2019-08-26 10:30:05 +02:00
package crd
import (
"context"
"errors"
"fmt"
2020-12-04 20:56:04 +01:00
"net"
"strconv"
2019-08-26 10:30:05 +02:00
"strings"
2022-11-21 18:36:05 +01:00
"github.com/rs/zerolog/log"
2023-02-03 15:24:05 +01:00
"github.com/traefik/traefik/v3/pkg/config/dynamic"
"github.com/traefik/traefik/v3/pkg/logs"
"github.com/traefik/traefik/v3/pkg/provider"
2023-04-17 10:56:36 +02:00
traefikv1alpha1 "github.com/traefik/traefik/v3/pkg/provider/kubernetes/crd/traefikio/v1alpha1"
2023-02-03 15:24:05 +01:00
"github.com/traefik/traefik/v3/pkg/tls"
2019-08-26 10:30:05 +02:00
corev1 "k8s.io/api/core/v1"
2021-01-15 06:54:04 -08:00
"k8s.io/apimachinery/pkg/util/intstr"
2019-08-26 10:30:05 +02:00
)
2019-11-14 19:28:04 +01:00
const (
roundRobinStrategy = "RoundRobin"
httpsProtocol = "https"
httpProtocol = "http"
)
2019-08-26 10:30:05 +02:00
func ( p * Provider ) loadIngressRouteConfiguration ( ctx context . Context , client Client , tlsConfigs map [ string ] * tls . CertAndStores ) * dynamic . HTTPConfiguration {
conf := & dynamic . HTTPConfiguration {
2020-09-11 15:40:03 +02:00
Routers : map [ string ] * dynamic . Router { } ,
Middlewares : map [ string ] * dynamic . Middleware { } ,
Services : map [ string ] * dynamic . Service { } ,
ServersTransports : map [ string ] * dynamic . ServersTransport { } ,
2019-08-26 10:30:05 +02:00
}
for _ , ingressRoute := range client . GetIngressRoutes ( ) {
2022-11-21 18:36:05 +01:00
logger := log . Ctx ( ctx ) . With ( ) . Str ( "ingress" , ingressRoute . Name ) . Str ( "namespace" , ingressRoute . Namespace ) . Logger ( )
2019-08-26 10:30:05 +02:00
// TODO keep the name ingressClass?
if ! shouldProcessIngress ( p . IngressClass , ingressRoute . Annotations [ annotationKubernetesIngressClass ] ) {
continue
}
err := getTLSHTTP ( ctx , ingressRoute , client , tlsConfigs )
if err != nil {
2022-11-21 18:36:05 +01:00
logger . Error ( ) . Err ( err ) . Msg ( "Error configuring TLS" )
2019-08-26 10:30:05 +02:00
}
ingressName := ingressRoute . Name
if len ( ingressName ) == 0 {
ingressName = ingressRoute . GenerateName
}
2022-03-07 11:08:07 +01:00
cb := configBuilder {
2024-08-01 15:50:04 +02:00
client : client ,
allowCrossNamespace : p . AllowCrossNamespace ,
allowExternalNameServices : p . AllowExternalNameServices ,
allowEmptyServices : p . AllowEmptyServices ,
nativeLBByDefault : p . NativeLBByDefault ,
disableClusterScopeResources : p . DisableClusterScopeResources ,
2022-03-07 11:08:07 +01:00
}
2020-12-10 14:58:04 +01:00
2019-08-26 10:30:05 +02:00
for _ , route := range ingressRoute . Spec . Routes {
2024-11-04 08:26:04 -07:00
if len ( route . Kind ) > 0 && route . Kind != "Rule" {
2022-11-21 18:36:05 +01:00
logger . Error ( ) . Msgf ( "Unsupported match kind: %s. Only \"Rule\" is supported for now." , route . Kind )
2019-08-26 10:30:05 +02:00
continue
}
if len ( route . Match ) == 0 {
2022-11-21 18:36:05 +01:00
