From 148573c3010986e975bc3061cff5b7465f8db744 Mon Sep 17 00:00:00 2001 From: Luca Comellini Date: Tue, 30 Jun 2020 20:50:58 -0700 Subject: [PATCH 01/16] Add readiness endpoint --- cmd/nginx-ingress/main.go | 31 +++++++++++++++++++ deployments/deployment/nginx-ingress.yaml | 8 +++++ .../deployment/nginx-plus-ingress.yaml | 8 +++++ deployments/helm-chart/README.md | 2 ++ .../templates/controller-daemonset.yaml | 13 ++++++++ .../templates/controller-deployment.yaml | 13 ++++++++ deployments/helm-chart/values.yaml | 6 ++++ .../command-line-arguments.md | 12 ++++++- internal/k8s/controller.go | 16 +++++++++- internal/k8s/task_queue.go | 5 +++ 10 files changed, 112 insertions(+), 2 deletions(-) diff --git a/cmd/nginx-ingress/main.go b/cmd/nginx-ingress/main.go index aade059fad..f62fdf288e 100644 --- a/cmd/nginx-ingress/main.go +++ b/cmd/nginx-ingress/main.go @@ -154,6 +154,10 @@ var ( spireAgentAddress = flag.String("spire-agent-address", "", `Specifies the address of the running Spire agent. For use with NGINX Service Mesh only. If the flag is set, but the Ingress Controller is not able to connect with the Spire Agent, the Ingress Controller will fail to start.`) + + readyStatus = flag.Bool("ready-status", false, "Enable readiness endpoint '/nginx-ready'. The endpoint returns a success code when NGINX has loaded all the config after startup") + + readyStatusPort = flag.Int("ready-status-port", 8081, "Set the port where the readiness endpoint is exposed. [1024 - 65535]") ) func main() { @@ -189,6 +193,11 @@ func main() { glog.Fatalf("Invalid value for prometheus-metrics-listen-port: %v", metricsPortValidationError) } + readyStatusPortValidationError := validatePort(*readyStatusPort) + if readyStatusPortValidationError != nil { + glog.Fatalf("Invalid value for ready-status-port: %v", readyStatusPortValidationError) + } + allowedCIDRs, err := parseNginxStatusAllowCIDRs(*nginxStatusAllowCIDRs) if err != nil { glog.Fatalf(`Invalid value for nginx-status-allow-cidrs: %v`, err) @@ -510,15 +519,27 @@ func main() { GlobalConfigurationValidator: globalConfigurationValidator, TransportServerValidator: transportServerValidator, SpireAgentAddress: *spireAgentAddress, + FirstRun: *readyStatus, } lbc := k8s.NewLoadBalancerController(lbcInput) +<<<<<<< HEAD if *appProtect { go handleTerminationWithAppProtect(lbc, nginxManager, nginxDone, aPAgentDone, aPPluginDone) } else { go handleTermination(lbc, nginxManager, nginxDone) } +======= + if *readyStatus { + go func() { + port := fmt.Sprintf(":%v", *readyStatusPort) + http.HandleFunc("/nginx-ready", ready(lbc)) + glog.Fatal(http.ListenAndServe(port, nil)) + }() + } + go handleTermination(lbc, nginxManager, nginxDone) +>>>>>>> 8611280a... Add readiness endpoint lbc.Run() for { @@ -708,3 +729,13 @@ func parseReloadTimeout(appProtectEnabled bool, timeout int) int { return defaultTimeout } + +func ready(lbc *k8s.LoadBalancerController) http.HandlerFunc { + return func(w http.ResponseWriter, _ *http.Request) { + if !lbc.IsNginxReady() { + http.Error(w, http.StatusText(http.StatusServiceUnavailable), http.StatusServiceUnavailable) + return + } + w.WriteHeader(http.StatusOK) + } +} diff --git a/deployments/deployment/nginx-ingress.yaml b/deployments/deployment/nginx-ingress.yaml index d59d641735..2a9cf2e578 100644 --- a/deployments/deployment/nginx-ingress.yaml +++ b/deployments/deployment/nginx-ingress.yaml @@ -28,6 +28,13 @@ spec: containerPort: 443 #- name: prometheus #containerPort: 9113 + #- name: readiness-port + #containerPort: 8081 + #readinessProbe: + #httpGet: + #path: /nginx-ready + #port: readiness-port + #periodSeconds: 1 securityContext: allowPrivilegeEscalation: true runAsUser: 101 #nginx @@ -49,6 +56,7 @@ spec: - -nginx-configmaps=$(POD_NAMESPACE)/nginx-config - -default-server-tls-secret=$(POD_NAMESPACE)/default-server-secret #- -v=3 # Enables extensive logging. Useful for troubleshooting. + #- -ready-status #- -report-ingress-status #- -external-service=nginx-ingress #- -enable-prometheus-metrics diff --git a/deployments/deployment/nginx-plus-ingress.yaml b/deployments/deployment/nginx-plus-ingress.yaml index be41f8b6fc..a7022e97a7 100644 --- a/deployments/deployment/nginx-plus-ingress.yaml +++ b/deployments/deployment/nginx-plus-ingress.yaml @@ -28,6 +28,13 @@ spec: containerPort: 443 #- name: prometheus #containerPort: 9113 + #- name: readiness-port + #containerPort: 8081 + #readinessProbe: + #httpGet: + #path: /nginx-ready + #port: readiness-port + #periodSeconds: 1 securityContext: allowPrivilegeEscalation: true runAsUser: 101 #nginx @@ -51,6 +58,7 @@ spec: - -default-server-tls-secret=$(POD_NAMESPACE)/default-server-secret #- -enable-app-protect #- -v=3 # Enables extensive logging. Useful for troubleshooting. + #- -ready-status #- -report-ingress-status #- -external-service=nginx-ingress #- -enable-prometheus-metrics diff --git a/deployments/helm-chart/README.md b/deployments/helm-chart/README.md index 4d7e896c05..f8d60c35ef 100644 --- a/deployments/helm-chart/README.md +++ b/deployments/helm-chart/README.md @@ -255,6 +255,8 @@ Parameter | Description | Default `controller.reportIngressStatus.annotations` | The annotations of the leader election configmap. | {} `controller.pod.annotations` | The annotations of the Ingress Controller pod. | {} `controller.appprotect.enable` | Enables the App Protect module in the Ingress Controller. | false +`controller.readyStatus.enable` | Enables liveness endpoint `"/nginx-ready"`. The endpoint returns a success code when NGINX has loaded all the config after startup. | false + `controller.readyStaus.port` | The HTTP port for the liveness endpoint | 8081 `rbac.create` | Configures RBAC. | true `prometheus.create` | Expose NGINX or NGINX Plus metrics in the Prometheus format. | false `prometheus.port` | Configures the port to scrape the metrics. | 9113 diff --git a/deployments/helm-chart/templates/controller-daemonset.yaml b/deployments/helm-chart/templates/controller-daemonset.yaml index 9b1c558e56..bec3ac1255 