-eventsChan:
|
2016-05-19 20:09:01 +02:00
|
|
|
log.Debugf("Received event from kubernetes %+v", event)
|
2016-04-25 16:56:06 +02:00
|
|
|
templateObjects, err := provider.loadIngresses(k8sClient)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2016-06-22 18:31:14 +02:00
|
|
|
if reflect.DeepEqual(provider.lastConfiguration.Get(), templateObjects) {
|
2016-11-22 22:02:51 +01:00
|
|
|
log.Debugf("Skipping event from kubernetes %+v", event)
|
2016-06-22 18:31:14 +02:00
|
|
|
} else {
|
|
|
|
provider.lastConfiguration.Set(templateObjects)
|
|
|
|
configurationChan <- types.ConfigMessage{
|
|
|
|
ProviderName: "kubernetes",
|
|
|
|
Configuration: provider.loadConfig(*templateObjects),
|
|
|
|
}
|
2016-04-25 16:56:06 +02:00
|
|
|
}
|
2016-02-08 21:57:32 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
notify := func(err error, time time.Duration) {
|
|
|
|
log.Errorf("Kubernetes connection error %+v, retrying in %s", err, time)
|
|
|
|
}
|
2016-12-08 13:32:12 +01:00
|
|
|
err := backoff.RetryNotify(safe.OperationWithRecover(operation), job.NewBackOff(backoff.NewExponentialBackOff()), notify)
|
2016-02-08 21:57:32 +01:00
|
|
|
if err != nil {
|
2016-08-19 10:36:54 +02:00
|
|
|
log.Errorf("Cannot connect to Kubernetes server %+v", err)
|
2016-02-08 21:57:32 +01:00
|
|
|
}
|
|
|
|
})
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2016-04-20 13:26:51 +02:00
|
|
|
func (provider *Kubernetes) loadIngresses(k8sClient k8s.Client) (*types.Configuration, error) {
|
2016-11-11 23:50:20 +01:00
|
|
|
ingresses := k8sClient.GetIngresses(provider.Namespaces)
|
|
|
|
|
2016-04-19 19:23:08 +02:00
|
|
|
templateObjects := types.Configuration{
|
|
|
|
map[string]*types.Backend{},
|
|
|
|
map[string]*types.Frontend{},
|
|
|
|
}
|
|
|
|
for _, i := range ingresses {
|
2017-03-03 11:30:22 -08:00
|
|
|
ingressClass := i.Annotations["kubernetes.io/ingress.class"]
|
|
|
|
|
|
|
|
if !shouldProcessIngress(ingressClass) {
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
|
2016-04-19 19:23:08 +02:00
|
|
|
for _, r := range i.Spec.Rules {
|
2016-12-08 13:32:52 +01:00
|
|
|
if r.HTTP == nil {
|
|
|
|
log.Warnf("Error in ingress: HTTP is nil")
|
|
|
|
continue
|
|
|
|
}
|
2016-04-19 19:23:08 +02:00
|
|
|
for _, pa := range r.HTTP.Paths {
|
|
|
|
if _, exists := templateObjects.Backends[r.Host+pa.Path]; !exists {
|
|
|
|
templateObjects.Backends[r.Host+pa.Path] = &types.Backend{
|
|
|
|
Servers: make(map[string]types.Server),
|
2017-01-25 08:11:00 -05:00
|
|
|
LoadBalancer: &types.LoadBalancer{
|
|
|
|
Sticky: false,
|
|
|
|
Method: "wrr",
|
|
|
|
},
|
2016-04-19 19:23:08 +02:00
|
|
|
}
|
|
|
|
}
|
2017-02-10 03:05:59 -08:00
|
|
|
|
|
|
|
PassHostHeader := provider.getPassHostHeader()
|
|
|
|
|
|
|
|
passHostHeaderAnnotation := i.Annotations["traefik.frontend.passHostHeader"]