logger . Error ( ) . Msg ( "Empty match rule" )
2019-08-26 10:30:05 +02:00
continue
}
2019-11-14 19:28:04 +01:00
serviceKey , err := makeServiceKey ( route . Match , ingressName )
2019-08-26 10:30:05 +02:00
if err != nil {
2022-11-21 18:36:05 +01:00
logger . Error ( ) . Err ( err ) . Send ( )
2019-08-26 10:30:05 +02:00
continue
}
2020-12-10 14:58:04 +01:00
mds , err := p . makeMiddlewareKeys ( ctx , ingressRoute . Namespace , route . Middlewares )
if err != nil {
2022-11-21 18:36:05 +01:00
logger . Error ( ) . Err ( err ) . Msg ( "Failed to create middleware keys" )
2020-12-10 14:58:04 +01:00
continue
2019-08-26 10:30:05 +02:00
}
2019-11-14 19:28:04 +01:00
normalized := provider . Normalize ( makeID ( ingressRoute . Namespace , serviceKey ) )
serviceName := normalized
if len ( route . Services ) > 1 {
2023-04-17 10:56:36 +02:00
spec := traefikv1alpha1 . TraefikServiceSpec {
Weighted : & traefikv1alpha1 . WeightedRoundRobin {
2019-11-14 19:28:04 +01:00
Services : route . Services ,
} ,
}
errBuild := cb . buildServicesLB ( ctx , ingressRoute . Namespace , spec , serviceName , conf . Services )
if errBuild != nil {
2022-11-21 18:36:05 +01:00
logger . Error ( ) . Err ( errBuild ) . Send ( )
2019-11-14 19:28:04 +01:00
continue
}
} else if len ( route . Services ) == 1 {
fullName , serversLB , err := cb . nameAndService ( ctx , ingressRoute . Namespace , route . Services [ 0 ] . LoadBalancerSpec )
if err != nil {
2022-11-21 18:36:05 +01:00
logger . Error ( ) . Err ( err ) . Send ( )
2019-11-14 19:28:04 +01:00
continue
}
if serversLB != nil {
conf . Services [ serviceName ] = serversLB
} else {
serviceName = fullName
}
}
2021-09-20 12:54:05 +02:00
r := & dynamic . Router {
2019-08-26 10:30:05 +02:00
Middlewares : mds ,
Priority : route . Priority ,
2024-01-23 11:34:05 +01:00
RuleSyntax : route . Syntax ,
2019-08-26 10:30:05 +02:00
EntryPoints : ingressRoute . Spec . EntryPoints ,
Rule : route . Match ,
Service : serviceName ,
}
if ingressRoute . Spec . TLS != nil {
2021-09-20 12:54:05 +02:00
r . TLS = & dynamic . RouterTLSConfig {
2019-08-26 10:30:05 +02:00
CertResolver : ingressRoute . Spec . TLS . CertResolver ,
2019-09-09 13:52:04 +02:00
Domains : ingressRoute . Spec . TLS . Domains ,
2019-08-26 10:30:05 +02:00
}
if ingressRoute . Spec . TLS . Options != nil && len ( ingressRoute . Spec . TLS . Options . Name ) > 0 {
tlsOptionsName := ingressRoute . Spec . TLS . Options . Name
// Is a Kubernetes CRD reference, (i.e. not a cross-provider reference)
ns := ingressRoute . Spec . TLS . Options . Namespace
2019-11-14 19:28:04 +01:00
if ! strings . Contains ( tlsOptionsName , providerNamespaceSeparator ) {
2019-08-26 10:30:05 +02:00
if len ( ns ) == 0 {
ns = ingressRoute . Namespace
}
tlsOptionsName = makeID ( ns , tlsOptionsName )
} else if len ( ns ) > 0 {
logger .
2022-11-21 18:36:05 +01:00
Warn ( ) . Str ( "TLSOption" , ingressRoute . Spec . TLS . Options . Name ) .
