-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Refactor nginx ssl passthrough #614
Conversation
Coverage decreased (-0.8%) to 45.507% when pulling e2fe3369a677b7a2e282d2e555eed4cca18bfccb on aledbf:refactor-passthrough into fc67b1d on kubernetes:master. |
Coverage decreased (-0.8%) to 45.492% when pulling e2fe3369a677b7a2e282d2e555eed4cca18bfccb on aledbf:refactor-passthrough into fc67b1d on kubernetes:master. |
} | ||
} | ||
} | ||
} | ||
if len(isHTTPSfrom) > 0 { | ||
if isHTTP { | ||
for _, server := range isHTTPSfrom { | ||
glog.Warningf("backend type mismatch on %v, assuming HTTP on ssl passthrough host %v", upstream.Name, server.Hostname) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This warning means the same backend is receiving http and https requests from the ingress controller. Any reason to remove it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@jcmoraisjr yes, the current code (with the logic to set SSLPassthrough false) break SSLPassthrough.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@jcmoraisjr this change basically rollback #540
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@jcmoraisjr let me finish the PR and then we can test the haproxy controller.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@jcmoraisjr we really need to start with the e2e testing to avoid this regressions (this is not the first time)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No problem. I was only talking about the warning. I think #540 doesn't need to be rolled back, but only revert the logic?
I'll try to run e2e as well before every pr (was assuming Travis was doing it for us).
e2fe336
to
7285372
Compare
1abf036
to
124c91e
Compare
7977364
to
590bc0d
Compare
This takes ideas from https://github.com/kubermatic/k8sniff/
Why? Using nginx for passthrough implies we loose the source IP address
TODO: