elias/caddy-ingess
1
0
Fork 0
mirror of https://github.com/eliasstepanik/caddy-ingess.git synced 2026-01-10 20:18:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add Backend Protocol & skip verify annotation (#103)

Browse Source
This commit is contained in:
Nila 2022-08-26 12:43:31 +02:00 committed by GitHub
parent 6257e88af7
commit 9dba87b050
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 23 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
internal/caddy/ingress/annotations.go
View File

@ -7,8 +7,18 @@ const (
rewriteToAnnotation = "rewrite-to"
rewriteStripPrefixAnnotation = "rewrite-strip-prefix"
disableSSLRedirect = "disable-ssl-redirect"
backendProtocol = "backend-protocol"
insecureSkipVerify = "insecure-skip-verify"
)
func getAnnotation(ing *v1.Ingress, rule string) string {
return ing.Annotations[annotationPrefix+"/"+rule]
}
func getAnnotationBool(ing *v1.Ingress, rule string, def bool) bool {
val := getAnnotation(ing, rule)
if val == "" {
return def
}
return val == "true"
}

13
internal/caddy/ingress/reverseproxy.go
View File

@ -2,6 +2,8 @@ package ingress
import (
"fmt"
"strings"
"github.com/caddyserver/caddy/v2/caddyconfig"
"github.com/caddyserver/caddy/v2/modules/caddyhttp"
"github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy"
@ -23,13 +25,24 @@ func (p ReverseProxyPlugin) IngressPlugin() converter.PluginInfo {
func (p ReverseProxyPlugin) IngressHandler(input converter.IngressMiddlewareInput) (*caddyhttp.Route, error) {
path := input.Path
ing := input.Ingress
backendProtocol := strings.ToLower(getAnnotation(ing, backendProtocol))
// TODO :-
// when setting the upstream url we should bypass kube-dns and get the ip address of
// the pod for the deployment we are proxying to so that we can proxy to that ip address port.
// this is good for session affinity and increases performance.
clusterHostName := fmt.Sprintf("%v.%v.svc.cluster.local:%d", path.Backend.Service.Name, ing.Namespace, path.Backend.Service.Port.Number)
transport := &reverseproxy.HTTPTransport{}
if backendProtocol == "https" {
transport.TLS = &reverseproxy.TLSConfig{
InsecureSkipVerify: getAnnotationBool(ing, insecureSkipVerify, true),
}
}
handler := reverseproxy.Handler{
TransportRaw: caddyconfig.JSONModuleObject(transport, "protocol", "http", nil),
Upstreams: reverseproxy.UpstreamPool{
{Dial: clusterHostName},
},