Msgf ( "Namespace %q is ignored in cross-provider context" , ns )
2019-08-26 10:30:05 +02:00
}
2021-09-20 12:54:05 +02:00
if ! isNamespaceAllowed ( p . AllowCrossNamespace , ingressRoute . Namespace , ns ) {
2022-11-21 18:36:05 +01:00
logger . Error ( ) . Msgf ( "TLSOption %s/%s is not in the IngressRoute namespace %s" ,
2021-09-20 12:54:05 +02:00
ns , ingressRoute . Spec . TLS . Options . Name , ingressRoute . Namespace )
continue
}
r . TLS . Options = tlsOptionsName
2019-08-26 10:30:05 +02:00
}
}
2021-09-20 12:54:05 +02:00
2023-05-15 16:38:05 +02:00
p . applyRouterTransform ( ctx , r , ingressRoute )
2021-09-20 12:54:05 +02:00
conf . Routers [ normalized ] = r
2019-08-26 10:30:05 +02:00
}
}
return conf
}
2023-04-17 10:56:36 +02:00
func ( p * Provider ) makeMiddlewareKeys ( ctx context . Context , ingRouteNamespace string , middlewares [ ] traefikv1alpha1 . MiddlewareRef ) ( [ ] string , error ) {
2020-12-10 14:58:04 +01:00
var mds [ ] string
for _ , mi := range middlewares {
2021-08-05 17:42:08 +02:00
name := mi . Name
if ! p . AllowCrossNamespace && strings . HasSuffix ( mi . Name , providerNamespaceSeparator + providerName ) {
// Since we are not able to know if another namespace is in the name (namespace-name@kubernetescrd),
// if the provider namespace kubernetescrd is used,
// we don't allow this format to avoid cross namespace references.
return nil , fmt . Errorf ( "invalid reference to middleware %s: with crossnamespace disallowed, the namespace field needs to be explicitly specified" , mi . Name )
}
if strings . Contains ( name , providerNamespaceSeparator ) {
2020-12-10 14:58:04 +01:00
if len ( mi . Namespace ) > 0 {
2022-11-21 18:36:05 +01:00
log . Ctx ( ctx ) .
Warn ( ) . Str ( logs . MiddlewareName , mi . Name ) .
Msgf ( "namespace %q is ignored in cross-provider context" , mi . Namespace )
2020-12-10 14:58:04 +01:00
}
2021-08-05 17:42:08 +02:00
mds = append ( mds , name )
2020-12-10 14:58:04 +01:00
continue
}
ns := ingRouteNamespace
if len ( mi . Namespace ) > 0 {
if ! isNamespaceAllowed ( p . AllowCrossNamespace , ingRouteNamespace , mi . Namespace ) {
return nil , fmt . Errorf ( "middleware %s/%s is not in the IngressRoute namespace %s" , mi . Namespace , mi . Name , ingRouteNamespace )
}
ns = mi . Namespace
}
2021-10-07 09:40:05 -04:00
mds = append ( mds , provider . Normalize ( makeID ( ns , name ) ) )
2020-12-10 14:58:04 +01:00
}
return mds , nil
}
2019-11-14 19:28:04 +01:00
type configBuilder struct {
2024-08-01 15:50:04 +02:00
client Client
allowCrossNamespace bool
allowExternalNameServices bool
allowEmptyServices bool
nativeLBByDefault bool
disableClusterScopeResources bool
2019-11-14 19:28:04 +01:00
}
// buildTraefikService creates the configuration for the traefik service defined in tService,
// and adds it to the given conf map.
2023-04-17 10:56:36 +02:00
func ( c configBuilder ) buildTraefikService ( ctx context . Context , tService * traefikv1alpha1 . TraefikService , conf map [ string ] * dynamic . Service ) error {
2019-11-14 19:28:04 +01:00
id := provider . Normalize ( makeID ( tService . Namespace , tService . Name ) )
if tService . Spec . Weighted != nil {
return c . buildServicesLB ( ctx , tService . Namespace , tService . Spec , id , conf )
} else if tService . Spec . Mirroring != nil {
return c . buildMirroring ( ctx , tService , id , conf )
}
return errors . New ( "unspecified service type" )
}
// buildServicesLB creates the configuration for the load-balancer of services named id, and defined in tService.
// It adds it to the given conf map.
2023-04-17 10:56:36 +02:00
func ( c configBuilder ) buildServicesLB ( ctx context . Context , namespace string , tService traefikv1alpha1 . TraefikServiceSpec , id string , conf map [ string ] * dynamic . Service ) error {
2019-11-14 19:28:04 +01:00
var wrrServices [ ] dynamic . WRRService
for _ , service := range tService . Weighted . Services {
fullName , k8sService , err := c . nameAndService ( ctx , namespace , service . LoadBalancerSpec )
if err != nil {
return err
}
if k8sService != nil {
conf [ fullName ] = k8sService
}
weight := service . Weight
if weight == nil {
weight = func ( i int ) * int { return & i } ( 1 )
}
wrrServices = append ( wrrServices , dynamic . WRRService {
Name : fullName ,
Weight : weight ,
} )
}
2024-11-06 16:04:04 +01:00
var sticky * dynamic . Sticky
if tService . Weighted . Sticky != nil && tService . Weighted . Sticky . Cookie != nil {
sticky = & dynamic . Sticky {
Cookie : & dynamic . Cookie {
Name : tService . Weighted . Sticky . Cookie . Name ,
Secure : tService . Weighted . Sticky . Cookie . Secure ,
HTTPOnly : tService . Weighted . Sticky . Cookie . HTTPOnly ,
SameSite : tService . Weighted . Sticky . Cookie . SameSite ,
MaxAge : tService . Weighted . Sticky . Cookie . MaxAge ,
} ,
}
sticky . Cookie . SetDefaults ( )
if tService . Weighted . Sticky . Cookie . Path != nil {
sticky . Cookie . Path = tService . Weighted . Sticky . Cookie . Path
}
}
2019-11-14 19:28:04 +01:00
conf [ id ] = & dynamic . Service {
Weighted : & dynamic . WeightedRoundRobin {
Services : wrrServices ,
2024-11-06 16:04:04 +01:00
Sticky : sticky ,
2019-11-14 19:28:04 +01:00
} ,
}
return nil
}
// buildMirroring creates the configuration for the mirroring service named id, and defined by tService.
// It adds it to the given conf map.
2023-04-17 10:56:36 +02:00
func ( c configBuilder ) buildMirroring ( ctx context . Context , tService * traefikv1alpha1 . TraefikService , id string , conf map [ string ] * dynamic . Service ) error {
2019-11-14 19:28:04 +01:00
fullNameMain , k8sService , err := c . nameAndService ( ctx , tService . Namespace , tService . Spec . Mirroring . LoadBalancerSpec )
if err != nil {
return err
}
if k8sService != nil {
conf [ fullNameMain ] = k8sService
}
var mirrorServices [ ] dynamic . MirrorService
for _ , mirror := range tService . Spec . Mirroring . Mirrors {
mirroredName , k8sService , err := c . nameAndService ( ctx , tService . Namespace , mirror . LoadBalancerSpec )
if err != nil {
return err
}
if k8sService != nil {
conf [ mirroredName ] = k8sService
}
mirrorServices = append ( mirrorServices , dynamic . MirrorService {
Name : mirroredName ,
Percent : mirror . Percent ,
} )
}
conf [ id ] = & dynamic . Service {
Mirroring : & dynamic . Mirroring {
2020-03-05 18:03:08 +01:00
Service : fullNameMain ,
Mirrors : mirrorServices ,
2024-09-02 16:36:06 +02:00
MirrorBody : tService . Spec . Mirroring . MirrorBody ,
2020-03-05 18:03:08 +01:00
MaxBodySize : tService . Spec . Mirroring . MaxBodySize ,
2019-11-14 19:28:04 +01:00
} ,
}
return nil
}
// buildServersLB creates the configuration for the load-balancer of servers defined by svc.
