diff --git a/cmd/nginx-ingress/flags.go b/cmd/nginx-ingress/flags.go index d5c1076a8a..1d58792310 100644 --- a/cmd/nginx-ingress/flags.go +++ b/cmd/nginx-ingress/flags.go @@ -114,6 +114,10 @@ var ( `Path to the TransportServer NGINX configuration template for a TransportServer resource. (default for NGINX "nginx.transportserver.tmpl"; default for NGINX Plus "nginx-plus.transportserver.tmpl")`) + oidcTemplatePath = flag.String("oidc-template-path", "", + `Path to the OIDC NGINX configuration template. + (default for NGINX Plus "oidc.tmpl")`) + externalService = flag.String("external-service", "", `Specifies the name of the service with the type LoadBalancer through which the Ingress Controller pods are exposed externally. The external address of the service is used when reporting the status of Ingress, VirtualServer and VirtualServerRoute resources. For Ingress resources only: Requires -report-ingress-status.`) @@ -429,7 +433,7 @@ func mustValidateFlags(ctx context.Context) { nl.Fatal(l, "ingresslink and external-service cannot both be set") } - if *nginxPlus && *mgmtConfigMap == "" { + if *nginxPlus && *mgmtConfigMap == "" && *proxyURL == "" { nl.Fatal(l, "NGINX Plus requires a mgmt ConfigMap to be set") } } diff --git a/cmd/nginx-ingress/main.go b/cmd/nginx-ingress/main.go index 0de9e2407d..db91d5d2a1 100644 --- a/cmd/nginx-ingress/main.go +++ b/cmd/nginx-ingress/main.go @@ -90,7 +90,10 @@ func main() { ctx := initLogger(*logFormat, logLevels[*logLevel], os.Stdout) l := nl.LoggerFromContext(ctx) - cleanupSocketFiles(l) + // TODO: Use fake manager + if *proxyURL == "" { + cleanupSocketFiles(l) + } initValidate(ctx) parsedFlags := os.Args[1:] @@ -103,10 +106,36 @@ func main() { if err := validateKubernetesVersionInfo(ctx, kubeClient); err != nil { nl.Fatal(l, err) } - pod, err := kubeClient.CoreV1().Pods(controllerNamespace).Get(context.TODO(), podName, meta_v1.GetOptions{}) - if err != nil { - nl.Fatalf(l, "Failed to get pod: %v", err) + + var pod *api_v1.Pod + + if *proxyURL != "" { + if controllerNamespace == "" { + controllerNamespace = "nginx-ingress" + } + if podName == "" { + podName = "nginx-ingress-controller-proxy-mode" + } + pod = &api_v1.Pod{ + ObjectMeta: meta_v1.ObjectMeta{ + Name: podName, + Namespace: controllerNamespace, + OwnerReferences: []meta_v1.OwnerReference{ + { + Kind: "Deployment", + Name: "nginx-ingress-controller-proxy-mode", + }, + }, + }, + } + } else { + var err error + pod, err = kubeClient.CoreV1().Pods(controllerNamespace).Get(context.TODO(), podName, meta_v1.GetOptions{}) + if err != nil { + nl.Fatalf(l, "Failed to get pod: %v", err) + } } + eventBroadcaster := record.NewBroadcaster() eventBroadcaster.StartLogging(func(format string, args ...interface{}) { nl.Infof(l, format, args...) @@ -129,13 +158,13 @@ func main() { var licenseReporter *license_reporting.LicenseReporter - if *nginxPlus { + if *nginxPlus && *proxyURL == "" { licenseReporter = license_reporting.NewLicenseReporter(kubeClient, eventRecorder, pod) } var deploymentMetadata *metadata.Metadata - if *agent { + if *agent && *proxyURL == "" { deploymentMetadata = metadata.NewMetadataReporter(kubeClient, pod, version) } @@ -156,15 +185,28 @@ func main() { } var agentVersion string - if *agent { + if *agent && *proxyURL == "" { agentVersion = getAgentVersionInfo(nginxManager) } - go updateSelfWithVersionInfo(ctx, eventRecorder, kubeClient, version, appProtectVersion, agentVersion, nginxVersion, 