100644 --- a/deployments/helm-chart/templates/controller-daemonset.yaml +++ b/deployments/helm-chart/templates/controller-daemonset.yaml @@ -64,6 +64,15 @@ spec: {{- if .Values.prometheus.create }} - name: prometheus containerPort: {{ .Values.prometheus.port }} +{{- end }} +{{- if .Values.controller.readyStatus.enable }} + - name: readiness-port + containerPort: {{ .Values.controller.readyStatus.port}} + readinessProbe: + httpGet: + path: /nginx-ready + port: readiness-port + periodSeconds: 1 {{- end }} securityContext: allowPrivilegeEscalation: true @@ -137,4 +146,8 @@ spec: - -global-configuration=$(POD_NAMESPACE)/{{ .Release.Name }} {{- end }} {{- end }} +{{- if .Values.controller.readyStatus.enable }} + - -ready-status + - -ready-status-port={{ .Values.controller.readyStaus.port }} +{{- end }} {{- end }} diff --git a/deployments/helm-chart/templates/controller-deployment.yaml b/deployments/helm-chart/templates/controller-deployment.yaml index 47ec2824c6..00769a86bd 100644 --- a/deployments/helm-chart/templates/controller-deployment.yaml +++ b/deployments/helm-chart/templates/controller-deployment.yaml @@ -62,6 +62,15 @@ spec: {{- if .Values.prometheus.create }} - name: prometheus containerPort: {{ .Values.prometheus.port }} +{{- end }} +{{- if .Values.controller.readyStatus.enable }} + - name: readiness-port + containerPort: {{ .Values.controller.readyStatus.port}} + readinessProbe: + httpGet: + path: /nginx-ready + port: readiness-port + periodSeconds: 1 {{- end }} resources: {{ toYaml .Values.controller.resources | indent 10 }} @@ -135,4 +144,8 @@ spec: - -global-configuration=$(POD_NAMESPACE)/{{ .Release.Name }} {{- end }} {{- end }} +{{- if .Values.controller.readyStatus.enable }} + - -ready-status + - -ready-status-port={{ .Values.controller.readyStaus.port }} +{{- end }} {{- end }} diff --git a/deployments/helm-chart/values.yaml b/deployments/helm-chart/values.yaml index 9f490ce6c9..8c7918c059 100644 --- a/deployments/helm-chart/values.yaml +++ b/deployments/helm-chart/values.yaml @@ -259,6 +259,12 @@ controller: ## The PriorityClass of the ingress controller pods. priorityClassName: + readyStatus: + ## Enable readiness endpoint "/nginx-ready". The endpoint returns a success code when NGINX has loaded all the config after startup. + enable: false + + ## Set the port where the readiness endpoint is exposed. + port: 8081 rbac: ## Configures RBAC. diff --git a/docs-web/configuration/global-configuration/command-line-arguments.md b/docs-web/configuration/global-configuration/command-line-arguments.md index 4f206125c8..ef8f5c0c8a 100644 --- a/docs-web/configuration/global-configuration/command-line-arguments.md +++ b/docs-web/configuration/global-configuration/command-line-arguments.md @@ -188,5 +188,15 @@ Below we describe the available command-line arguments: Requires :option:`-nginx-plus` - If the argument is set, but `nginx-plus` is set to false, the Ingress Controller will fail to start. - + +.. option:: -ready-status + + Enables liveness endpoint "/nginx-ready". The endpoint returns a success code when NGINX has loaded all the config after startup. + +.. option:: -ready-status-port + + The HTTP port for the liveness endpoint. + + Format: ``[1024 - 65535]`` (default 8081) + ``` diff --git a/internal/k8s/controller.go b/internal/k8s/controller.go index f1d3818ded..84f8fbaed9 100644 --- a/internal/k8s/controller.go +++ b/internal/k8s/controller.go @@ -145,6 +145,8 @@ type LoadBalancerController struct { transportServerValidator *validation.TransportServerValidator spiffeController *spiffeController syncLock sync.Mutex + firstRun bool + isNginxReady bool } var keyFunc = cache.DeletionHandlingMetaNamespaceKeyFunc @@ -175,6 +177,7 @@ type NewLoadBalancerControllerInput struct { GlobalConfigurationValidator *validation.GlobalConfigurationValidator TransportServerValidator *validation.TransportServerValidator SpireAgentAddress string + FirstRun bool } // NewLoadBalancerController creates a controller @@ -200,6 +203,7 @@ func NewLoadBalancerController(input NewLoadBalancerControllerInput) *LoadBalanc metricsCollector: input.MetricsCollector, globalConfigurationValidator: input.GlobalConfigurationValidator, transportServerValidator: input.TransportServerValidator, + firstRun: input.FirstRun, } eventBroadcaster := record.NewBroadcaster() @@ -271,7 +275,6 @@ func NewLoadBalancerController(input NewLoadBalancerControllerInput) *LoadBalanc } lbc.updateIngressMetrics() - return lbc } @@ -935,6 +938,12 @@ func (lbc *LoadBalancerController) syncPolicy(task task) { } } } + + if lbc.firstRun && lbc.syncQueue.Len() == 0 { + lbc.firstRun = false + lbc.isNginxReady = true + glog.V(3).Infof("NGINX is ready") + } } func (lbc *LoadBalancerController) syncTransportServer(task task) { @@ -3255,3 +3264,8 @@ func (lbc *LoadBalancerController) findIngressesForAppProtectResource(namespace } return apIngs } + +// IsNginxReady returns ready status of NGINX +func (lbc *LoadBalancerController) IsNginxReady() bool { + return lbc.isNginxReady +} diff --git a/internal/k8s/task_queue.go b/internal/k8s/task_queue.go index b36686a70a..41b689f159 100644 --- a/internal/k8s/task_queue.go +++ b/internal/k8s/task_queue.go @@ -65,6 +65,11 @@ func (tq *taskQueue) Requeue(task task, err error) { tq.queue.Add(task) } +func (tq *taskQueue) Len() int { + glog.V(3).Infof("The queue has %v element(s)", tq.queue.Len()) + return tq.queue.Len() +} + // RequeueAfter adds the task to the queue after the given duration func (tq *taskQueue) RequeueAfter(t task, err error, after time.Duration) { glog.Errorf("Requeuing %v after %s, err %v", t.Key, after.String(), err) From f267619665d5b554aa679c199c9345342518b8ca Mon Sep 17 00:00:00 2001 From: Luca Comellini Date: Thu, 2 Jul 2020 10:48:41 -0700 Subject: [PATCH 02/16] Apply suggestions from code review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Raúl --- cmd/nginx-ingress/main.go | 2 +- deployments/helm-chart/README.md | 4 ++-- deployments/helm-chart/values.yaml | 2 +- .../global-configuration/command-line-arguments.md | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/cmd/nginx-ingress/main.go b/cmd/nginx-ingress/main.go index f62fdf288e..dc5de557ff 100644 --- a/cmd/nginx-ingress/main.go +++ b/cmd/nginx-ingress/main.go @@ -155,7 +155,7 @@ var ( `Specifies the address of the running Spire agent. For use with NGINX Service Mesh only. If the flag is set, but the Ingress Controller is not able to connect with the Spire Agent, the Ingress Controller will fail to start.