2023-04-17 10:56:36 +02:00
func ( c configBuilder ) buildServersLB ( namespace string , svc traefikv1alpha1 . LoadBalancerSpec ) ( * dynamic . Service , error ) {
2019-11-14 19:28:04 +01:00
servers , err := c . loadServers ( namespace , svc )
2019-08-26 10:30:05 +02:00
if err != nil {
return nil , err
}
2019-09-13 16:46:04 +02:00
lb := & dynamic . ServersLoadBalancer { }
lb . SetDefaults ( )
lb . Servers = servers
2024-06-04 09:32:04 +02:00
if svc . HealthCheck != nil {
lb . HealthCheck = & dynamic . ServerHealthCheck {
Scheme : svc . HealthCheck . Scheme ,
Path : svc . HealthCheck . Path ,
Method : svc . HealthCheck . Method ,
Status : svc . HealthCheck . Status ,
Port : svc . HealthCheck . Port ,
Hostname : svc . HealthCheck . Hostname ,
Headers : svc . HealthCheck . Headers ,
}
lb . HealthCheck . SetDefaults ( )
if svc . HealthCheck . FollowRedirects != nil {
lb . HealthCheck . FollowRedirects = svc . HealthCheck . FollowRedirects
}
if svc . HealthCheck . Mode != "http" {
lb . HealthCheck . Mode = svc . HealthCheck . Mode
}
if svc . HealthCheck . Interval != nil {
if err := lb . HealthCheck . Interval . Set ( svc . HealthCheck . Interval . String ( ) ) ; err != nil {
return nil , err
}
}
if svc . HealthCheck . Timeout != nil {
if err := lb . HealthCheck . Timeout . Set ( svc . HealthCheck . Timeout . String ( ) ) ; err != nil {
return nil , err
}
}
}
2019-09-30 18:12:04 +02:00
2019-11-14 19:28:04 +01:00
conf := svc
lb . PassHostHeader = conf . PassHostHeader
2019-09-30 18:12:04 +02:00
if lb . PassHostHeader == nil {
passHostHeader := true
lb . PassHostHeader = & passHostHeader
2019-09-13 16:46:04 +02:00
}
2022-11-16 11:38:07 +01:00
if conf . ResponseForwarding != nil && conf . ResponseForwarding . FlushInterval != "" {
err := lb . ResponseForwarding . FlushInterval . Set ( conf . ResponseForwarding . FlushInterval )
if err != nil {
return nil , fmt . Errorf ( "unable to parse flushInterval: %w" , err )
}
}
2019-09-13 16:46:04 +02:00
2024-11-06 16:04:04 +01:00
if svc . Sticky != nil && svc . Sticky . Cookie != nil {
lb . Sticky = & dynamic . Sticky {
Cookie : & dynamic . Cookie {
Name : svc . Sticky . Cookie . Name ,
Secure : svc . Sticky . Cookie . Secure ,
HTTPOnly : svc . Sticky . Cookie . HTTPOnly ,
SameSite : svc . Sticky . Cookie . SameSite ,
MaxAge : svc . Sticky . Cookie . MaxAge ,
} ,
}
lb . Sticky . Cookie . SetDefaults ( )
if svc . Sticky . Cookie . Path != nil {
lb . Sticky . Cookie . Path = svc . Sticky . Cookie . Path
}
}
2021-09-16 15:12:13 +02:00
lb . ServersTransport , err = c . makeServersTransportKey ( namespace , svc . ServersTransport )
if err != nil {
return nil , err
}
2019-11-14 19:28:04 +01:00
return & dynamic . Service { LoadBalancer : lb } , nil
2019-08-26 10:30:05 +02:00
}
2024-11-12 10:56:06 +01:00
func ( c configBuilder ) makeServersTransportKey ( parentNamespace string , serversTransportName string ) ( string , error ) {
2021-09-16 15:12:13 +02:00
if serversTransportName == "" {
return "" , nil
}
if ! c . allowCrossNamespace && strings . HasSuffix ( serversTransportName , providerNamespaceSeparator + providerName ) {
// Since we are not able to know if another namespace is in the name (namespace-name@kubernetescrd),
// if the provider namespace kubernetescrd is used,
// we don't allow this format to avoid cross namespace references.
return "" , fmt . Errorf ( "invalid reference to serversTransport %s: namespace-name@kubernetescrd format is not allowed when crossnamespace is disallowed" , serversTransportName )
}
if strings . Contains ( serversTransportName , providerNamespaceSeparator ) {
return serversTransportName , nil
}
return provider . Normalize ( makeID ( parentNamespace , serversTransportName ) ) , nil
