kubernetes · aledbf · Jun 16, 2017 · Jun 14, 2017 · Jun 14, 2017
diff --git a/core/pkg/ingress/annotations/auth/main.go b/core/pkg/ingress/annotations/auth/main.go
@@ -53,6 +53,29 @@ type BasicDigest struct {
 	Secured bool   `json:"secured"`
 }
 
+func (bd1 *BasicDigest) Equal(bd2 *BasicDigest) bool {
+	if bd1 == bd2 {
+		return true
+	}
+	if bd1 == nil || bd2 == nil {
+		return false
+	}
+	if bd1.Type != bd2.Type {
+		return false
+	}
+	if bd1.Realm != bd2.Realm {
+		return false
+	}
+	if bd1.File != bd2.File {
+		return false
+	}
+	if bd1.Secured != bd2.Secured {
+		return false
+	}
+
+	return true
+}
+
 type auth struct {
 	secretResolver resolver.Secret
 	authDirectory  string

diff --git a/core/pkg/ingress/annotations/authreq/main.go b/core/pkg/ingress/annotations/authreq/main.go
@@ -44,7 +44,49 @@ type External struct {
 	SigninURL       string   `json:"signinUrl"`
 	Method          string   `json:"method"`
 	SendBody        bool     `json:"sendBody"`
-	ResponseHeaders []string `json:"responseHeaders"`
+	ResponseHeaders []string `json:"responseHeaders,omitEmpty"`
+}
+
+func (e1 *External) Equal(e2 *External) bool {
+	if e1 == e2 {
+		return true
+	}
+	if e1 == nil || e2 == nil {
+		return false
+	}
+	if e1.URL != e2.URL {
+		return false
+	}
+	if e1.Host != e2.Host {
+		return false
+	}
+	if e1.SigninURL != e2.SigninURL {
+		return false
+	}
+	if e1.Method != e2.Method {
+		return false
+	}
+	if e1.SendBody != e2.SendBody {
+		return false
+	}
+	if e1.Method != e2.Method {
+		return false
+	}
+
+	for _, ep1 := range e1.ResponseHeaders {
+		found := false
+		for _, ep2 := range e2.ResponseHeaders {
+			if ep1 == ep2 {
+				found = true
+				break
+			}
+		}
+		if !found {
+			return false
+		}
+	}
+
+	return true
 }
 
 var (

diff --git a/core/pkg/ingress/annotations/authtls/main.go b/core/pkg/ingress/annotations/authtls/main.go
@@ -36,8 +36,25 @@ const (
 // AuthSSLConfig contains the AuthSSLCert used for muthual autentication
 // and the configured ValidationDepth
 type AuthSSLConfig struct {
-	AuthSSLCert     resolver.AuthSSLCert
-	ValidationDepth int `json:"validationDepth"`
+	AuthSSLCert     resolver.AuthSSLCert `json:"authSSLCert"`
+	ValidationDepth int                  `json:"validationDepth"`
+}
+
+func (assl1 *AuthSSLConfig) Equal(assl2 *AuthSSLConfig) bool {
+	if assl1 == assl2 {
+		return true
+	}
+	if assl1 == nil || assl2 == nil {
+		return false
+	}
+	if !(&assl1.AuthSSLCert).Equal(&assl2.AuthSSLCert) {
+		return false
+	}
+	if assl1.ValidationDepth != assl2.ValidationDepth {
+		return false
+	}
+
+	return true
 }
 
 // NewParser creates a new TLS authentication annotation parser

diff --git a/core/pkg/ingress/annotations/ipwhitelist/main.go b/core/pkg/ingress/annotations/ipwhitelist/main.go
@@ -36,7 +36,35 @@ const (
 
 // SourceRange returns the CIDR
 type SourceRange struct {
-	CIDR []string `json:"cidr"`
+	CIDR []string `json:"cidr,omitEmpty"`
+}
+
+func (sr1 *SourceRange) Equal(sr2 *SourceRange) bool {
+	if sr1 == sr2 {
+		return true
+	}
+	if sr1 == nil || sr2 == nil {
+		return false
+	}
+
+	if len(sr1.CIDR) != len(sr2.CIDR) {
+		return false
+	}
+
+	for _, s1l := range sr1.CIDR {
+		found := false
+		for _, sl2 := range sr2.CIDR {
+			if s1l == sl2 {
+				found = true
+				break
+			}
+		}
+		if !found {
+			return false
+		}
+	}
+
+	return true
 }
 
 type ipwhitelist struct {

diff --git a/core/pkg/ingress/annotations/proxy/main.go b/core/pkg/ingress/annotations/proxy/main.go
@@ -44,6 +44,38 @@ type Configuration struct {
 	CookiePath     string `json:"cookiePath"`
 }
 
