202 lines
5.4 KiB
Go
202 lines
5.4 KiB
Go
|
package crd
|
||
|
|
||
|
import (
|
||
|
"context"
|
||
|
"errors"
|
||
|
"fmt"
|
||
|
"strings"
|
||
|
|
||
|
"github.com/containous/traefik/v2/pkg/config/dynamic"
|
||
|
"github.com/containous/traefik/v2/pkg/log"
|
||
|
"github.com/containous/traefik/v2/pkg/provider/kubernetes/crd/traefik/v1alpha1"
|
||
|
"github.com/containous/traefik/v2/pkg/tls"
|
||
|
corev1 "k8s.io/api/core/v1"
|
||
|
)
|
||
|
|
||
|
func (p *Provider) loadIngressRouteTCPConfiguration(ctx context.Context, client Client, tlsConfigs map[string]*tls.CertAndStores) *dynamic.TCPConfiguration {
|
||
|
conf := &dynamic.TCPConfiguration{
|
||
|
Routers: map[string]*dynamic.TCPRouter{},
|
||
|
Services: map[string]*dynamic.TCPService{},
|
||
|
}
|
||
|
|
||
|
for _, ingressRouteTCP := range client.GetIngressRouteTCPs() {
|
||
|
logger := log.FromContext(log.With(ctx, log.Str("ingress", ingressRouteTCP.Name), log.Str("namespace", ingressRouteTCP.Namespace)))
|
||
|
|
||
|
if !shouldProcessIngress(p.IngressClass, ingressRouteTCP.Annotations[annotationKubernetesIngressClass]) {
|
||
|
continue
|
||
|
}
|
||
|
|
||
|
if ingressRouteTCP.Spec.TLS != nil && !ingressRouteTCP.Spec.TLS.Passthrough {
|
||
|
err := getTLSTCP(ctx, ingressRouteTCP, client, tlsConfigs)
|
||
|
if err != nil {
|
||
|
logger.Errorf("Error configuring TLS: %v", err)
|
||
|
}
|
||
|
}
|
||
|
|
||
|
ingressName := ingressRouteTCP.Name
|
||
|
if len(ingressName) == 0 {
|
||
|
ingressName = ingressRouteTCP.GenerateName
|
||
|
}
|
||
|
|
||
|
for _, route := range ingressRouteTCP.Spec.Routes {
|
||
|
if len(route.Match) == 0 {
|
||
|
logger.Errorf("Empty match rule")
|
||
|
continue
|
||
|
}
|
||
|
|
||
|
if err := checkStringQuoteValidity(route.Match); err != nil {
|
||
|
logger.Errorf("Invalid syntax for match rule: %s", route.Match)
|
||
|
continue
|
||
|
}
|
||
|
|
||
|
var allServers []dynamic.TCPServer
|
||
|
for _, service := range route.Services {
|
||
|
servers, err := loadTCPServers(client, ingressRouteTCP.Namespace, service)
|
||
|
if err != nil {
|
||
|
logger.
|
||
|
WithField("serviceName", service.Name).
|
||
|
WithField("servicePort", service.Port).
|
||
|
Errorf("Cannot create service: %v", err)
|
||
|
continue
|
||
|
}
|
||
|
|
||
|
allServers = append(allServers, servers...)
|
||
|
}
|
||
|
|
||
|
key, e := makeServiceKey(route.Match, ingressName)
|
||
|
if e != nil {
|
||
|
logger.Error(e)
|
||
|
continue
|
||
|
}
|
||
|
|
||
|
serviceName := makeID(ingressRouteTCP.Namespace, key)
|
||
|
conf.Routers[serviceName] = &dynamic.TCPRouter{
|
||
|
EntryPoints: ingressRouteTCP.Spec.EntryPoints,
|
||
|
Rule: route.Match,
|
||
|
Service: serviceName,
|
||
|
}
|
||
|
|
||
|
if ingressRouteTCP.Spec.TLS != nil {
|
||
|
conf.Routers[serviceName].TLS = &dynamic.RouterTCPTLSConfig{
|
||
|
Passthrough: ingressRouteTCP.Spec.TLS.Passthrough,
|
||
|
CertResolver: ingressRouteTCP.Spec.TLS.CertResolver,
|
||
|
}
|
||
|
|
||
|
if ingressRouteTCP.Spec.TLS.Options != nil && len(ingressRouteTCP.Spec.TLS.Options.Name) > 0 {
|
||
|
tlsOptionsName := ingressRouteTCP.Spec.TLS.Options.Name
|
||
|
// Is a Kubernetes CRD reference (i.e. not a cross-provider reference)
|
||
|
ns := ingressRouteTCP.Spec.TLS.Options.Namespace
|
||
|
if !strings.Contains(tlsOptionsName, "@") {
|
||
|
if len(ns) == 0 {
|
||
|
ns = ingressRouteTCP.Namespace
|
||
|
}
|
||
|
tlsOptionsName = makeID(ns, tlsOptionsName)
|
||
|
} else if len(ns) > 0 {
|
||
|
logger.