}
2023-04-17 10:56:36 +02:00
func ( c configBuilder ) loadServers ( parentNamespace string , svc traefikv1alpha1 . LoadBalancerSpec ) ( [ ] dynamic . Server , error ) {
2019-08-26 10:30:05 +02:00
strategy := svc . Strategy
if strategy == "" {
2019-11-14 19:28:04 +01:00
strategy = roundRobinStrategy
2019-08-26 10:30:05 +02:00
}
2019-11-14 19:28:04 +01:00
if strategy != roundRobinStrategy {
return nil , fmt . Errorf ( "load balancing strategy %s is not supported" , strategy )
2019-08-26 10:30:05 +02:00
}
2020-12-10 14:58:04 +01:00
namespace := namespaceOrFallback ( svc , parentNamespace )
if ! isNamespaceAllowed ( c . allowCrossNamespace , parentNamespace , namespace ) {
return nil , fmt . Errorf ( "load balancer service %s/%s is not in the parent resource namespace %s" , svc . Namespace , svc . Name , parentNamespace )
}
2019-11-14 19:28:04 +01:00
// If the service uses explicitly the provider suffix
sanitizedName := strings . TrimSuffix ( svc . Name , providerNamespaceSeparator + providerName )
service , exists , err := c . client . GetService ( namespace , sanitizedName )
2019-08-26 10:30:05 +02:00
if err != nil {
return nil , err
}
if ! exists {
2019-11-14 19:28:04 +01:00
return nil , fmt . Errorf ( "kubernetes service not found: %s/%s" , namespace , sanitizedName )
2019-08-26 10:30:05 +02:00
}
2020-03-10 12:46:05 +01:00
svcPort , err := getServicePort ( service , svc . Port )
if err != nil {
return nil , err
2019-08-26 10:30:05 +02:00
}
2024-05-30 17:18:05 +02:00
if service . Spec . Type != corev1 . ServiceTypeExternalName && svc . HealthCheck != nil {
2024-06-21 14:56:03 +02:00
return nil , fmt . Errorf ( "healthCheck allowed only for ExternalName services: %s/%s" , namespace , sanitizedName )
2024-05-30 17:18:05 +02:00
}
2019-08-26 10:30:05 +02:00
if service . Spec . Type == corev1 . ServiceTypeExternalName {
2021-07-13 04:54:09 -06:00
if ! c . allowExternalNameServices {
return nil , fmt . Errorf ( "externalName services not allowed: %s/%s" , namespace , sanitizedName )
}
2020-03-10 12:46:05 +01:00
protocol , err := parseServiceProtocol ( svc . Scheme , svcPort . Name , svcPort . Port )
2020-02-25 01:12:04 -08:00
if err != nil {
return nil , err
2019-12-16 21:48:03 +01:00
}
2020-12-04 20:56:04 +01:00
hostPort := net . JoinHostPort ( service . Spec . ExternalName , strconv . Itoa ( int ( svcPort . Port ) ) )
2024-06-21 14:56:03 +02:00
return [ ] dynamic . Server { { URL : fmt . Sprintf ( "%s://%s" , protocol , hostPort ) } } , nil
2019-11-14 19:28:04 +01:00
}
2024-08-01 15:50:04 +02:00
nativeLB := c . nativeLBByDefault
2024-04-29 15:50:04 +05:30
if svc . NativeLB != nil {
nativeLB = * svc . NativeLB
}
if nativeLB {
address , err := getNativeServiceAddress ( * service , * svcPort )
if err != nil {
return nil , fmt . Errorf ( "getting native Kubernetes Service address: %w" , err )
}
protocol , err := parseServiceProtocol ( svc . Scheme , svcPort . Name , svcPort . Port )
if err != nil {
return nil , err
}
return [ ] dynamic . Server { { URL : fmt . Sprintf ( "%s://%s" , protocol , address ) } } , nil
}
2024-06-21 14:56:03 +02:00
var servers [ ] dynamic . Server
2024-02-27 10:54:04 +01:00
if service . Spec . Type == corev1 . ServiceTypeNodePort && svc . NodePortLB {
2024-08-01 15:50:04 +02:00
if c . disableClusterScopeResources {
return nil , errors . New ( "nodes lookup is disabled" )
}
2024-02-27 10:54:04 +01:00
nodes , nodesExists , nodesErr := c . client . GetNodes ( )
if nodesErr != nil {
return nil , nodesErr
}
if ! nodesExists || len ( nodes ) == 0 {
return nil , fmt . Errorf ( "nodes not found for NodePort service %s/%s" , namespace , sanitizedName )
}