+func (l1 *Configuration) Equal(l2 *Configuration) bool {
+	if l1 == l2 {
+		return true
+	}
+	if l1 == nil || l2 == nil {
+		return false
+	}
+	if l1.BodySize != l2.BodySize {
+		return false
+	}
+	if l1.ConnectTimeout != l2.ConnectTimeout {
+		return false
+	}
+	if l1.SendTimeout != l2.SendTimeout {
+		return false
+	}
+	if l1.ReadTimeout != l2.ReadTimeout {
+		return false
+	}
+	if l1.BufferSize != l2.BufferSize {
+		return false
+	}
+	if l1.CookieDomain != l2.CookieDomain {
+		return false
+	}
+	if l1.CookiePath != l2.CookiePath {
+		return false
+	}
+
+	return true
+}
+
 type proxy struct {
 	backendResolver resolver.DefaultBackend
 }

diff --git a/core/pkg/ingress/annotations/ratelimit/main.go b/core/pkg/ingress/annotations/ratelimit/main.go
@@ -47,6 +47,23 @@ type RateLimit struct {
 	RPS Zone `json:"rps"`
 }
 
+func (rt1 *RateLimit) Equal(rt2 *RateLimit) bool {
+	if rt1 == rt2 {
+		return true
+	}
+	if rt1 == nil || rt2 == nil {
+		return false
+	}
+	if !(&rt1.Connections).Equal(&rt2.Connections) {
+		return false
+	}
+	if !(&rt1.RPS).Equal(&rt2.RPS) {
+		return false
+	}
+
+	return true
+}
+
 // Zone returns information about the NGINX rate limit (limit_req_zone)
 // http://nginx.org/en/docs/http/ngx_http_limit_req_module.html#limit_req_zone
 type Zone struct {
@@ -57,6 +74,29 @@ type Zone struct {
 	SharedSize int `json:"sharedSize"`
 }
 
+func (z1 *Zone) Equal(z2 *Zone) bool {
+	if z1 == z2 {
+		return true
+	}
+	if z1 == nil || z2 == nil {
+		return false
+	}
+	if z1.Name != z2.Name {
+		return false
+	}
+	if z1.Limit != z2.Limit {
+		return false
+	}
+	if z1.Burst != z2.Burst {
+		return false
+	}
+	if z1.SharedSize != z2.SharedSize {
+		return false
+	}
+
+	return true
+}
+
 type ratelimit struct {
 }
 

diff --git a/core/pkg/ingress/annotations/rewrite/main.go b/core/pkg/ingress/annotations/rewrite/main.go
@@ -46,6 +46,32 @@ type Redirect struct {
 	AppRoot string `json:"appRoot"`
 }
 
+func (r1 *Redirect) Equal(r2 *Redirect) bool {
+	if r1 == r2 {
+		return true
+	}
+	if r1 == nil || r2 == nil {
+		return false
+	}
+	if r1.Target != r2.Target {
+		return false
+	}
+	if r1.AddBaseURL != r2.AddBaseURL {
+		return false
+	}
+	if r1.SSLRedirect != r2.SSLRedirect {
+		return false
+	}
+	if r1.ForceSSLRedirect != r2.ForceSSLRedirect {
+		return false
+	}
+	if r1.AppRoot != r2.AppRoot {
+		return false
+	}
+
+	return true
+}
+
 type rewrite struct {
 	backendResolver resolver.DefaultBackend
 }

diff --git a/core/pkg/ingress/annotations/secureupstream/main.go b/core/pkg/ingress/annotations/secureupstream/main.go
@@ -18,6 +18,7 @@ package secureupstream
 
 import (
 	"fmt"
+
 	"github.com/pkg/errors"
 	extensions "k8s.io/client-go/pkg/apis/extensions/v1beta1"
 
