Add IP to TransportServer Listener (#6367)

* add ip to transport listener * fix ci * add template test * remove space * add example readme to transportserver ip * add ipv6 * change ipv4ip to ipv4 * add back in nosec * python test transport server custom ip listener * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci * add global config event check to test * fix ip4vip to ipv4 in tests --------- Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
nginx · Sep 17, 2024 · b091bad · b091bad
1 parent ea56c16
commit b091bad
Show file tree

Hide file tree

Showing 23 changed files with 701 additions and 60 deletions.
diff --git a/charts/nginx-ingress/values.schema.json b/charts/nginx-ingress/values.schema.json
@@ -995,15 +995,15 @@
                           "dns-tcp"
                         ]
                       },
-                      "ipv4ip": {
+                      "ipv4": {
                         "type": "string",
                         "default": "",
                         "title": "The ipv4 ip",
                         "examples": [
                           "127.0.0.1"
                         ]
                       },
-                      "ipv6ip": {
+                      "ipv6": {
                         "type": "string",
                         "default": "",
                         "title": "The ipv6 ip",

diff --git a/docs/content/configuration/global-configuration/globalconfiguration-resource.md b/docs/content/configuration/global-configuration/globalconfiguration-resource.md
@@ -74,8 +74,8 @@ The `listeners:` key defines a listener (a combination of a protocol and a port)
 | *port* | The port of the listener. The port must fall into the range ``1..65535`` with the following exceptions: ``80``, ``443``, the [status port](/nginx-ingress-controller/logging-and-monitoring/status-page), the [Prometheus metrics port](/nginx-ingress-controller/logging-and-monitoring/prometheus). Among all listeners, only a single combination of a port-protocol is allowed. | *int* | Yes |
 | *protocol* | The protocol of the listener. Supported values: ``TCP``, ``UDP`` and ``HTTP``. | *string* | Yes |
 | *ssl* | Configures the listener with SSL. This is currently only supported for ``HTTP`` listeners. Default value is ``false`` | *bool* | No |
-| *ipv4* | Specifies the IPv4 address to listen on. This is currently only supported for ``HTTP`` or ``HTTPS``  listeners. | *string* | No |
-| *ipv6* | Specifies the IPv6 address to listen on. This is currently only supported for ``HTTP`` or ``HTTPS``  listeners. | *string* | No |
+| *ipv4* | Specifies the IPv4 address to listen on. | *string* | No |
+| *ipv6* | Specifies the IPv6 address to listen on. | *string* | No |
 