protocol , err := parseServiceProtocol ( svc . Scheme , svcPort . Name , svcPort . Port )
if err != nil {
return nil , err
}
for _ , node := range nodes {
for _ , addr := range node . Status . Addresses {
if addr . Type == corev1 . NodeInternalIP {
hostPort := net . JoinHostPort ( addr . Address , strconv . Itoa ( int ( svcPort . NodePort ) ) )
servers = append ( servers , dynamic . Server {
URL : fmt . Sprintf ( "%s://%s" , protocol , hostPort ) ,
} )
}
}
}
if len ( servers ) == 0 {
return nil , fmt . Errorf ( "no servers were generated for service %s in namespace" , sanitizedName )
}
return servers , nil
}
2024-06-21 14:56:03 +02:00
endpointSlices , err := c . client . GetEndpointSlicesForService ( namespace , sanitizedName )
if err != nil {
return nil , fmt . Errorf ( "getting endpointslices: %w" , err )
2019-11-14 19:28:04 +01:00
}
2024-06-21 14:56:03 +02:00
addresses := map [ string ] struct { } { }
for _ , endpointSlice := range endpointSlices {
2023-05-31 10:40:05 +01:00
var port int32
2024-06-21 14:56:03 +02:00
for _ , p := range endpointSlice . Ports {
if svcPort . Name == * p . Name {
port = * p . Port
2019-11-14 19:28:04 +01:00
break
}
2019-10-18 11:12:05 +02:00
}
2019-11-14 19:28:04 +01:00
if port == 0 {
2023-05-31 10:40:05 +01:00
continue
2019-08-26 10:30:05 +02:00
}
2020-03-10 12:46:05 +01:00
protocol , err := parseServiceProtocol ( svc . Scheme , svcPort . Name , svcPort . Port )
2020-02-25 01:12:04 -08:00
if err != nil {
return nil , err
2019-08-26 10:30:05 +02:00
}
2024-06-21 14:56:03 +02:00
for _ , endpoint := range endpointSlice . Endpoints {
if endpoint . Conditions . Ready == nil || ! * endpoint . Conditions . Ready {
continue
}
for _ , address := range endpoint . Addresses {
if _ , ok := addresses [ address ] ; ok {
continue
}
2020-12-04 20:56:04 +01:00
2024-06-21 14:56:03 +02:00
addresses [ address ] = struct { } { }
servers = append ( servers , dynamic . Server {
URL : fmt . Sprintf ( "%s://%s" , protocol , net . JoinHostPort ( address , strconv . Itoa ( int ( port ) ) ) ) ,
} )
}
2019-08-26 10:30:05 +02:00
}
2019-11-14 19:28:04 +01:00
}
2019-08-26 10:30:05 +02:00
2024-06-21 14:56:03 +02:00
if len ( servers ) == 0 && ! c . allowEmptyServices {
return nil , fmt . Errorf ( "no servers found for %s/%s" , namespace , sanitizedName )
}
2019-11-14 19:28:04 +01:00
return servers , nil
}
2019-08-26 10:30:05 +02:00
2019-11-14 19:28:04 +01:00
// nameAndService returns the name that should be used for the svc service in the generated config.
// In addition, if the service is a Kubernetes one,
// it generates and returns the configuration part for such a service,
// so that the caller can add it to the global config map.
2023-04-17 10:56:36 +02:00
func ( c configBuilder ) nameAndService ( ctx context . Context , parentNamespace string , service traefikv1alpha1 . LoadBalancerSpec ) ( string , * dynamic . Service , error ) {
2022-11-21 18:36:05 +01:00
svcCtx := log . Ctx ( ctx ) . With ( ) . Str ( logs . ServiceName , service . Name ) . Logger ( ) . WithContext ( ctx )
2019-08-26 10:30:05 +02:00
2020-12-10 14:58:04 +01:00
namespace := namespaceOrFallback ( service , parentNamespace )
if ! isNamespaceAllowed ( c . allowCrossNamespace , parentNamespace , namespace ) {
return "" , nil , fmt . Errorf ( "service %s/%s not in the parent resource namespace %s" , service . Namespace , service . Name , parentNamespace )
}
2019-08-26 10:30:05 +02:00
2019-11-14 19:28:04 +01:00
switch {
case service . Kind == "" || service . Kind == "Service" :
serversLB , err := c . buildServersLB ( namespace , service )
if err != nil {
return "" , nil , err
2019-08-26 10:30:05 +02:00
}
2019-11-14 19:28:04 +01:00
2020-01-07 10:46:04 +01:00
fullName := fullServiceName ( svcCtx , namespace , service , service . Port )