`) - readyStatus = flag.Bool("ready-status", false, "Enable readiness endpoint '/nginx-ready'. The endpoint returns a success code when NGINX has loaded all the config after startup") + readyStatus = flag.Bool("ready-status", false, "Enables readiness endpoint '/nginx-ready'. The endpoint returns a success code when NGINX has loaded all the config after startup") readyStatusPort = flag.Int("ready-status-port", 8081, "Set the port where the readiness endpoint is exposed. [1024 - 65535]") ) diff --git a/deployments/helm-chart/README.md b/deployments/helm-chart/README.md index f8d60c35ef..f067587288 100644 --- a/deployments/helm-chart/README.md +++ b/deployments/helm-chart/README.md @@ -255,8 +255,8 @@ Parameter | Description | Default `controller.reportIngressStatus.annotations` | The annotations of the leader election configmap. | {} `controller.pod.annotations` | The annotations of the Ingress Controller pod. | {} `controller.appprotect.enable` | Enables the App Protect module in the Ingress Controller. | false -`controller.readyStatus.enable` | Enables liveness endpoint `"/nginx-ready"`. The endpoint returns a success code when NGINX has loaded all the config after startup. | false - `controller.readyStaus.port` | The HTTP port for the liveness endpoint | 8081 +`controller.readyStatus.enable` | Enables readiness endpoint `"/nginx-ready"`. The endpoint returns a success code when NGINX has loaded all the config after startup. | false + `controller.readyStaus.port` | The HTTP port for the readiness endpoint | 8081 `rbac.create` | Configures RBAC. | true `prometheus.create` | Expose NGINX or NGINX Plus metrics in the Prometheus format. | false `prometheus.port` | Configures the port to scrape the metrics. | 9113 diff --git a/deployments/helm-chart/values.yaml b/deployments/helm-chart/values.yaml index 8c7918c059..02726cd3e5 100644 --- a/deployments/helm-chart/values.yaml +++ b/deployments/helm-chart/values.yaml @@ -260,7 +260,7 @@ controller: ## The PriorityClass of the ingress controller pods. priorityClassName: readyStatus: - ## Enable readiness endpoint "/nginx-ready". The endpoint returns a success code when NGINX has loaded all the config after startup. + ## Enables readiness endpoint "/nginx-ready". The endpoint returns a success code when NGINX has loaded all the config after startup. enable: false ## Set the port where the readiness endpoint is exposed. diff --git a/docs-web/configuration/global-configuration/command-line-arguments.md b/docs-web/configuration/global-configuration/command-line-arguments.md index ef8f5c0c8a..397fd094fb 100644 --- a/docs-web/configuration/global-configuration/command-line-arguments.md +++ b/docs-web/configuration/global-configuration/command-line-arguments.md @@ -191,11 +191,11 @@ Below we describe the available command-line arguments: .. option:: -ready-status - Enables liveness endpoint "/nginx-ready". The endpoint returns a success code when NGINX has loaded all the config after startup. + Enables readiness endpoint "/nginx-ready". The endpoint returns a success code when NGINX has loaded all the config after startup. .. option:: -ready-status-port - The HTTP port for the liveness endpoint. + The HTTP port for the readiness endpoint. Format: ``[1024 - 65535]`` (default 8081) From b4bde8eb02a64c4907363a72ff6319b679f441a0 Mon Sep 17 00:00:00 2001 From: Luca Comellini Date: Thu, 2 Jul 2020 10:53:33 -0700 Subject: [PATCH 03/16] Add examples to daemon-set --- deployments/daemon-set/nginx-ingress.yaml | 8 ++++++++ deployments/daemon-set/nginx-plus-ingress.yaml | 8 ++++++++ 2 files changed, 16 insertions(+) diff --git a/deployments/daemon-set/nginx-ingress.yaml b/deployments/daemon-set/nginx-ingress.yaml index 5fa03633f7..ebbeea8b56 100644 --- a/deployments/daemon-set/nginx-ingress.yaml +++ b/deployments/daemon-set/nginx-ingress.yaml @@ -29,6 +29,13 @@ spec: hostPort: 443 #- name: prometheus #containerPort: 9113 + #- name: readiness-port + #containerPort: 8081 + #readinessProbe: + #httpGet: + #path: /nginx-ready + #port: readiness-port + #periodSeconds: 1 securityContext: allowPrivilegeEscalation: true runAsUser: 101 #nginx @@ -50,6 +57,7 @@ spec: - -nginx-configmaps=$(POD_NAMESPACE)/nginx-config - -default-server-tls-secret=$(POD_NAMESPACE)/default-server-secret #- -v=3 # Enables extensive logging. Useful for troubleshooting. + #- -ready-status #- -report-ingress-status #- -external-service=nginx-ingress #- -enable-prometheus-metrics diff --git a/deployments/daemon-set/nginx-plus-ingress.yaml b/deployments/daemon-set/nginx-plus-ingress.yaml index 487bfc7412..d8da3469e8 100644 --- a/deployments/daemon-set/nginx-plus-ingress.yaml +++ b/deployments/daemon-set/nginx-plus-ingress.yaml @@ -29,6 +29,13 @@ spec: hostPort: 443 #- name: prometheus #containerPort: 9113 + #- name: readiness-port + #containerPort: 8081 + #readinessProbe: + #httpGet: + #path: /nginx-ready + #port: readiness-port + #periodSeconds: 1 securityContext: allowPrivilegeEscalation: true runAsUser: 101 #nginx @@ -52,6 +59,7 @@ spec: - -default-server-tls-secret=$(POD_NAMESPACE)/default-server-secret #- -enable-app-protect #- -v=3 # Enables extensive logging. Useful for troubleshooting. + #- -ready-status #- -report-ingress-status #- -external-service=nginx-ingress #- -enable-prometheus-metrics From 8dfc4ddee4ea6c817410ab1dbcdfa565163b2b74 Mon Sep 17 00:00:00 2001 From: Luca Comellini Date: Wed, 8 Jul 2020 09:24:01 -0700 Subject: [PATCH 04/16] Apply suggestions from code review --- deployments/daemon-set/nginx-ingress.yaml | 10 +++++----- deployments/daemon-set/nginx-plus-ingress.yaml | 10 +++++----- deployments/deployment/nginx-ingress.yaml | 10 +++++----- deployments/deployment/nginx-plus-ingress.yaml | 10 +++++----- deployments/helm-chart/values.yaml | 1 + internal/k8s/task_queue.go | 1 + 6 files changed, 22 insertions(+), 20 deletions(-) diff --git a/deployments/daemon-set/nginx-ingress.yaml b/deployments/daemon-set/nginx-ingress.yaml index ebbeea8b56..da596aae13 100644 --- a/deployments/daemon-set/nginx-ingress.yaml +++ b/deployments/daemon-set/nginx-ingress.yaml @@ -31,11 +31,11 @@ spec: #containerPort: 9113 #- name: readiness-port #containerPort: 8081 - #readinessProbe: - #httpGet: - #path: /nginx-ready - #port: readiness-port - #periodSeconds: 1 + #readinessProbe: + #httpGet: + #path: /nginx-ready + #port: readiness-port + #periodSeconds: 1 securityContext: allowPrivilegeEscalation: true runAsUser: 101 #nginx diff --git a/deployments/daemon-set/nginx-plus-ingress.yaml b/deployments/daemon-set/nginx-plus-ingress.yaml index d8da3469e8..41ad1c31d5 100644 --- a/deployments/daemon-set/nginx-plus-ingress.yaml +++ b/deployments/daemon-set/nginx-plus-ingress.yaml @@ -31,11 +31,11 @@ spec: #containerPort: 9113 #- name: readiness-port #containerPort: 8081 - #readinessProbe: - #httpGet: - #path: /nginx-ready - #port: readiness-port - #periodSeconds: 1 + #readinessProbe: + #httpGet: + #path: /nginx-ready + #port: readiness-port + #periodSeconds: 1 securityContext: allowPrivilegeEscalation: true runAsUser: 101 #nginx diff --git a/deployments/deployment/nginx-ingress.yaml b/deployments/deployment/nginx-ingress.yaml index 2a9cf2e578..ec65d7aced 100644 --- a/deployments/deployment/nginx-ingress.yaml +++ b/deployments/deployment/nginx-ingress.yaml @@ -30,11 +30,11 @@ spec: #containerPort: 9113 #- name: readiness-port #containerPort: 8081 - #readinessProbe: - #httpGet: - #path: /nginx-ready - #port: readiness-port - #periodSeconds: 1 + #readinessProbe: + #httpGet: + #path: /nginx-ready + #port: readiness-port + #periodSeconds: 1 securityContext: allowPrivilegeEscalation: true runAsUser: 101 #nginx diff --git a/deployments/deployment/nginx-plus-ingress.yaml b/deployments/deployment/nginx-plus-ingress.yaml index a7022e97a7..a3b21620b8 100644 --- a/deployments/deployment/nginx-plus-ingress.yaml +++ b/deployments/deployment/nginx-plus-ingress.yaml @@ -30,11 +30,11 @@ spec: #containerPort: 9113 #- name: readiness-port #containerPort: 8081 - #readinessProbe: - #httpGet: - #path: /nginx-ready - #port: readiness-port - #periodSeconds: 1 + #readinessProbe: + #httpGet: + #path: /nginx-ready + #port: readiness-port + #periodSeconds: 1 securityContext: allowPrivilegeEscalation: true runAsUser: 101 #nginx diff --git a/deployments/helm-chart/values.yaml b/deployments/helm-chart/values.yaml index 02726cd3e5..5d902bdc2d 100644 --- a/deployments/helm-chart/values.yaml +++ b/deployments/helm-chart/values.yaml @@ -259,6 +259,7 @@ controller: ## The PriorityClass of the ingress controller pods. priorityClassName: + readyStatus: ## Enables readiness endpoint "/nginx-ready". The endpoint returns a success code when NGINX has loaded all the config after startup. enable: false diff --git a/internal/k8s/task_queue.go b/internal/k8s/task_queue.go index 41b689f159..13512e65d3 100644 --- a/internal/k8s/task_queue.go +++ b/internal/k8s/task_queue.go @@ -65,6 +65,7 @@ func (tq *taskQueue) Requeue(task task, err error) { tq.queue.Add(task) } +// Len returns the length of the queue func (tq *taskQueue) Len() int { glog.V(3).Infof("The queue has %v element(s)", tq.queue.Len()) return tq.queue.Len() From 2b68d04dee45acb79c954323c4d531a78aff0196 Mon Sep 17 00:00:00 2001 From: Luca Comellini Date: Wed, 8 Jul 2020 09:25:21 -0700 Subject: [PATCH 05/16] Apply suggestions from code review Co-authored-by: Michael Pleshakov --- cmd/nginx-ingress/main.go | 2 +- deployments/helm-chart/README.md | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/cmd/nginx-ingress/main.go b/cmd/nginx-ingress/main.go index dc5de557ff..220a172553 100644 --- a/cmd/nginx-ingress/main.go +++ b/cmd/nginx-ingress/main.go @@ -155,7 +155,7 @@ var ( `Specifies the address of the running Spire agent. For use with NGINX Service Mesh only. If the flag is set, but the Ingress Controller is not able to connect with the Spire Agent, the Ingress Controller will fail to start.`) - readyStatus = flag.Bool("ready-status", false, "Enables readiness endpoint '/nginx-ready'. The endpoint returns a success code when NGINX has loaded all the config after startup") + readyStatus = flag.Bool("ready-status", false, "Enables the readiness endpoint '/nginx-ready'. The endpoint returns a success code when NGINX has loaded all the config after the startup") readyStatusPort = flag.Int("ready-status-port", 8081, "Set the port where the readiness endpoint is exposed. [1024 - 65535]") ) diff --git a/deployments/helm-chart/README.md b/deployments/helm-chart/README.md index f067587288..a1fbbf3d7f 100644 --- a/deployments/helm-chart/README.md +++ b/deployments/helm-chart/README.md @@ -255,8 +255,8 @@ Parameter | Description | Default `controller.reportIngressStatus.annotations` | The annotations of the leader election configmap. | {} `controller.pod.annotations` | The annotations of the Ingress Controller pod. | {} `controller.appprotect.enable` | Enables the App Protect module in the Ingress Controller. | false -`controller.readyStatus.enable` | Enables readiness endpoint `"/nginx-ready"`. The endpoint returns a success code when NGINX has loaded all the config after startup. | false - `controller.readyStaus.port` | The HTTP port for the readiness endpoint | 8081 +`controller.readyStatus.enable` | Enables the readiness endpoint `"/nginx-ready"`. The endpoint returns a success code when NGINX has loaded all the config after the startup. This also configures a readiness probe for the Ingress Controller pods that uses the readiness endpoint. | false + `controller.readyStaus.port` | The HTTP port for the readiness