 {{</bootstrap-table>}}
 

diff --git a/examples/custom-resources/custom-ip-listeners/transportserver/README.md b/examples/custom-resources/custom-ip-listeners/transportserver/README.md
@@ -0,0 +1,215 @@
+# Custom IPv4 and IPv6 Address Listeners
+
+In this example, we will configure a TransportServer resource with custom IPv4 and IPv6 Address using TCP/UDP listeners.
+
+## Prerequisites
+
+1. Follow the [installation](https://docs.nginx.com/nginx-ingress-controller/installation/installation-with-manifests/)
+   instructions to deploy the Ingress Controller with custom resources enabled.
+2. Ensure the Ingress Controller is configured with the `-global-configuration` argument:
+
+   ```console
+   args:
+      - -global-configuration=$(POD_NAMESPACE)/nginx-configuration
+   ```
+
+**Note:**
+
+- **No Updates for GC:** If a GlobalConfiguration resource already exists, delete the previous one before applying the new configuration.
+- **Single Replica:** Only one replica is allowed when using this configuration.
+
+## Step 1 - Deploy the GlobalConfiguration resource
+
+Similar to how listeners are configured in our [custom-listeners](../../custom-listeners) examples,
+here we deploy a GlobalConfiguration resource with the listeners we want to use in our VirtualServer.
+
+   ```yaml
+apiVersion: k8s.nginx.org/v1
+kind: GlobalConfiguration
+metadata:
+  name: nginx-configuration
+  namespace: nginx-ingress
+spec:
+  listeners:
+  - name: tcp-ip-dns-listener
+    port: 5353
+    protocol: TCP 
+    ipv4: 127.0.0.1
+  - name: udp-ip-dns-listener
+    port: 5252 
+    protocol: UDP 
+    ipv4: 127.0.0.2
+    ipv6: ::1
+   ```
+
+   ```console
+   kubectl create -f global-configuration.yaml
+   ```
+
+## Step 2 - Deploy the DNS Application
+
+Create the dns deployment and service:
+
+   ```console
+   kubectl create -f dns.yaml
+   ```
+
+## Step 3 - Deploy the TransportServers with custom listeners
+
+The first TransportServer is set to use the udp listener defined in the GlobalConfiguration resource
+that was deployed in Step 1. Below is the yaml of this example TransportServer:
+
+```yaml
+apiVersion: k8s.nginx.org/v1
+kind: TransportServer
+metadata:
+  name: dns-udp
+spec:
+  listener:
+    name: udp-ip-dns-listener
+    protocol: UDP
+  upstreams:
+  - name: dns-app
+    service: coredns
+    port: 5252
+  upstreamParameters:
+    udpRequests: 1
+    udpResponses: 1
+  action:
+    pass: dns-app
+```
+
+Create the TransportServer resource:
+
+```console
+kubectl create -f udp-transport-server.yaml
+```
+
+The second TransportServer is set to use the tcp listener defined in the GlobalConfiguration resource.
+
+```yaml
+apiVersion: k8s.nginx.org/v1
+kind: TransportServer
+metadata:
+  name: tcp-dns
+spec:
+  listener:
+    name: tcp-ip-dns-listener
+    protocol: TCP
+  upstreams:
+  - name: dns-app
+    service: coredns
+    port: 5353
+  action:
+    pass: dns-app
+```
+
+Create the TransportServer resource:
+
+```console
+kubectl create -f tcp-transport-server.yaml
+```
+
+## Step 4 - Test the Configuration
+
+1. Check that the configuration has been successfully applied by inspecting the events of the TransportServer and the GlobalConfiguration:
+
+    ```console
+    kubectl describe ts udp-dns 
+    ```
+
+    Below you will see the events as well as the new `Listeners` field
+
+    ```console
+    . . .
+    Spec:
+      Listener:
+          name:   udp-ip-dns-listener
+          protocol: UDP 
+          
+    . . .
+    Routes:
+    . . .
+    Events:
+      Type    Reason          Age   From                      Message
+      ----    ------          ----  ----                      -------
+      Normal  AddedOrUpdated  1s    nginx-ingress-controller  Configuration for default/udp-dns was added or updated
+    ```
+
+    ```console
+    kubectl describe globalconfiguration nginx-configuration -n nginx-ingress
+    ```
+
+    ```console
+    . . .
+    Spec:
+      Listeners:
+        ipv4:      127.0.0.1
+        Name:      tcp-ip-dns-listener
+        Port:      5353 
+        Protocol:  TCP 
+        ipv4:      127.0.0.2
+        ipv6:      ::1
+        Name:      udp-ip-dns-listener
+        Port:      5252 
+        Protocol:  UDP 
+
+    Events:
+      Type    Reason   Age   From                      Message
+      ----    ------   ----  ----                      -------
+      Normal  Updated  10s   nginx-ingress-controller  GlobalConfiguration nginx-ingress/nginx-configuration was added or updated
+    ```
+
+2. Since the deployed TransportServer is using port `5252` this example. you can see that the specific ips and ports
+are set and listening by using the below commands:
+
+   Access the NGINX Pod:
+
+    ```console
+    kubectl get pods -n nginx-ingress
+    ```
+
+    ```text
+    NAME                             READY   STATUS    RESTARTS   AGE
+    nginx-ingress-5cc9c8f66-4dg2t    1/1     Running   0          50s
+    ```
+
+    ```console
+    kubectl debug -it nginx-ingress-5cc9c8f66-4dg2t --image=busybox:1.28 --target=nginx-ingress
+    ```
+
+    ```console
+    / # netstat -tulpn
+    Active Internet connections (only servers)
+    Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