@@ -32,8 +33,8 @@ const (
 
 // Secure describes SSL backend configuration
 type Secure struct {
-	Secure bool
-	CACert resolver.AuthSSLCert
+	Secure bool                 `json:"secure"`
+	CACert resolver.AuthSSLCert `json:"caCert"`
 }
 
 type su struct {

diff --git a/core/pkg/ingress/controller/controller.go b/core/pkg/ingress/controller/controller.go
@@ -18,6 +18,7 @@ package controller
 
 import (
 	"fmt"
+	"math/rand"
 	"os"
 	"reflect"
 	"sort"
@@ -108,6 +109,8 @@ type GenericController struct {
 	stopLock *sync.Mutex
 
 	stopCh chan struct{}
+
+	runningConfig *ingress.Configuration
 }
 
 // Configuration contains all the settings required by an Ingress controller
@@ -400,14 +403,22 @@ func (ic *GenericController) syncIngress(key interface{}) error {
 		}
 	}
 
-	err := ic.cfg.Backend.OnUpdate(ingress.Configuration{
+	pcfg := ingress.Configuration{
 		Backends:            upstreams,
 		Servers:             servers,
 		TCPEndpoints:        ic.getStreamServices(ic.cfg.TCPConfigMapName, api.ProtocolTCP),
 		UDPEndpoints:        ic.getStreamServices(ic.cfg.UDPConfigMapName, api.ProtocolUDP),
 		PassthroughBackends: passUpstreams,
-	})
+	}
+
+	if ic.runningConfig != nil && ic.runningConfig.Equal(&pcfg) {
+		glog.V(3).Infof("skipping backend reload (no changes detected)")
+		return nil
+	}
+
+	glog.Infof("backend reload required")
 
+	err := ic.cfg.Backend.OnUpdate(pcfg)
 	if err != nil {
 		incReloadErrorCount()
 		glog.Errorf("unexpected failure restarting the backend: \n%v", err)
@@ -418,6 +429,8 @@ func (ic *GenericController) syncIngress(key interface{}) error {
 	incReloadCount()
 	setSSLExpireTime(servers)
 
+	ic.runningConfig = &pcfg
+
 	return nil
 }
 
@@ -679,9 +692,6 @@ func (ic *GenericController) getBackendServers() ([]*ingress.Backend, []*ingress
 		}
 	}
 
-	// TODO: find a way to make this more readable
-	// The structs must be ordered to always generate the same file
-	// if the content does not change.
 	aUpstreams := make([]*ingress.Backend, 0, len(upstreams))
 	for _, value := range upstreams {
 		if len(value.Endpoints) == 0 {
@@ -690,7 +700,6 @@ func (ic *GenericController) getBackendServers() ([]*ingress.Backend, []*ingress
 		}
 		aUpstreams = append(aUpstreams, value)
 	}
-	sort.Sort(ingress.BackendByNameServers(aUpstreams))
 
 	aServers := make([]*ingress.Server, 0, len(servers))
 	for _, value := range servers {
@@ -847,12 +856,17 @@ func (ic *GenericController) serviceEndpoints(svcKey, backendPort string,
 				glog.Warningf("service %v does not have any active endpoints", svcKey)
 			}
 
-			sort.Sort(ingress.EndpointByAddrPort(endps))
 			upstreams = append(upstreams, endps...)
 			break
 		}
 	}
 
+	rand.Seed(time.Now().UnixNano())
+	for i := range upstreams {
+		j := rand.Intn(i + 1)
+		upstreams[i], upstreams[j] = upstreams[j], upstreams[i]
+	}
+
 	return upstreams, nil
 }
 

diff --git a/core/pkg/ingress/resolver/main.go b/core/pkg/ingress/resolver/main.go
@@ -51,3 +51,17 @@ type AuthSSLCert struct {
 	// PemSHA contains the SHA1 hash of the 'tls.crt' value
 	PemSHA string `json:"pemSha"`
 }
+
+func (asslc1 *AuthSSLCert) Equal(assl2 *AuthSSLCert) bool {
+	if asslc1.Secret != assl2.Secret {
+		return false
+	}
+	if asslc1.CAFileName != assl2.CAFileName {
+		return false
+	}
+	if asslc1.PemSHA != assl2.PemSHA {
+		return false
+	}
+
+	return true
+}