traefik/provider/kubernetes.go

package provider

import (
	log "github.com/Sirupsen/logrus"
	"github.com/cenkalti/backoff"
	"github.com/containous/traefik/provider/k8s"
	"github.com/containous/traefik/safe"
	"github.com/containous/traefik/types"
	"io"
	"io/ioutil"
	"os"
	"strings"
	"text/template"
	"time"
)

const (
	serviceAccountToken  = "/var/run/secrets/kubernetes.io/serviceaccount/token"
	serviceAccountCACert = "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
)

// Kubernetes holds configurations of the Kubernetes provider.
type Kubernetes struct {
	BaseProvider           `mapstructure:",squash"`
	Endpoint               string
	disablePassHostHeaders bool
	Namespaces             []string
}

func (provider *Kubernetes) createClient() (k8s.Client, error) {
	var token string
	tokenBytes, err := ioutil.ReadFile(serviceAccountToken)
	if err == nil {
		token = string(tokenBytes)
		log.Debugf("Kubernetes token: %s", token)
	} else {
		log.Errorf("Kubernetes load token error: %s", err)
	}
	caCert, err := ioutil.ReadFile(serviceAccountCACert)
	if err == nil {
		log.Debugf("Kubernetes CA cert: %s", serviceAccountCACert)
	} else {
		log.Errorf("Kubernetes load token error: %s", err)
	}
	kubernetesHost := os.Getenv("KUBERNETES_SERVICE_HOST")
	kubernetesPort := os.Getenv("KUBERNETES_SERVICE_PORT_HTTPS")
	if len(kubernetesPort) > 0 && len(kubernetesHost) > 0 {
		provider.Endpoint = "https://" + kubernetesHost + ":" + kubernetesPort
	}
	log.Debugf("Kubernetes endpoint: %s", provider.Endpoint)
	return k8s.NewClient(provider.Endpoint, caCert, token)
}

// Provide allows the provider to provide configurations to traefik
// using the given configuration channel.
func (provider *Kubernetes) Provide(configurationChan chan<- types.ConfigMessage, pool *safe.Pool) error {
	k8sClient, err := provider.createClient()
	if err != nil {
		return err
	}
	backOff := backoff.NewExponentialBackOff()

	pool.Go(func(stop chan bool) {
		stopWatch := make(chan bool)
		defer close(stopWatch)
		operation := func() error {
			select {
			case <-stop:
				return nil
			default:
			}
			for {
				eventsChan, errEventsChan, err := k8sClient.WatchAll(stopWatch)
				if err != nil {
					log.Errorf("Error watching kubernetes events: %v", err)
					return err
				}
			Watch:
				for {
					select {
					case <-stop:
						stopWatch <- true
						return nil
					case err := <-errEventsChan:
						if strings.Contains(err.Error(), io.EOF.Error()) {
							// edge case, kubernetes long-polling disconnection
							break Watch
						}
						return err
					case event := <-eventsChan:
						log.Debugf("Received event from kubenetes %+v", event)
						templateObjects, err := provider.loadIngresses(k8sClient)
						if err != nil {
							return err
						}
						configurationChan <- types.ConfigMessage{
							ProviderName:  "kubernetes",
							Configuration: provider.loadConfig(*templateObjects),
						}
					}
				}
			}
		}

		notify := func(err error, time time.Duration) {
			log.Errorf("Kubernetes connection error %+v, retrying in %s", err, time)
		}
		err := backoff.RetryNotify(operation, backOff, notify)
		if err != nil {
			log.Fatalf("Cannot connect to Kubernetes server %+v", err)
		}
	})

	templateObjects, err := provider.loadIngresses(k8sClient)
	if err != nil {
		return err
	}
	configurationChan <- types.ConfigMessage{
		ProviderName:  "kubernetes",
		Configuration: provider.loadConfig(*templateObjects),
	}