10, time.Second*5) + // Skip pod label updates in proxy mode since the pod may not exist or be accessible + if *proxyURL == "" { + go updateSelfWithVersionInfo(ctx, eventRecorder, kubeClient, version, appProtectVersion, agentVersion, nginxVersion, 10, time.Second*5) + } var mgmtCfgParams *configs.MGMTConfigParams if *nginxPlus { - mgmtCfgParams = processMGMTConfigMap(kubeClient, configs.NewDefaultMGMTConfigParams(ctx), eventRecorder, pod) + if *proxyURL == "" { + mgmtCfgParams = processMGMTConfigMap(kubeClient, configs.NewDefaultMGMTConfigParams(ctx), eventRecorder, pod) + } else { + // In proxy mode, also process the mgmt configmap if specified + if *mgmtConfigMap != "" { + mgmtCfgParams = processMGMTConfigMap(kubeClient, configs.NewDefaultMGMTConfigParams(ctx), eventRecorder, pod) + } else { + mgmtCfgParams = configs.NewDefaultMGMTConfigParams(ctx) + } + } + if err := processLicenseSecret(kubeClient, nginxManager, mgmtCfgParams, controllerNamespace); err != nil { logEventAndExit(ctx, eventRecorder, pod, secretErrorReason, err) } @@ -176,7 +218,6 @@ func main() { if err := processClientAuthSecret(kubeClient, nginxManager, mgmtCfgParams, controllerNamespace); err != nil { logEventAndExit(ctx, eventRecorder, pod, secretErrorReason, err) } - } templateExecutor, templateExecutorV2 := createTemplateExecutors(ctx) @@ -236,12 +277,10 @@ func main() { DefaultCABundle: caBundlePath, } - if *nginxPlus { - if cfgParams.ZoneSync.Enable && cfgParams.ZoneSync.Port != 0 { - err := createAndValidateHeadlessService(ctx, kubeClient, cfgParams, controllerNamespace, pod) - if err != nil { - logEventAndExit(ctx, eventRecorder, pod, nl.EventReasonServiceFailedToCreate, err) - } + if *nginxPlus && cfgParams.ZoneSync.Enable && cfgParams.ZoneSync.Port != 0 { + err := createAndValidateHeadlessService(ctx, kubeClient, cfgParams, controllerNamespace, pod) + if err != nil { + logEventAndExit(ctx, eventRecorder, pod, nl.EventReasonServiceFailedToCreate, err) } } @@ -255,7 +294,7 @@ func main() { process := startChildProcesses(nginxManager, appProtectV5) plusClient := createPlusClient(ctx, *nginxPlus, useFakeNginxManager, nginxManager) - if *nginxPlus { + if *nginxPlus && *proxyURL == "" { licenseReporter.Config.PlusClient = plusClient } @@ -570,6 +609,9 @@ func createTemplateExecutors(ctx context.Context) (*version1.TemplateExecutor, * if *transportServerTemplatePath != "" { nginxTransportServerTemplatePath = *transportServerTemplatePath } + if *oidcTemplatePath != "" { + nginxOIDCConfTemplatePath = *oidcTemplatePath + } templateExecutor, err := version1.NewTemplateExecutor(nginxConfTemplatePath, nginxIngressTemplatePath) if err != nil { @@ -588,7 +630,7 @@ func createNginxManager(ctx context.Context, managerCollector collectors.Manager useFakeNginxManager := *proxyURL != "" var nginxManager nginx.Manager if useFakeNginxManager { - nginxManager = nginx.NewFakeManager("/etc/nginx") + nginxManager = nginx.NewFakeManager(ctx, "/etc/nginx") } else { timeout := time.Duration(*nginxReloadTimeout) * time.Millisecond nginxManager = nginx.NewLocalManager(ctx, "/etc/nginx/", *nginxDebug, managerCollector, licenseReporter, deploymentMetadata, timeout, *nginxPlus) diff --git a/internal/configs/configurator_bench_test.go b/internal/configs/configurator_bench_test.go index cf8d1fb586..f5397a79fb 100644 --- a/internal/configs/configurator_bench_test.go +++ b/internal/configs/configurator_bench_test.go @@ -23,7 +23,7 @@ func createTestConfiguratorBench() (*Configurator, error) { return nil, err } - manager := nginx.NewFakeManager("/etc/nginx") + manager := nginx.NewFakeManager(context.Background(), "/etc/nginx") cnf := NewConfigurator(ConfiguratorParams{ NginxManager: manager, StaticCfgParams: createTestStaticConfigParams(), diff --git a/internal/configs/configurator_test.go b/internal/configs/configurator_test.go index 97bae53292..db98b15727 100644 --- a/internal/configs/configurator_test.go +++ b/internal/configs/configurator_test.go @@ -47,7 +47,7 @@ func createTestConfigurator(t *testing.T) *Configurator { t.Fatal(err) } - manager := nginx.NewFakeManager("/etc/nginx") + manager := nginx.NewFakeManager(context.Background(), "/etc/nginx") cnf := NewConfigurator(ConfiguratorParams{ NginxManager: manager, StaticCfgParams: createTestStaticConfigParams(), @@ -79,7 +79,7 @@ func createTestConfiguratorInvalidIngressTemplate(t *testing.T) *Configurator { t.Fatal(err) } - manager := nginx.NewFakeManager("/etc/nginx") + manager := nginx.NewFakeManager(context.Background(), "/etc/nginx") cnf := NewConfigurator(ConfiguratorParams{ NginxManager: manager, StaticCfgParams: createTestStaticConfigParams(), diff --git a/internal/configs/version1/template_test.go b/internal/configs/version1/template_test.go index 62178b9de4..9960480035 100644 --- a/internal/configs/version1/template_test.go +++ b/internal/configs/version1/template_test.go @@ -2,6 +2,7 @@ package version1 import ( "bytes" + "context" "os" "strconv" "strings" @@ -13,7 +14,7 @@ import ( "github.com/nginx/kubernetes-ingress/internal/nginx" ) -var fakeManager = nginx.NewFakeManager("/etc/nginx") +var fakeManager = nginx.NewFakeManager(context.Background(), "/etc/nginx") func TestMain(m *testing.M) { v := m.Run() diff --git a/internal/nginx/fake_manager.go b/internal/nginx/fake_manager.go index 8042f8720d..b97310706f 100644 --- a/internal/nginx/fake_manager.go +++ b/internal/nginx/fake_manager.go @@ -1,14 +1,13 @@ package nginx import ( + "context" "log/slog" "net/http" "os" "path" nl "github.com/nginx/kubernetes-ingress/internal/logger" - nic_glog "github.com/nginx/kubernetes-ingress/internal/logger/glog" - "github.com/nginx/kubernetes-ingress/internal/logger/levels" "github.com/nginx/nginx-plus-go-client/v3/client" ) @@ -21,12 +20,13 @@ type FakeManager struct { } // NewFakeManager creates a FakeManager. -func NewFakeManager(confPath string) *FakeManager { +func NewFakeManager(ctx context.Context, confPath string) *FakeManager { + l := nl.LoggerFromContext(ctx) return &FakeManager{ confdPath: path.Join(confPath, "conf.d"), secretsPath: path.Join(confPath, "secrets"), dhparamFilename: path.Join(confPath, "secrets", "dhparam.pem"), - logger: slog.New(nic_glog.New(os.Stdout, &nic_glog.Options{Level: levels.LevelInfo})), + logger: l, } } diff --git a/internal/telemetry/collector_test.go b/internal/telemetry/collector_test.go index b9a0a027f0..60c6d0f024 100644 --- a/internal/telemetry/collector_test.go +++ b/internal/telemetry/collector_test.go @@ -2651,7 +2651,7 @@ func newConfigurator(t *testing.T) *configs.Configurator { t.Fatal(err) } - manager := nginx.NewFakeManager("/etc/nginx") + manager := nginx.NewFakeManager(context.Background(), "/etc/nginx") cnf := configs.NewConfigurator(configs.ConfiguratorParams{ NginxManager: manager, StaticCfgParams: &configs.StaticConfigParams{