internal/dag: create separate roots for port 80 and port 443 vhosts #431
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Updates projectcontour#429 Each VirtualHost now has a Port field; VirtualHosts are unequal unless both their host name and port match. Signed-off-by: Dave Cheney <dave@cheney.net>
Signed-off-by: Dave Cheney <dave@cheney.net>
Avoid declaring nodes and edges more than once. For nodes this is fine because dot edit overwrites the declaration, or places them on top of one another. For edges this causes duplicate arrows when the dag converges. Signed-off-by: Dave Cheney <dave@cheney.net>
For TLS enabled sites, generate a second vhost entry to hold the certificate. Also bring in internal/contour's annotations package. TODO(move annotation processing to its own package) Signed-off-by: Dave Cheney <dave@cheney.net>
|
This looks like a good approach to me. This allows us to have more flexibility in the future and perhaps (if we can figure out the config story) having a contour instance listening on multiple ports for both HTTP and HTTPs. I could also see us expanding this (eventually, over time, with a lot of thinking) to represent TCP/UDP. The idea being that there is a "vhost" of |
The kubernetes.io/ingress.allow-http: false annotation prevent the creation of any port 80 listeners for ingresses carrying this annotation. Signed-off-by: Dave Cheney <dave@cheney.net>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Updates #429
This PR alters the DAG generation to create unique roots for each host/port combination. This embeds more information into the dag, for example, the port number of a vhost is no longer determined by the presence of a child secret object. Now the port a vhost listens on and if it uses TLS is independent -- although a vhost must have a child secret to be TLS enabled.
With this in place we can now start to generate different route graphs for the port 80 and port 443 listeners. This PR includes an example of this by adding support for the
kubernetes.io/ingress.allow-http: "false"annotation.It should be noted that TLS objects will never be attached to virtualhosts that do not have hostnames. See #410 for details.