	return nil
}

func (provider *Kubernetes) loadIngresses(k8sClient k8s.Client) (*types.Configuration, error) {
	ingresses, err := k8sClient.GetIngresses(func(ingress k8s.Ingress) bool {
		if len(provider.Namespaces) == 0 {
			return true
		}
		for _, n := range provider.Namespaces {
			if ingress.ObjectMeta.Namespace == n {
				return true
			}
		}
		return false
	})
	if err != nil {
		log.Errorf("Error retrieving ingresses: %+v", err)
		return nil, err
	}
	templateObjects := types.Configuration{
		map[string]*types.Backend{},
		map[string]*types.Frontend{},
	}
	PassHostHeader := provider.getPassHostHeader()
	for _, i := range ingresses {
		for _, r := range i.Spec.Rules {
			for _, pa := range r.HTTP.Paths {
				if _, exists := templateObjects.Backends[r.Host+pa.Path]; !exists {
					templateObjects.Backends[r.Host+pa.Path] = &types.Backend{
						Servers: make(map[string]types.Server),
					}
				}
				if _, exists := templateObjects.Frontends[r.Host+pa.Path]; !exists {
					templateObjects.Frontends[r.Host+pa.Path] = &types.Frontend{
						Backend:        r.Host + pa.Path,
						PassHostHeader: PassHostHeader,
						Routes:         make(map[string]types.Route),
					}
				}
				if _, exists := templateObjects.Frontends[r.Host+pa.Path].Routes[r.Host]; !exists {
					templateObjects.Frontends[r.Host+pa.Path].Routes[r.Host] = types.Route{
						Rule: "Host:" + r.Host,
					}
				}
				if len(pa.Path) > 0 {
					templateObjects.Frontends[r.Host+pa.Path].Routes[pa.Path] = types.Route{
						Rule: "PathPrefix:" + pa.Path,
					}
				}
				services, err := k8sClient.GetServices(func(service k8s.Service) bool {
					return service.Name == pa.Backend.ServiceName
				})
				if err != nil {
					log.Errorf("Error retrieving services: %v", err)
					continue
				}
				if len(services) == 0 {
					// no backends found, delete frontend...
					delete(templateObjects.Frontends, r.Host+pa.Path)
					log.Errorf("Error retrieving services %s", pa.Backend.ServiceName)
				}
				for _, service := range services {
					protocol := "http"
					for _, port := range service.Spec.Ports {
						if port.Port == pa.Backend.ServicePort.IntValue() {
							if port.Port == 443 {
								protocol = "https"
							}
							templateObjects.Backends[r.Host+pa.Path].Servers[string(service.UID)] = types.Server{
								URL:    protocol + "://" + service.Spec.ClusterIP + ":" + pa.Backend.ServicePort.String(),
								Weight: 1,
							}
							break
						}
					}
				}
			}
		}
	}
	return &templateObjects, nil
}

func (provider *Kubernetes) getPassHostHeader() bool {
	if provider.disablePassHostHeaders {
		return false
	}
	return true
}

func (provider *Kubernetes) loadConfig(templateObjects types.Configuration) *types.Configuration {
	var FuncMap = template.FuncMap{}
	configuration, err := provider.getConfiguration("templates/kubernetes.tmpl", FuncMap, templateObjects)
	if err != nil {
		log.Error(err)
	}
	return configuration
}
Add kubernetes Ingress backend Signed-off-by: Emile Vauge <emile@vauge.com> 2016-02-08 20:57:32 +00:00			`package provider`

			`import (`
			`log "github.com/Sirupsen/logrus"`
			`"github.com/cenkalti/backoff"`
			`"github.com/containous/traefik/provider/k8s"`
			`"github.com/containous/traefik/safe"`
			`"github.com/containous/traefik/types"`
Fix watch pods/services/rc/ingresses Signed-off-by: Emile Vauge <emile@vauge.com> 2016-04-25 14:56:06 +00:00			`"io"`
Add kubernetes Ingress backend Signed-off-by: Emile Vauge <emile@vauge.com> 2016-02-08 20:57:32 +00:00			`"io/ioutil"`
			`"os"`
Fix watch pods/services/rc/ingresses Signed-off-by: Emile Vauge <emile@vauge.com> 2016-04-25 14:56:06 +00:00			`"strings"`
Add kubernetes Ingress backend Signed-off-by: Emile Vauge <emile@vauge.com> 2016-02-08 20:57:32 +00:00			`"text/template"`
			`"time"`
			`)`

			`const (`
			`serviceAccountToken = "/var/run/secrets/kubernetes.io/serviceaccount/token"`
			`serviceAccountCACert = "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"`
			`)`

			`// Kubernetes holds configurations of the Kubernetes provider.`
			`type Kubernetes struct {`
#216: sets passHostHeader to true by default (#351) 2016-05-10 11:43:24 +00:00			BaseProvider `mapstructure:",squash"`
			`Endpoint string`
			`disablePassHostHeaders bool`
			`Namespaces []string`
Add kubernetes Ingress backend Signed-off-by: Emile Vauge <emile@vauge.com> 2016-02-08 20:57:32 +00:00			`}`