|
||
|
WithField("TLSoptions", ingressRouteTCP.Spec.TLS.Options.Name).
|
||
|
Warnf("namespace %q is ignored in cross-provider context", ns)
|
||
|
}
|
||
|
|
||
|
conf.Routers[serviceName].TLS.Options = tlsOptionsName
|
||
|
|
||
|
}
|
||
|
}
|
||
|
|
||
|
conf.Services[serviceName] = &dynamic.TCPService{
|
||
|
LoadBalancer: &dynamic.TCPLoadBalancerService{
|
||
|
Servers: allServers,
|
||
|
},
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
return conf
|
||
|
}
|
||
|
|
||
|
func loadTCPServers(client Client, namespace string, svc v1alpha1.ServiceTCP) ([]dynamic.TCPServer, error) {
|
||
|
service, exists, err := client.GetService(namespace, svc.Name)
|
||
|
if err != nil {
|
||
|
return nil, err
|
||
|
}
|
||
|
|
||
|
if !exists {
|
||
|
return nil, errors.New("service not found")
|
||
|
}
|
||
|
|
||
|
var portSpec *corev1.ServicePort
|
||
|
for _, p := range service.Spec.Ports {
|
||
|
if svc.Port == p.Port {
|
||
|
portSpec = &p
|
||
|
break
|
||
|
}
|
||
|
}
|
||
|
|
||
|
if portSpec == nil {
|
||
|
return nil, errors.New("service port not found")
|
||
|
}
|
||
|
|
||
|
var servers []dynamic.TCPServer
|
||
|
if service.Spec.Type == corev1.ServiceTypeExternalName {
|
||
|
servers = append(servers, dynamic.TCPServer{
|
||
|
Address: fmt.Sprintf("%s:%d", service.Spec.ExternalName, portSpec.Port),
|
||
|
})
|
||
|
} else {
|
||
|
endpoints, endpointsExists, endpointsErr := client.GetEndpoints(namespace, svc.Name)
|
||
|
if endpointsErr != nil {
|
||
|
return nil, endpointsErr
|
||
|
}
|
||
|
|
||
|
if !endpointsExists {
|
||
|
return nil, errors.New("endpoints not found")
|
||
|
}
|
||
|
|
||
|
if len(endpoints.Subsets) == 0 {
|
||
|
return nil, errors.New("subset not found")
|
||
|
}
|
||
|
|
||
|
var port int32
|
||
|
for _, subset := range endpoints.Subsets {
|
||
|
for _, p := range subset.Ports {
|
||
|
if portSpec.Name == p.Name {
|
||
|
port = p.Port
|
||
|
break
|
||
|
}
|
||
|
}
|
||
|
|
||
|
if port == 0 {
|
||
|
return nil, errors.New("cannot define a port")
|
||
|
}
|
||
|
|
||
|
for _, addr := range subset.Addresses {
|
||
|
servers = append(servers, dynamic.TCPServer{
|
||
|
Address: fmt.Sprintf("%s:%d", addr.IP, port),
|
||
|
})
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
return servers, nil
|
||
|
}
|
||
|
|
||
|
func getTLSTCP(ctx context.Context, ingressRoute *v1alpha1.IngressRouteTCP, k8sClient Client, tlsConfigs map[string]*tls.CertAndStores) error {
|
||
|
if ingressRoute.Spec.TLS == nil {
|
||
|
return nil
|
||
|
}
|
||
|
if ingressRoute.Spec.TLS.SecretName == "" {
|
||
|
log.FromContext(ctx).Debugf("No secret name provided")
|
||
|
return nil
|
||
|
}
|
||
|
|
||
|
configKey := ingressRoute.Namespace + "/" + ingressRoute.Spec.TLS.SecretName
|
||
|
if _, tlsExists := tlsConfigs[configKey]; !tlsExists {
|
||
|
tlsConf, err := getTLS(k8sClient, ingressRoute.Spec.TLS.SecretName, ingressRoute.Namespace)
|
||
|
if err != nil {
|
||
|
return err
|
||
|
}
|
||
|
|
||
|
tlsConfigs[configKey] = tlsConf
|
||
|
}
|
||
|
|
||
|
return nil
|
||
|
}
|