|
|
|
|
switch passHostHeaderAnnotation {
|
|
|
|
case "true":
|
|
|
|
PassHostHeader = true
|
|
|
|
case "false":
|
|
|
|
PassHostHeader = false
|
2017-02-14 11:52:54 -08:00
|
|
|
default:
|
|
|
|
log.Warnf("Unknown value of %s for traefik.frontend.passHostHeader, falling back to %s", passHostHeaderAnnotation, PassHostHeader)
|
2017-02-10 03:05:59 -08:00
|
|
|
}
|
|
|
|
|
2016-04-19 19:23:08 +02:00
|
|
|
if _, exists := templateObjects.Frontends[r.Host+pa.Path]; !exists {
|
|
|
|
templateObjects.Frontends[r.Host+pa.Path] = &types.Frontend{
|
2016-05-10 07:43:24 -04:00
|
|
|
Backend: r.Host + pa.Path,
|
|
|
|
PassHostHeader: PassHostHeader,
|
|
|
|
Routes: make(map[string]types.Route),
|
2016-08-02 16:48:53 -07:00
|
|
|
Priority: len(pa.Path),
|
2016-04-19 19:23:08 +02:00
|
|
|
}
|
|
|
|
}
|
2016-05-25 13:16:19 +01:00
|
|
|
if len(r.Host) > 0 {
|
2017-01-20 14:16:05 +01:00
|
|
|
rule := "Host:" + r.Host
|
|
|
|
|
|
|
|
if strings.Contains(r.Host, "*") {
|
|
|
|
rule = "HostRegexp:" + strings.Replace(r.Host, "*", "{subdomain:[A-Za-z0-9-_]+}", 1)
|
|
|
|
}
|
|
|
|
|
2016-05-25 13:16:19 +01:00
|
|
|
if _, exists := templateObjects.Frontends[r.Host+pa.Path].Routes[r.Host]; !exists {
|
|
|
|
templateObjects.Frontends[r.Host+pa.Path].Routes[r.Host] = types.Route{
|
2017-01-20 14:16:05 +01:00
|
|
|
Rule: rule,
|
2016-05-25 13:16:19 +01:00
|
|
|
}
|
2016-04-19 19:23:08 +02:00
|
|
|
}
|
|
|
|
}
|
2017-02-07 00:04:30 +01:00
|
|
|
|
2016-04-19 19:23:08 +02:00
|
|
|
if len(pa.Path) > 0 {
|
2017-02-07 00:04:30 +01:00
|
|
|
ruleType, unknown := getRuleTypeFromAnnotation(i.Annotations)
|
|
|
|
switch {
|
|
|
|
case unknown:
|
|
|
|
log.Warnf("Unknown RuleType '%s' for Ingress %s/%s, falling back to PathPrefix", ruleType, i.ObjectMeta.Namespace, i.ObjectMeta.Name)
|
|
|
|
fallthrough
|
|
|
|
case ruleType == "":
|
|
|
|
ruleType = ruleTypePathPrefix
|
2016-05-17 13:50:06 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
templateObjects.Frontends[r.Host+pa.Path].Routes[pa.Path] = types.Route{
|
|
|
|
Rule: ruleType + ":" + pa.Path,
|
2016-04-19 19:23:08 +02:00
|
|
|
}
|
|
|
|
}
|
2017-02-07 00:04:30 +01:00
|
|
|
|
2016-11-11 23:50:20 +01:00
|
|
|
service, exists, err := k8sClient.GetService(i.ObjectMeta.Namespace, pa.Backend.ServiceName)
|
|
|
|
if err != nil || !exists {
|
|
|
|
log.Warnf("Error retrieving service %s/%s: %v", i.ObjectMeta.Namespace, pa.Backend.ServiceName, err)
|
2016-04-25 16:56:06 +02:00
|
|
|
delete(templateObjects.Frontends, r.Host+pa.Path)
|
2016-05-26 00:53:51 +01:00
|
|
|
continue
|
2016-04-25 16:56:06 +02:00
|
|
|
}
|
2016-11-11 23:50:20 +01:00
|
|
|
|
2017-02-03 11:47:48 -05:00
|
|
|
if expression := service.Annotations["traefik.backend.circuitbreaker"]; expression != "" {
|
|
|