Add unit test Signed-off-by: Emile Vauge <emile@vauge.com> 2016-04-20 11:26:51 +00:00			`func (provider *Kubernetes) createClient() (k8s.Client, error) {`
Add kubernetes Ingress backend Signed-off-by: Emile Vauge <emile@vauge.com> 2016-02-08 20:57:32 +00:00			`var token string`
			`tokenBytes, err := ioutil.ReadFile(serviceAccountToken)`
			`if err == nil {`
			`token = string(tokenBytes)`
			`log.Debugf("Kubernetes token: %s", token)`
			`} else {`
Fix watch pods/services/rc/ingresses Signed-off-by: Emile Vauge <emile@vauge.com> 2016-04-25 14:56:06 +00:00			`log.Errorf("Kubernetes load token error: %s", err)`
Add kubernetes Ingress backend Signed-off-by: Emile Vauge <emile@vauge.com> 2016-02-08 20:57:32 +00:00			`}`
			`caCert, err := ioutil.ReadFile(serviceAccountCACert)`
			`if err == nil {`
			`log.Debugf("Kubernetes CA cert: %s", serviceAccountCACert)`
			`} else {`
Fix watch pods/services/rc/ingresses Signed-off-by: Emile Vauge <emile@vauge.com> 2016-04-25 14:56:06 +00:00			`log.Errorf("Kubernetes load token error: %s", err)`
Add kubernetes Ingress backend Signed-off-by: Emile Vauge <emile@vauge.com> 2016-02-08 20:57:32 +00:00			`}`
			`kubernetesHost := os.Getenv("KUBERNETES_SERVICE_HOST")`
			`kubernetesPort := os.Getenv("KUBERNETES_SERVICE_PORT_HTTPS")`
			`if len(kubernetesPort) > 0 && len(kubernetesHost) > 0 {`
			`provider.Endpoint = "https://" + kubernetesHost + ":" + kubernetesPort`
			`}`
			`log.Debugf("Kubernetes endpoint: %s", provider.Endpoint)`
Fix integration test Signed-off-by: Emile Vauge <emile@vauge.com> 2016-04-19 17:23:08 +00:00			`return k8s.NewClient(provider.Endpoint, caCert, token)`
			`}`

			`// Provide allows the provider to provide configurations to traefik`
			`// using the given configuration channel.`
			`func (provider Kubernetes) Provide(configurationChan chan<- types.ConfigMessage, pool safe.Pool) error {`
			`k8sClient, err := provider.createClient()`
Add kubernetes Ingress backend Signed-off-by: Emile Vauge <emile@vauge.com> 2016-02-08 20:57:32 +00:00			`if err != nil {`
			`return err`
			`}`
Fix watch pods/services/rc/ingresses Signed-off-by: Emile Vauge <emile@vauge.com> 2016-04-25 14:56:06 +00:00			`backOff := backoff.NewExponentialBackOff()`
Add kubernetes Ingress backend Signed-off-by: Emile Vauge <emile@vauge.com> 2016-02-08 20:57:32 +00:00
			`pool.Go(func(stop chan bool) {`
			`stopWatch := make(chan bool)`
Fix watch pods/services/rc/ingresses Signed-off-by: Emile Vauge <emile@vauge.com> 2016-04-25 14:56:06 +00:00			`defer close(stopWatch)`
Add kubernetes Ingress backend Signed-off-by: Emile Vauge <emile@vauge.com> 2016-02-08 20:57:32 +00:00			`operation := func() error {`
			`select {`
			`case <-stop:`
			`return nil`
			`default:`
			`}`
			`for {`
Fix watch pods/services/rc/ingresses Signed-off-by: Emile Vauge <emile@vauge.com> 2016-04-25 14:56:06 +00:00			`eventsChan, errEventsChan, err := k8sClient.WatchAll(stopWatch)`
			`if err != nil {`
			`log.Errorf("Error watching kubernetes events: %v", err)`
Add kubernetes Ingress backend Signed-off-by: Emile Vauge <emile@vauge.com> 2016-02-08 20:57:32 +00:00			`return err`
Fix watch pods/services/rc/ingresses Signed-off-by: Emile Vauge <emile@vauge.com> 2016-04-25 14:56:06 +00:00			`}`
			`Watch:`
			`for {`
			`select {`
			`case <-stop:`
			`stopWatch <- true`
			`return nil`
			`case err := <-errEventsChan:`
			`if strings.Contains(err.Error(), io.EOF.Error()) {`
			`// edge case, kubernetes long-polling disconnection`
			`break Watch`
			`}`
Fix integration test Signed-off-by: Emile Vauge <emile@vauge.com> 2016-04-19 17:23:08 +00:00			`return err`
Fix watch pods/services/rc/ingresses Signed-off-by: Emile Vauge <emile@vauge.com> 2016-04-25 14:56:06 +00:00			`case event := <-eventsChan:`
			`log.Debugf("Received event from kubenetes %+v", event)`
			`templateObjects, err := provider.loadIngresses(k8sClient)`
			`if err != nil {`
			`return err`
			`}`
			`configurationChan <- types.ConfigMessage{`
			`ProviderName: "kubernetes",`
			`Configuration: provider.loadConfig(*templateObjects),`
			`}`
Add kubernetes Ingress backend Signed-off-by: Emile Vauge <emile@vauge.com> 2016-02-08 20:57:32 +00:00			`}`
			`}`
			`}`
			`}`