+    tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      -
+    tcp        0      0 127.0.0.1:5353          0.0.0.0:*               LISTEN      -
+    tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      -
+    tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN      -
+    tcp        0      0 :::9113                 :::*                    LISTEN      -
+    tcp        0      0 :::80                   :::*                    LISTEN      -
+    tcp        0      0 :::443                  :::*                    LISTEN      -
+    tcp        0      0 :::8080                 :::*                    LISTEN      -
+    tcp        0      0 :::8081                 :::*                    LISTEN      -
+    udp        0      0 127.0.0.2:5252          0.0.0.0:*                           -
+    udp        0      0 ::1:5252                :::*                                -
+    / #
+    ```
+
+    We can see here that the two IPv4 addresses (`127.0.0.1:5353` and `127.0.0.2:5252`) and the one IPv6 address (`::1:5252`) are listed.
+
+3. Examine the NGINX config using the following command:
+
+    ```console
+    kubectl exec -it nginx-ingress-5cc9c8f66-4dg2t -n nginx-ingress -- cat /etc/nginx/stream-conf.d/ts_default_dns-udp.conf
+    ```
+
+    ```console
+        ...
+        server {
+            listen 127.0.0.2:5252 udp;
+            listen [::1]:5252 udp;
+
+            ...
+        }
+    ```
diff --git a/examples/custom-resources/custom-ip-listeners/transportserver/dns.yaml b/examples/custom-resources/custom-ip-listeners/transportserver/dns.yaml
@@ -0,0 +1,64 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: coredns
+data:
+  Corefile: |
+    .:5353 {
+      forward . 8.8.8.8:53
+      log
+    }
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: coredns
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: coredns
+  template:
+    metadata:
+      labels:
+        app: coredns
+    spec:
+      containers:
+      - name: coredns
+        image: coredns/coredns:1.10.0
+        args: [ "-conf", "/etc/coredns/Corefile" ]
+        volumeMounts:
+        - name: config-volume
+          mountPath: /etc/coredns
+          readOnly: true
+        ports:
+        - containerPort: 5353
+          name: dns
+          protocol: UDP
+        - containerPort: 5353
+          name: dns-tcp
+          protocol: TCP
+        securityContext:
+          readOnlyRootFilesystem: true
+      volumes:
+        - name: config-volume
+          configMap:
+            name: coredns
+            items:
+            - key: Corefile
+              path: Corefile
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: coredns
+spec:
+  selector:
+   app: coredns
+  ports:
+  - name: dns
+    port: 5353
+    protocol: UDP
+  - name: dns-tcp
+    port: 5353
+    protocol: TCP
diff --git a/examples/custom-resources/custom-ip-listeners/transportserver/global-configuration.yaml b/examples/custom-resources/custom-ip-listeners/transportserver/global-configuration.yaml
@@ -0,0 +1,16 @@
+apiVersion: k8s.nginx.org/v1
+kind: GlobalConfiguration
+metadata:
+  name: my-release-nginx-ingress-controller
+spec:
+  listeners:
+  - name: tcp-ip-dns-listener
+    port: 5353
+    protocol: TCP
+    ipv4: 127.0.0.1
+    ipv6: ::1
+  - name: udp-ip-dns-listener
+    port: 5252
+    protocol: UDP
+    ipv4: 127.0.0.2
+    ipv6: ::1
diff --git a/examples/custom-resources/custom-ip-listeners/transportserver/tcp-transport-server.yaml b/examples/custom-resources/custom-ip-listeners/transportserver/tcp-transport-server.yaml
@@ -0,0 +1,14 @@
+apiVersion: k8s.nginx.org/v1
+kind: TransportServer
+metadata:
+  name: tcp-dns
+spec:
+  listener:
+    name: tcp-ip-dns-listener
+    protocol: TCP
+  upstreams:
+  - name: dns-app
+    service: coredns
+    port: 5353
+  action:
+    pass: dns-app
diff --git a/examples/custom-resources/custom-ip-listeners/transportserver/udp-transport-server.yaml b/examples/custom-resources/custom-ip-listeners/transportserver/udp-transport-server.yaml
@@ -0,0 +1,17 @@
+apiVersion: k8s.nginx.org/v1
+kind: TransportServer
+metadata:
+  name: dns-udp
+spec:
+  listener:
+    name: udp-ip-dns-listener
+    protocol: UDP
+  upstreams:
+  - name: dns-app
+    service: coredns
+    port: 5353
+  upstreamParameters:
+    udpRequests: 1
+    udpResponses: 1
+  action:
+    pass: dns-app
diff --git a/internal/configs/transportserver.go b/internal/configs/transportserver.go
@@ -23,6 +23,8 @@ type TransportServerEx struct {
 	ExternalNameSvcs map[string]bool
 	DisableIPV6      bool
 	SecretRefs       map[string]*secrets.SecretReference
+	IPv4             string
+	IPv6             string
 }
 
 func (tsEx *TransportServerEx) String() string {
@@ -118,6 +120,8 @@ func generateTransportServerConfig(p transportServerConfigParams) (*version2.Tra
 			ServerSnippets:           serverSnippets,
 			DisableIPV6:              p.transportServerEx.DisableIPV6,
 			SSL:                      sslConfig,
+			IPv4:                     p.transportServerEx.IPv4,
+			IPv6:                     p.transportServerEx.IPv6,
 		},
 		Match:                   match,
 		Upstreams:               upstreams,