|
templateObjects.Backends[r.Host+pa.Path].CircuitBreaker = &types.CircuitBreaker{
|
|
|
|
Expression: expression,
|
|
|
|
}
|
|
|
|
}
|
2017-01-25 08:11:00 -05:00
|
|
|
if service.Annotations["traefik.backend.loadbalancer.method"] == "drr" {
|
|
|
|
templateObjects.Backends[r.Host+pa.Path].LoadBalancer.Method = "drr"
|
|
|
|
}
|
|
|
|
if service.Annotations["traefik.backend.loadbalancer.sticky"] == "true" {
|
|
|
|
templateObjects.Backends[r.Host+pa.Path].LoadBalancer.Sticky = true
|
|
|
|
}
|
2017-02-03 11:47:48 -05:00
|
|
|
|
2016-05-26 00:53:51 +01:00
|
|
|
protocol := "http"
|
|
|
|
for _, port := range service.Spec.Ports {
|
|
|
|
if equalPorts(port, pa.Backend.ServicePort) {
|
|
|
|
if port.Port == 443 {
|
|
|
|
protocol = "https"
|
|
|
|
}
|
2017-02-09 17:25:38 -08:00
|
|
|
if service.Spec.Type == "ExternalName" {
|
|
|
|
url := protocol + "://" + service.Spec.ExternalName
|
|
|
|
name := url
|
|
|
|
|
|
|
|
templateObjects.Backends[r.Host+pa.Path].Servers[name] = types.Server{
|
|
|
|
URL: url,
|
2016-05-26 00:53:51 +01:00
|
|
|
Weight: 1,
|
2016-05-20 17:34:57 +01:00
|
|
|
}
|
2016-05-26 00:53:51 +01:00
|
|
|
} else {
|
2017-02-09 17:25:38 -08:00
|
|
|
endpoints, exists, err := k8sClient.GetEndpoints(service.ObjectMeta.Namespace, service.ObjectMeta.Name)
|
2017-02-14 11:53:35 -08:00
|
|
|
if err != nil {
|
|
|
|
log.Errorf("Error while retrieving endpoints from k8s API %s/%s: %v", service.ObjectMeta.Namespace, service.ObjectMeta.Name, err)
|
|
|
|
continue
|
2017-02-14 14:57:09 -08:00
|
|
|
}
|
|
|
|
|
|
|
|
if !exists {
|
2017-02-14 11:53:35 -08:00
|
|
|
log.Errorf("Service not found for %s/%s", service.ObjectMeta.Namespace, service.ObjectMeta.Name)
|
2017-02-09 17:25:38 -08:00
|
|
|
continue
|
|
|
|
}
|
2017-02-14 11:53:35 -08:00
|
|
|
|
2017-02-09 17:25:38 -08:00
|
|
|
if len(endpoints.Subsets) == 0 {
|
|
|
|
log.Warnf("Endpoints not found for %s/%s, falling back to Service ClusterIP", service.ObjectMeta.Namespace, service.ObjectMeta.Name)
|
|
|
|
templateObjects.Backends[r.Host+pa.Path].Servers[string(service.UID)] = types.Server{
|
|
|
|
URL: protocol + "://" + service.Spec.ClusterIP + ":" + strconv.Itoa(int(port.Port)),
|
|
|
|
Weight: 1,
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
for _, subset := range endpoints.Subsets {
|
|
|
|
for _, address := range subset.Addresses {
|
|
|
|
url := protocol + "://" + address.IP + ":" + strconv.Itoa(endpointPortNumber(port, subset.Ports))
|
|
|
|
name := url
|
|
|
|
if address.TargetRef != nil && address.TargetRef.Name != "" {
|
|
|
|
name = address.TargetRef.Name
|
|
|
|
}
|
|
|
|
templateObjects.Backends[r.Host+pa.Path].Servers[name] = types.Server{
|
|
|
|
URL: url,
|
|
|
|
Weight: 1,
|
|
|
|
}
|
2016-05-20 17:34:57 +01:00
|
|
|
}
|
|
|
|
}
|
2016-04-20 13:26:51 +02:00