			`notify := func(err error, time time.Duration) {`
			`log.Errorf("Kubernetes connection error %+v, retrying in %s", err, time)`
			`}`
Fix watch pods/services/rc/ingresses Signed-off-by: Emile Vauge <emile@vauge.com> 2016-04-25 14:56:06 +00:00			`err := backoff.RetryNotify(operation, backOff, notify)`
Add kubernetes Ingress backend Signed-off-by: Emile Vauge <emile@vauge.com> 2016-02-08 20:57:32 +00:00			`if err != nil {`
			`log.Fatalf("Cannot connect to Kubernetes server %+v", err)`
			`}`
			`})`

Fix watch pods/services/rc/ingresses Signed-off-by: Emile Vauge <emile@vauge.com> 2016-04-25 14:56:06 +00:00			`templateObjects, err := provider.loadIngresses(k8sClient)`
			`if err != nil {`
			`return err`
			`}`
			`configurationChan <- types.ConfigMessage{`
			`ProviderName: "kubernetes",`
			`Configuration: provider.loadConfig(*templateObjects),`
			`}`

Add kubernetes Ingress backend Signed-off-by: Emile Vauge <emile@vauge.com> 2016-02-08 20:57:32 +00:00			`return nil`
			`}`

Add unit test Signed-off-by: Emile Vauge <emile@vauge.com> 2016-04-20 11:26:51 +00:00			`func (provider Kubernetes) loadIngresses(k8sClient k8s.Client) (types.Configuration, error) {`
Fix integration test Signed-off-by: Emile Vauge <emile@vauge.com> 2016-04-19 17:23:08 +00:00			`ingresses, err := k8sClient.GetIngresses(func(ingress k8s.Ingress) bool {`
Adds option to namespace k8s ingresses If the flag kubernetes.namespaces is set... Then we only select ingresses from that/those namespace(s) This allows multiple instances of traefik to independently load balance for each namespace. This could be for logical or security reasons. Addresses #336 2016-04-28 00:23:55 +00:00			`if len(provider.Namespaces) == 0 {`
			`return true`
			`}`
			`for _, n := range provider.Namespaces {`
			`if ingress.ObjectMeta.Namespace == n {`
			`return true`
			`}`
			`}`
			`return false`
Fix integration test Signed-off-by: Emile Vauge <emile@vauge.com> 2016-04-19 17:23:08 +00:00			`})`
			`if err != nil {`
			`log.Errorf("Error retrieving ingresses: %+v", err)`
			`return nil, err`
			`}`
			`templateObjects := types.Configuration{`
			`map[string]*types.Backend{},`
			`map[string]*types.Frontend{},`
			`}`
#216: sets passHostHeader to true by default (#351) 2016-05-10 11:43:24 +00:00			`PassHostHeader := provider.getPassHostHeader()`
Fix integration test Signed-off-by: Emile Vauge <emile@vauge.com> 2016-04-19 17:23:08 +00:00			`for _, i := range ingresses {`
			`for _, r := range i.Spec.Rules {`
			`for _, pa := range r.HTTP.Paths {`
			`if _, exists := templateObjects.Backends[r.Host+pa.Path]; !exists {`
			`templateObjects.Backends[r.Host+pa.Path] = &types.Backend{`
			`Servers: make(map[string]types.Server),`
			`}`
			`}`
			`if _, exists := templateObjects.Frontends[r.Host+pa.Path]; !exists {`
			`templateObjects.Frontends[r.Host+pa.Path] = &types.Frontend{`
#216: sets passHostHeader to true by default (#351) 2016-05-10 11:43:24 +00:00			`Backend: r.Host + pa.Path,`
			`PassHostHeader: PassHostHeader,`
			`Routes: make(map[string]types.Route),`
Fix integration test Signed-off-by: Emile Vauge <emile@vauge.com> 2016-04-19 17:23:08 +00:00			`}`