endpoint. | 8081 `rbac.create` | Configures RBAC. | true `prometheus.create` | Expose NGINX or NGINX Plus metrics in the Prometheus format. | false `prometheus.port` | Configures the port to scrape the metrics. | 9113 From dbb5a242f0a68df2e88bdd46a0571e53fecd3534 Mon Sep 17 00:00:00 2001 From: Luca Comellini Date: Wed, 8 Jul 2020 09:38:18 -0700 Subject: [PATCH 06/16] Fix merge conflict --- cmd/nginx-ingress/main.go | 16 +++++++--------- internal/k8s/controller.go | 11 ++++++----- 2 files changed, 13 insertions(+), 14 deletions(-) diff --git a/cmd/nginx-ingress/main.go b/cmd/nginx-ingress/main.go index 220a172553..8109674bc1 100644 --- a/cmd/nginx-ingress/main.go +++ b/cmd/nginx-ingress/main.go @@ -523,14 +523,7 @@ func main() { } lbc := k8s.NewLoadBalancerController(lbcInput) -<<<<<<< HEAD - if *appProtect { - go handleTerminationWithAppProtect(lbc, nginxManager, nginxDone, aPAgentDone, aPPluginDone) - } else { - go handleTermination(lbc, nginxManager, nginxDone) - } -======= if *readyStatus { go func() { port := fmt.Sprintf(":%v", *readyStatusPort) @@ -538,8 +531,13 @@ func main() { glog.Fatal(http.ListenAndServe(port, nil)) }() } - go handleTermination(lbc, nginxManager, nginxDone) ->>>>>>> 8611280a... Add readiness endpoint + + if *appProtect { + go handleTerminationWithAppProtect(lbc, nginxManager, nginxDone, aPAgentDone, aPPluginDone) + } else { + go handleTermination(lbc, nginxManager, nginxDone) + } + lbc.Run() for { diff --git a/internal/k8s/controller.go b/internal/k8s/controller.go index 84f8fbaed9..0134b8d545 100644 --- a/internal/k8s/controller.go +++ b/internal/k8s/controller.go @@ -838,6 +838,12 @@ func (lbc *LoadBalancerController) sync(task task) { case appProtectLogConf: lbc.syncAppProtectLogConf(task) } + + if lbc.firstRun && lbc.syncQueue.Len() == 0 { + lbc.firstRun = false + lbc.isNginxReady = true + glog.V(3).Infof("NGINX is ready") + } } func (lbc *LoadBalancerController) syncPolicy(task task) { @@ -939,11 +945,6 @@ func (lbc *LoadBalancerController) syncPolicy(task task) { } } - if lbc.firstRun && lbc.syncQueue.Len() == 0 { - lbc.firstRun = false - lbc.isNginxReady = true - glog.V(3).Infof("NGINX is ready") - } } func (lbc *LoadBalancerController) syncTransportServer(task task) { From c21aea3a437cfce27bd81d9e3bdf2baa4303af85 Mon Sep 17 00:00:00 2001 From: Luca Comellini Date: Wed, 8 Jul 2020 10:38:52 -0700 Subject: [PATCH 07/16] Use another server mux for readiness endpoint --- cmd/nginx-ingress/main.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/cmd/nginx-ingress/main.go b/cmd/nginx-ingress/main.go index 8109674bc1..719057dfb4 100644 --- a/cmd/nginx-ingress/main.go +++ b/cmd/nginx-ingress/main.go @@ -527,8 +527,9 @@ func main() { if *readyStatus { go func() { port := fmt.Sprintf(":%v", *readyStatusPort) - http.HandleFunc("/nginx-ready", ready(lbc)) - glog.Fatal(http.ListenAndServe(port, nil)) + s := http.NewServeMux() + s.HandleFunc("/nginx-ready", ready(lbc)) + glog.Fatal(http.ListenAndServe(port, s)) }() } From 048525f7a932ebd4525d2a2ac4df5e91ffe3f3ea Mon Sep 17 00:00:00 2001 From: Luca Comellini Date: Wed, 8 Jul 2020 11:13:31 -0700 Subject: [PATCH 08/16] Add response for 200 --- cmd/nginx-ingress/main.go | 1 + 1 file changed, 1 insertion(+) diff --git a/cmd/nginx-ingress/main.go b/cmd/nginx-ingress/main.go index 719057dfb4..9413622c14 100644 --- a/cmd/nginx-ingress/main.go +++ b/cmd/nginx-ingress/main.go @@ -736,5 +736,6 @@ func ready(lbc *k8s.LoadBalancerController) http.HandlerFunc { return } w.WriteHeader(http.StatusOK) + fmt.Fprintln(w, "Ready") } } From ee486aba66b3d35c7025fa75e9557e91e7112482 Mon Sep 17 00:00:00 2001 From: Luca Comellini Date: Wed, 8 Jul 2020 15:40:07 -0700 Subject: [PATCH 09/16] Update docs-web/configuration/global-configuration/command-line-arguments.md Co-authored-by: Michael Pleshakov --- .../global-configuration/command-line-arguments.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs-web/configuration/global-configuration/command-line-arguments.md b/docs-web/configuration/global-configuration/command-line-arguments.md index 397fd094fb..393869b77a 100644 --- a/docs-web/configuration/global-configuration/command-line-arguments.md +++ b/docs-web/configuration/global-configuration/command-line-arguments.md @@ -191,7 +191,7 @@ Below we describe the available command-line arguments: .. option:: -ready-status - Enables readiness endpoint "/nginx-ready". The endpoint returns a success code when NGINX has loaded all the config after startup. + Enables the readiness endpoint "/nginx-ready". The endpoint returns a success code when NGINX has loaded all the config after the startup. .. option:: -ready-status-port From 6c0d94de4b59bd24eb6cf6bef6275a51987db7c2 Mon Sep 17 00:00:00 2001 From: Luca Comellini Date: Wed, 8 Jul 2020 16:14:06 -0700 Subject: [PATCH 10/16] Apply suggestions from code review --- deployments/helm-chart/README.md | 2 +- docs-web/installation/installation-with-helm.md | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/deployments/helm-chart/README.md b/deployments/helm-chart/README.md index a1fbbf3d7f..a2b79306f3 100644 --- a/deployments/helm-chart/README.md +++ b/deployments/helm-chart/README.md @@ -256,7 +256,7 @@ Parameter | Description | Default `controller.pod.annotations` | The annotations of the Ingress Controller pod. | {} `controller.appprotect.enable` | Enables the App Protect module in the Ingress Controller. | false `controller.readyStatus.enable` | Enables the readiness endpoint `"/nginx-ready"`. The endpoint returns a success code when NGINX has loaded all the config after the startup. This also configures a readiness probe for the Ingress Controller pods that uses the readiness endpoint. | false - `controller.readyStaus.port` | The HTTP port for the readiness endpoint. | 8081 +`controller.readyStaus.port` | The HTTP port for the readiness endpoint. | 8081 `rbac.create` | Configures RBAC. | true `prometheus.create` | Expose NGINX or NGINX Plus metrics in the Prometheus format. | false `prometheus.port` | Configures the port to scrape the metrics. | 9113 diff --git a/docs-web/installation/installation-with-helm.md b/docs-web/installation/installation-with-helm.md index d493aaa657..94328fb498 100644 --- a/docs-web/installation/installation-with-helm.md +++ b/docs-web/installation/installation-with-helm.md @@ -385,6 +385,12 @@ The following tables lists the configurable parameters of the NGINX Ingress cont * - ``controller.pod.annotations`` - The annotations of the Ingress Controller pod. - {} + * - ``controller.readyStatus.enable`` + - Enables the readiness endpoint `"/nginx-ready"`. The endpoint returns a success code when NGINX has loaded all the config after the startup. This also configures a readiness probe for the Ingress Controller pods that uses the readiness endpoint. + - false + * - ``controller.readyStaus.port`` + - The HTTP port for the readiness endpoint. + - 8081 * - ``rbac.create`` - Configures RBAC. - true From 98dc904631ff7fcb84736f2d3d534db43ef1f95f Mon Sep 17 00:00:00 2001 From: Luca Comellini Date: Wed, 8 Jul 2020 17:36:09 -0700 Subject: [PATCH 11/16] Enable readiness probe by default --- deployments/daemon-set/nginx-ingress.yaml | 16 ++++++++-------- deployments/daemon-set/nginx-plus-ingress.yaml | 16 ++++++++-------- deployments/deployment/nginx-ingress.yaml | 16 ++++++++-------- deployments/deployment/nginx-plus-ingress.yaml | 16 ++++++++-------- deployments/helm-chart/README.md | 2 +- deployments/helm-chart/values.yaml | 2 +- docs-web/installation/installation-with-helm.md | 2 +- 7 files changed, 35 insertions(+), 35 deletions(-) diff --git a/deployments/daemon-set/nginx-ingress.yaml b/deployments/daemon-set/nginx-ingress.yaml index da596aae13..c8c516eee6 100644 --- a/deployments/daemon-set/nginx-ingress.yaml +++ b/deployments/daemon-set/nginx-ingress.yaml @@ -27,15 +27,15 @@ spec: - name: https containerPort: 443 hostPort: 443 + - name: readiness-port + containerPort: 8081 #- name: prometheus #containerPort: 9113 - #- name: readiness-port - #containerPort: 8081 - #readinessProbe: - #httpGet: - #path: /nginx-ready - #port: readiness-port - #periodSeconds: 1 + readinessProbe: + httpGet: + path: /nginx-ready + port: readiness-port + periodSeconds: 1 securityContext: allowPrivilegeEscalation: true runAsUser: 101 #nginx @@ -56,8 +56,8 @@ spec: args: - -nginx-configmaps=$(POD_NAMESPACE)/nginx-config - -default-server-tls-secret=$(POD_NAMESPACE)/default-server-secret + - -ready-status #- -v=3 # Enables extensive logging. Useful for troubleshooting. - #- -ready-status #- -report-ingress-status #- -external-service=nginx-ingress #- -enable-prometheus-metrics diff --git a/deployments/daemon-set/nginx-plus-ingress.yaml b/deployments/daemon-set/nginx-plus-ingress.yaml index 41ad1c31d5..393f11c124 100644 --- a/deployments/daemon-set/nginx-plus-ingress.yaml +++ b/deployments/daemon-set/nginx-plus-ingress.yaml @@ -27,15 +27,15 @@ spec: - name: https containerPort: 443 hostPort: 443 + - name: readiness-port + containerPort: 8081 #- name: prometheus #containerPort: 9113 - #- name: readiness-port - #containerPort: 8081 - #readinessProbe: - #httpGet: - #path: /nginx-ready - #port: readiness-port - #periodSeconds: 1 + readinessProbe: + httpGet: + path: /nginx-ready + port: readiness-port + periodSeconds: 1 securityContext: allowPrivilegeEscalation: true runAsUser: 101 #nginx @@ -57,9 +57,9 @@ spec: - -nginx-plus - -nginx-configmaps=$(POD_NAMESPACE)/nginx-config - -default-server-tls-secret=$(POD_NAMESPACE)/default-server-secret + - -ready-status #- -enable-app-protect #- -v=3 # Enables extensive logging. Useful for troubleshooting. - #- -ready-status #- -report-ingress-status #- -external-service=nginx-ingress #- -enable-prometheus-metrics diff --git a/deployments/deployment/nginx-ingress.yaml b/deployments/deployment/nginx-ingress.yaml index ec65d7aced..201ed9fc2b 100644 --- a/deployments/deployment/nginx-ingress.yaml +++ b/deployments/deployment/nginx-ingress.yaml @@ -26,15 +26,15 @@ spec: containerPort: 80 - name: https containerPort: 443 + - name: readiness-port + containerPort: 8081 #- name: prometheus #containerPort: 9113 - #- name: readiness-port - #containerPort: 8081 - #readinessProbe: - #httpGet: - #path: /nginx-ready - #port: readiness-port - #periodSeconds: 1 + readinessProbe: + httpGet: + path: /nginx-ready + port: readiness-port + periodSeconds: 1 securityContext: allowPrivilegeEscalation: true runAsUser: 101 #nginx @@ -55,8 +55,8 @@ spec: args: - -nginx-configmaps=$(POD_NAMESPACE)/nginx-config - -default-server-tls-secret=$(POD_NAMESPACE)/default-server-secret + - -ready-status #- -v=3 # Enables extensive logging. Useful for troubleshooting. - #- -ready-status #- -report-ingress-status #- -external-service=nginx-ingress #- -enable-prometheus-metrics diff --git a/deployments/deployment/nginx-plus-ingress.yaml b/deployments/deployment/nginx-plus-ingress.yaml index a3b21620b8..98b48c0e8b 100644 --- a/deployments/deployment/nginx-plus-ingress.yaml +++ b/deployments/deployment/nginx-plus-ingress.yaml @@ -26,15 +26,15 @@ spec: containerPort: 80 - name: https containerPort: 443 + - name: readiness-port + containerPort: 8081 #- name: prometheus #containerPort: 9113 - #- name: readiness-port - #containerPort: 8081 - #readinessProbe: - #httpGet: - #path: /nginx-ready - #port: readiness-port - #periodSeconds: 1 + readinessProbe: + httpGet: + path: /nginx-ready + port: readiness-port + periodSeconds: 1 securityContext: allowPrivilegeEscalation: true runAsUser: 101 #nginx @@ -56,9 +56,9 @@ spec: - -nginx-plus - -nginx-configmaps=$(POD_NAMESPACE)/nginx-config - -default-server-tls-secret=$(POD_NAMESPACE)/default-server-secret + - -ready-status #- -enable-app-protect #- -v=3 # Enables extensive logging. Useful for troubleshooting. - #- -ready-status #- -report-ingress-status #- -external-service=nginx-ingress #- -enable-prometheus-metrics diff --git a/deployments/helm-chart/README.md b/deployments/helm-chart/README.md index a2b79306f3..1a7e3cb6b2 100644 --- a/deployments/helm-chart/README.md +++ b/deployments/helm-chart/README.md @@ -255,7 +255,7 @@ Parameter | Description | Default `controller.reportIngressStatus.annotations` | The annotations of the leader election configmap. | {} `controller.pod.annotations` | The annotations of the Ingress Controller pod. | {} `controller.appprotect.enable` | Enables the App Protect module in the Ingress Controller. | false -`controller.readyStatus.enable` | Enables the readiness endpoint `"/nginx-ready"`. The endpoint returns a success code when NGINX has loaded all the config after the startup. This also configures a readiness probe for the Ingress Controller pods that uses the readiness endpoint. | false +`controller.readyStatus.enable` | Enables the readiness endpoint `"/nginx-ready"`. The endpoint returns a success code when NGINX has loaded all the config after the startup. This also configures a readiness probe for the Ingress Controller pods that uses the readiness endpoint. | true `controller.readyStaus.port` | The HTTP port for the readiness endpoint. | 8081 `rbac.create` | Configures RBAC. | true `prometheus.create` | Expose NGINX or NGINX Plus metrics in the Prometheus format. | false diff --git a/deployments/helm-chart/values.yaml b/deployments/helm-chart/values.yaml index 5d902bdc2d..16e14ba373 100644 --- a/deployments/helm-chart/values.yaml +++ b/deployments/helm-chart/values.yaml @@ -262,7 +262,7 @@ controller: readyStatus: ## Enables readiness endpoint "/nginx-ready". The endpoint returns a success code when NGINX has loaded all the config after startup. - enable: false + enable: true ## Set the port where the readiness endpoint is exposed. port: 8081 diff --git a/docs-web/installation/installation-with-helm.md b/docs-web/installation/installation-with-helm.md index 94328fb498..3531a7b28c 100644 --- a/docs-web/installation/installation-with-helm.md +++ b/docs-web/installation/installation-with-helm.md @@ -387,7 +387,7 @@ The following tables lists the configurable parameters of the NGINX Ingress cont - {} * - ``controller.readyStatus.enable`` - Enables the readiness endpoint `"/nginx-ready"`. The endpoint returns a success code when NGINX has loaded all the config after the startup. This also configures a readiness probe for the Ingress Controller pods that uses the readiness endpoint. - - false + - true * - ``controller.readyStaus.port`` - The HTTP port for the readiness endpoint. - 8081 From 9231c5e852a502d4274dad71d65057cacb3d3554 Mon Sep 17 00:00:00 2001 From: Luca Comellini Date: Wed, 8 Jul 2020 18:47:15 -0700 Subject: [PATCH 12/16] Fix typo --- deployments/helm-chart/templates/controller-daemonset.yaml | 2 +- deployments/helm-chart/templates/controller-deployment.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/deployments/helm-chart/templates/controller-daemonset.yaml b/deployments/helm-chart/templates/controller-daemonset.yaml index bec3ac1255..a62123e58f 100644 --- a/deployments/helm-chart/templates/controller-daemonset.yaml +++ b/deployments/helm-chart/templates/controller-daemonset.yaml @@ -148,6 +148,6 @@ spec: {{- end }} {{- if .Values.controller.readyStatus.enable }} - -ready-status - - -ready-status-port={{ .Values.controller.readyStaus.port }} + - -ready-status-port={{ .Values.controller.readyStatus.port }} {{- end }} {{- end }} diff --git a/deployments/helm-chart/templates/controller-deployment.yaml b/deployments/helm-chart/templates/controller-deployment.yaml index 00769a86bd..37829b986e 100644 --- a/deployments/helm-chart/templates/controller-deployment.yaml +++ b/deployments/helm-chart/templates/controller-deployment.yaml @@ -146,6 +146,6 @@ spec: {{- end }} {{- if .Values.controller.readyStatus.enable }} - -ready-status - - -ready-status-port={{ .Values.controller.readyStaus.port }} + - -ready-status-port={{ .Values.controller.readyStatus.port }} {{- end }} {{- end }} From 579c995dbe6ccd4f0886f6921d8f762505306a47 Mon Sep 17 00:00:00 2001 From: Luca Comellini Date: Wed, 8 Jul 2020 23:44:57 -0700 Subject: [PATCH 13/16] Remove first run --- cmd/nginx-ingress/main.go | 1 - internal/k8s/controller.go | 6 +----- 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/cmd/nginx-ingress/main.go b/cmd/nginx-ingress/main.go index 9413622c14..4de8e57dff 100644 --- a/cmd/nginx-ingress/main.go +++ b/cmd/nginx-ingress/main.go @@ -519,7 +519,6 @@ func main() { GlobalConfigurationValidator: globalConfigurationValidator, TransportServerValidator: transportServerValidator, SpireAgentAddress: *spireAgentAddress, - FirstRun: *readyStatus, } lbc := k8s.NewLoadBalancerController(lbcInput) diff --git a/internal/k8s/controller.go b/internal/k8s/controller.go index 0134b8d545..3ba023cf27 100644 --- a/internal/k8s/controller.go +++ b/internal/k8s/controller.go @@ -145,7 +145,6 @@ type LoadBalancerController struct { transportServerValidator *validation.TransportServerValidator spiffeController *spiffeController syncLock sync.Mutex - firstRun bool isNginxReady bool } @@ -177,7 +176,6 @@ type NewLoadBalancerControllerInput struct { GlobalConfigurationValidator *validation.GlobalConfigurationValidator TransportServerValidator *validation.TransportServerValidator SpireAgentAddress string - FirstRun bool } // NewLoadBalancerController creates a controller @@ -203,7 +201,6 @@ func NewLoadBalancerController(input NewLoadBalancerControllerInput) *LoadBalanc metricsCollector: input.MetricsCollector, globalConfigurationValidator: input.GlobalConfigurationValidator, transportServerValidator: input.TransportServerValidator, - firstRun: input.FirstRun, } eventBroadcaster := record.NewBroadcaster() @@ -839,8 +836,7 @@ func (lbc *LoadBalancerController) sync(task task) { lbc.syncAppProtectLogConf(task) } - if lbc.firstRun && lbc.syncQueue.Len() == 0 { - lbc.firstRun = false + if !lbc.isNginxReady && lbc.syncQueue.Len() == 0 { lbc.isNginxReady = true glog.V(3).Infof("NGINX is ready") } From d6d456498e9d53b91b3b9a2300efc5197faede8a Mon Sep 17 00:00:00 2001 From: Luca Comellini Date: Thu, 9 Jul 2020 10:48:27 -0700 Subject: [PATCH 14/16] Set default to true --- cmd/nginx-ingress/main.