|
|
|
}
|
2016-04-19 19:23:08 +02:00
|
|
|
}
|
2016-05-26 00:53:51 +01:00
|
|
|
break
|
2016-04-19 19:23:08 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return &templateObjects, nil
|
|
|
|
}
|
|
|
|
|
2016-11-11 23:50:20 +01:00
|
|
|
func endpointPortNumber(servicePort v1.ServicePort, endpointPorts []v1.EndpointPort) int {
|
2016-05-20 17:34:57 +01:00
|
|
|
if len(endpointPorts) > 0 {
|
|
|
|
//name is optional if there is only one port
|
|
|
|
port := endpointPorts[0]
|
|
|
|
for _, endpointPort := range endpointPorts {
|
|
|
|
if servicePort.Name == endpointPort.Name {
|
|
|
|
port = endpointPort
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return int(port.Port)
|
|
|
|
}
|
2016-11-11 23:50:20 +01:00
|
|
|
return int(servicePort.Port)
|
2016-05-20 17:34:57 +01:00
|
|
|
}
|
|
|
|
|
2016-11-11 23:50:20 +01:00
|
|
|
func equalPorts(servicePort v1.ServicePort, ingressPort intstr.IntOrString) bool {
|
|
|
|
if int(servicePort.Port) == ingressPort.IntValue() {
|
2016-05-18 17:30:42 +01:00
|
|
|
return true
|
|
|
|
}
|
|
|
|
if servicePort.Name != "" && servicePort.Name == ingressPort.String() {
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
2017-03-03 11:30:22 -08:00
|
|
|
func shouldProcessIngress(ingressClass string) bool {
|
|
|
|
switch ingressClass {
|
|
|
|
case "", "traefik":
|
|
|
|
return true
|
|
|
|
default:
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-05-10 07:43:24 -04:00
|
|
|
func (provider *Kubernetes) getPassHostHeader() bool {
|
2016-05-03 16:52:14 +02:00
|
|
|
if provider.DisablePassHostHeaders {
|
2016-05-10 07:43:24 -04:00
|
|
|
return false
|
|
|
|
}
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
|
2016-02-08 21:57:32 +01:00
|
|
|
func (provider *Kubernetes) loadConfig(templateObjects types.Configuration) *types.Configuration {
|
|
|
|
var FuncMap = template.FuncMap{}
|
|
|
|
configuration, err := provider.getConfiguration("templates/kubernetes.tmpl", FuncMap, templateObjects)
|
|
|
|
if err != nil {
|
|
|
|
log.Error(err)
|
|
|
|
}
|
|
|
|
return configuration
|
|
|
|
}
|
2017-02-07 00:04:30 +01:00
|
|
|
|
|
|
|
func getRuleTypeFromAnnotation(annotations map[string]string) (ruleType string, unknown bool) {
|
|
|
|
ruleType = annotations[annotationFrontendRuleType]
|
|
|
|
for _, knownRuleType := range []string{
|
|
|
|
ruleTypePathPrefixStrip,
|
|
|
|
ruleTypePathStrip,
|
|
|
|
ruleTypePath,
|
|
|
|
ruleTypePathPrefix,
|
|
|
|
} {
|
|
|
|
if strings.ToLower(ruleType) == strings.ToLower(knownRuleType) {
|
|
|
|
return knownRuleType, false
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if ruleType != "" {
|
|
|
|
// Annotation is set but does not match anything we know.
|
|
|
|
unknown = true
|
|
|
|
}
|
|
|
|
|
|
|
|
return ruleType, unknown
|
|
|
|
}
|