			`}`
			`if _, exists := templateObjects.Frontends[r.Host+pa.Path].Routes[r.Host]; !exists {`
			`templateObjects.Frontends[r.Host+pa.Path].Routes[r.Host] = types.Route{`
			`Rule: "Host:" + r.Host,`
			`}`
			`}`
			`if len(pa.Path) > 0 {`
			`templateObjects.Frontends[r.Host+pa.Path].Routes[pa.Path] = types.Route{`
Replace PathPrefixStrip by PathPrefix in k8s Signed-off-by: Emile Vauge <emile@vauge.com> 2016-05-05 17:57:35 +00:00			`Rule: "PathPrefix:" + pa.Path,`
Fix integration test Signed-off-by: Emile Vauge <emile@vauge.com> 2016-04-19 17:23:08 +00:00			`}`
			`}`
Fix watch pods/services/rc/ingresses Signed-off-by: Emile Vauge <emile@vauge.com> 2016-04-25 14:56:06 +00:00			`services, err := k8sClient.GetServices(func(service k8s.Service) bool {`
Fix integration test Signed-off-by: Emile Vauge <emile@vauge.com> 2016-04-19 17:23:08 +00:00			`return service.Name == pa.Backend.ServiceName`
			`})`
			`if err != nil {`
			`log.Errorf("Error retrieving services: %v", err)`
			`continue`
			`}`
Fix watch pods/services/rc/ingresses Signed-off-by: Emile Vauge <emile@vauge.com> 2016-04-25 14:56:06 +00:00			`if len(services) == 0 {`
			`// no backends found, delete frontend...`
			`delete(templateObjects.Frontends, r.Host+pa.Path)`
			`log.Errorf("Error retrieving services %s", pa.Backend.ServiceName)`
			`}`
Fix integration test Signed-off-by: Emile Vauge <emile@vauge.com> 2016-04-19 17:23:08 +00:00			`for _, service := range services {`
Fix Kubernetes schema Signed-off-by: Emile Vauge <emile@vauge.com> 2016-04-26 20:26:25 +00:00			`protocol := "http"`
Fix integration test Signed-off-by: Emile Vauge <emile@vauge.com> 2016-04-19 17:23:08 +00:00			`for _, port := range service.Spec.Ports {`
			`if port.Port == pa.Backend.ServicePort.IntValue() {`
Fix Kubernetes schema Signed-off-by: Emile Vauge <emile@vauge.com> 2016-04-26 20:26:25 +00:00			`if port.Port == 443 {`
			`protocol = "https"`
			`}`
Add unit test Signed-off-by: Emile Vauge <emile@vauge.com> 2016-04-20 11:26:51 +00:00			`templateObjects.Backends[r.Host+pa.Path].Servers[string(service.UID)] = types.Server{`
			`URL: protocol + "://" + service.Spec.ClusterIP + ":" + pa.Backend.ServicePort.String(),`
			`Weight: 1,`
			`}`
Fix integration test Signed-off-by: Emile Vauge <emile@vauge.com> 2016-04-19 17:23:08 +00:00			`break`
			`}`
			`}`
			`}`
			`}`
			`}`
			`}`
			`return &templateObjects, nil`
			`}`

#216: sets passHostHeader to true by default (#351) 2016-05-10 11:43:24 +00:00			`func (provider *Kubernetes) getPassHostHeader() bool {`
			`if provider.disablePassHostHeaders {`
			`return false`
			`}`
			`return true`
			`}`

Add kubernetes Ingress backend Signed-off-by: Emile Vauge <emile@vauge.com> 2016-02-08 20:57:32 +00:00			`func (provider Kubernetes) loadConfig(templateObjects types.Configuration) types.Configuration {`
			`var FuncMap = template.FuncMap{}`
			`configuration, err := provider.getConfiguration("templates/kubernetes.tmpl", FuncMap, templateObjects)`
			`if err != nil {`
			`log.Error(err)`
			`}`
			`return configuration`
			`}`