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/nginx-ingress/main.go b/cmd/nginx-ingress/main.go index 4de8e57dff..0731ba8e89 100644 --- a/cmd/nginx-ingress/main.go +++ b/cmd/nginx-ingress/main.go @@ -155,7 +155,7 @@ var ( `Specifies the address of the running Spire agent. For use with NGINX Service Mesh only. If the flag is set, but the Ingress Controller is not able to connect with the Spire Agent, the Ingress Controller will fail to start.`) - readyStatus = flag.Bool("ready-status", false, "Enables the readiness endpoint '/nginx-ready'. The endpoint returns a success code when NGINX has loaded all the config after the startup") + readyStatus = flag.Bool("ready-status", true, "Enables the readiness endpoint '/nginx-ready'. The endpoint returns a success code when NGINX has loaded all the config after the startup") readyStatusPort = flag.Int("ready-status-port", 8081, "Set the port where the readiness endpoint is exposed. [1024 - 65535]") ) From 84b50d511aff5d65e4aea908c235f1cf0a7bad5f Mon Sep 17 00:00:00 2001 From: Luca Comellini Date: Thu, 9 Jul 2020 11:06:11 -0700 Subject: [PATCH 15/16] fix helm --- deployments/helm-chart/templates/controller-daemonset.yaml | 4 +--- deployments/helm-chart/templates/controller-deployment.yaml | 4 +--- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/deployments/helm-chart/templates/controller-daemonset.yaml b/deployments/helm-chart/templates/controller-daemonset.yaml index a62123e58f..0ea4a78845 100644 --- a/deployments/helm-chart/templates/controller-daemonset.yaml +++ b/deployments/helm-chart/templates/controller-daemonset.yaml @@ -146,8 +146,6 @@ spec: - -global-configuration=$(POD_NAMESPACE)/{{ .Release.Name }} {{- end }} {{- end }} -{{- if .Values.controller.readyStatus.enable }} - - -ready-status + - -ready-status={{ .Values.controller.readyStatus.enable }} - -ready-status-port={{ .Values.controller.readyStatus.port }} {{- end }} -{{- end }} diff --git a/deployments/helm-chart/templates/controller-deployment.yaml b/deployments/helm-chart/templates/controller-deployment.yaml index 37829b986e..4349141f9f 100644 --- a/deployments/helm-chart/templates/controller-deployment.yaml +++ b/deployments/helm-chart/templates/controller-deployment.yaml @@ -144,8 +144,6 @@ spec: - -global-configuration=$(POD_NAMESPACE)/{{ .Release.Name }} {{- end }} {{- end }} -{{- if .Values.controller.readyStatus.enable }} - - -ready-status + - -ready-status={{ .Values.controller.readyStatus.enable }} - -ready-status-port={{ .Values.controller.readyStatus.port }} {{- end }} -{{- end }} From 249e44bb4975d12a01b9c1ecff064b63ee495761 Mon Sep 17 00:00:00 2001 From: Luca Comellini Date: Thu, 9 Jul 2020 11:47:03 -0700 Subject: [PATCH 16/16] Apply suggestions from code review --- deployments/daemon-set/nginx-ingress.yaml | 1 - deployments/daemon-set/nginx-plus-ingress.yaml | 1 - deployments/deployment/nginx-ingress.yaml | 1 - deployments/deployment/nginx-plus-ingress.yaml | 1 - .../global-configuration/command-line-arguments.md | 2 +- 5 files changed, 1 insertion(+), 5 deletions(-) diff --git a/deployments/daemon-set/nginx-ingress.yaml b/deployments/daemon-set/nginx-ingress.yaml index c8c516eee6..c450f7c523 100644 --- a/deployments/daemon-set/nginx-ingress.yaml +++ b/deployments/daemon-set/nginx-ingress.yaml @@ -56,7 +56,6 @@ spec: args: - -nginx-configmaps=$(POD_NAMESPACE)/nginx-config - -default-server-tls-secret=$(POD_NAMESPACE)/default-server-secret - - -ready-status #- -v=3 # Enables extensive logging. Useful for troubleshooting. #- -report-ingress-status #- -external-service=nginx-ingress diff --git a/deployments/daemon-set/nginx-plus-ingress.yaml b/deployments/daemon-set/nginx-plus-ingress.yaml index 393f11c124..191926d19d 100644 --- a/deployments/daemon-set/nginx-plus-ingress.yaml +++ b/deployments/daemon-set/nginx-plus-ingress.yaml @@ -57,7 +57,6 @@ spec: - -nginx-plus - -nginx-configmaps=$(POD_NAMESPACE)/nginx-config - -default-server-tls-secret=$(POD_NAMESPACE)/default-server-secret - - -ready-status #- -enable-app-protect #- -v=3 # Enables extensive logging. Useful for troubleshooting. #- -report-ingress-status diff --git a/deployments/deployment/nginx-ingress.yaml b/deployments/deployment/nginx-ingress.yaml index 201ed9fc2b..51c39fd765 100644 --- a/deployments/deployment/nginx-ingress.yaml +++ b/deployments/deployment/nginx-ingress.yaml @@ -55,7 +55,6 @@ spec: args: - -nginx-configmaps=$(POD_NAMESPACE)/nginx-config - -default-server-tls-secret=$(POD_NAMESPACE)/default-server-secret - - -ready-status #- -v=3 # Enables extensive logging. Useful for troubleshooting. #- -report-ingress-status #- -external-service=nginx-ingress diff --git a/deployments/deployment/nginx-plus-ingress.yaml b/deployments/deployment/nginx-plus-ingress.yaml index 98b48c0e8b..be871f75b5 100644 --- a/deployments/deployment/nginx-plus-ingress.yaml +++ b/deployments/deployment/nginx-plus-ingress.yaml @@ -56,7 +56,6 @@ spec: - -nginx-plus - -nginx-configmaps=$(POD_NAMESPACE)/nginx-config - -default-server-tls-secret=$(POD_NAMESPACE)/default-server-secret - - -ready-status #- -enable-app-protect #- -v=3 # Enables extensive logging. Useful for troubleshooting. #- -report-ingress-status diff --git a/docs-web/configuration/global-configuration/command-line-arguments.md b/docs-web/configuration/global-configuration/command-line-arguments.md index 393869b77a..75bfc3512c 100644 --- a/docs-web/configuration/global-configuration/command-line-arguments.md +++ b/docs-web/configuration/global-configuration/command-line-arguments.md @@ -191,7 +191,7 @@ Below we describe the available command-line arguments: .. option:: -ready-status - Enables the readiness endpoint "/nginx-ready". The endpoint returns a success code when NGINX has loaded all the config after the startup. + Enables the readiness endpoint "/nginx-ready". The endpoint returns a success code when NGINX has loaded all the config after the startup. (default true) .. option:: -ready-status-port