2019-11-14 19:28:04 +01:00
return fullName , serversLB , nil
case service . Kind == "TraefikService" :
2021-01-15 06:54:04 -08:00
return fullServiceName ( svcCtx , namespace , service , intstr . FromInt ( 0 ) ) , nil , nil
2019-11-14 19:28:04 +01:00
default :
return "" , nil , fmt . Errorf ( "unsupported service kind %s" , service . Kind )
2019-08-26 10:30:05 +02:00
}
2019-11-14 19:28:04 +01:00
}
2019-08-26 10:30:05 +02:00
2019-11-14 19:28:04 +01:00
func splitSvcNameProvider ( name string ) ( string , string ) {
parts := strings . Split ( name , providerNamespaceSeparator )
svc := strings . Join ( parts [ : len ( parts ) - 1 ] , providerNamespaceSeparator )
pvd := parts [ len ( parts ) - 1 ]
return svc , pvd
}
2023-04-17 10:56:36 +02:00
func fullServiceName ( ctx context . Context , namespace string , service traefikv1alpha1 . LoadBalancerSpec , port intstr . IntOrString ) string {
2021-01-15 06:54:04 -08:00
if ( port . Type == intstr . Int && port . IntVal != 0 ) || ( port . Type == intstr . String && port . StrVal != "" ) {
return provider . Normalize ( fmt . Sprintf ( "%s-%s-%s" , namespace , service . Name , & port ) )
2019-11-14 19:28:04 +01:00
}
2020-01-07 10:46:04 +01:00
if ! strings . Contains ( service . Name , providerNamespaceSeparator ) {
return provider . Normalize ( fmt . Sprintf ( "%s-%s" , namespace , service . Name ) )
2019-11-14 19:28:04 +01:00
}
2020-01-07 10:46:04 +01:00
name , pName := splitSvcNameProvider ( service . Name )
2019-11-14 19:28:04 +01:00
if pName == providerName {
return provider . Normalize ( fmt . Sprintf ( "%s-%s" , namespace , name ) )
}
2020-01-07 10:46:04 +01:00
if service . Namespace != "" {
2022-11-21 18:36:05 +01:00
log . Ctx ( ctx ) . Warn ( ) . Msgf ( "namespace %q is ignored in cross-provider context" , service . Namespace )
2019-11-14 19:28:04 +01:00
}
return provider . Normalize ( name ) + providerNamespaceSeparator + pName
}
2023-04-17 10:56:36 +02:00
func namespaceOrFallback ( lb traefikv1alpha1 . LoadBalancerSpec , fallback string ) string {
2019-11-14 19:28:04 +01:00
if lb . Namespace != "" {
return lb . Namespace
}
return fallback
2019-08-26 10:30:05 +02:00
}
2022-05-19 16:42:09 +02:00
// getTLSHTTP mutates tlsConfigs.
2023-04-17 10:56:36 +02:00
func getTLSHTTP ( ctx context . Context , ingressRoute * traefikv1alpha1 . IngressRoute , k8sClient Client , tlsConfigs map [ string ] * tls . CertAndStores ) error {
2019-08-26 10:30:05 +02:00
if ingressRoute . Spec . TLS == nil {
return nil
}
if ingressRoute . Spec . TLS . SecretName == "" {
2022-11-21 18:36:05 +01:00
log . Ctx ( ctx ) . Debug ( ) . Msg ( "No secret name provided" )
2019-08-26 10:30:05 +02:00
return nil
}
configKey := ingressRoute . Namespace + "/" + ingressRoute . Spec . TLS . SecretName
if _ , tlsExists := tlsConfigs [ configKey ] ; ! tlsExists {
tlsConf , err := getTLS ( k8sClient , ingressRoute . Spec . TLS . SecretName , ingressRoute . Namespace )
if err != nil {
return err
}
tlsConfigs [ configKey ] = tlsConf
}
return nil
}
2020-02-25 01:12:04 -08:00
// parseServiceProtocol parses the scheme, port name, and number to determine the correct protocol.
// an error is returned if the scheme provided is invalid.
2020-07-07 14:42:03 +02:00
func parseServiceProtocol ( providedScheme , portName string , portNumber int32 ) ( string , error ) {
2020-02-25 01:12:04 -08:00
switch providedScheme {
case httpProtocol , httpsProtocol , "h2c" :
return providedScheme , nil
case "" :
if portNumber == 443 || strings . HasPrefix ( portName , httpsProtocol ) {
return httpsProtocol , nil
}
return httpProtocol , nil
}
return "" , fmt . Errorf ( "invalid scheme %q specified" , providedScheme )
}