From 01764900b2021709fefb7c252a2c804236d48e78 Mon Sep 17 00:00:00 2001 From: Eoin O'Shaughnessy Date: Mon, 19 Feb 2024 16:29:20 +0000 Subject: [PATCH 1/2] refactor child process configuration --- cmd/nginx-ingress/main.go | 95 +++++++++++++++++---------------------- 1 file changed, 40 insertions(+), 55 deletions(-) diff --git a/cmd/nginx-ingress/main.go b/cmd/nginx-ingress/main.go index 2e586befe1..cd6646cf5e 100644 --- a/cmd/nginx-ingress/main.go +++ b/cmd/nginx-ingress/main.go @@ -85,8 +85,6 @@ func main() { templateExecutor, templateExecutorV2 := createTemplateExecutors() - aPPluginDone, aPPDosAgentDone := startApAgentsAndPlugins(nginxManager) - sslRejectHandshake := processDefaultServerSecret(kubeClient, nginxManager) isWildcardEnabled := processWildcardSecret(kubeClient, nginxManager) @@ -130,8 +128,7 @@ func main() { nginxManager.CreateTLSPassthroughHostsConfig(emptyFile) } - nginxDone := make(chan error, 1) - nginxManager.Start(nginxDone) + cpcfg := startChildProcesses(nginxManager) plusClient := createPlusClient(*nginxPlus, useFakeNginxManager, nginxManager) @@ -216,11 +213,7 @@ func main() { }() } - if *appProtect || *appProtectDos { - go handleTerminationWithAppProtect(lbc, nginxManager, syslogListener, nginxDone, aPPluginDone, aPPDosAgentDone, *appProtect, *appProtectDos) - } else { - go handleTermination(lbc, nginxManager, syslogListener, nginxDone) - } + go handleTermination(lbc, nginxManager, syslogListener, cpcfg) lbc.Run() @@ -428,7 +421,19 @@ func getAppProtectVersionInfo() string { return version } -func startApAgentsAndPlugins(nginxManager nginx.Manager) (chan error, chan error) { +func getAgentVersionInfo(nginxManager nginx.Manager) string { + return nginxManager.AgentVersion() +} + +type childProcessConfig struct { + nginxDone chan error + aPPluginEnable bool + aPPluginDone chan error + aPDosEnable bool + aPDosDone chan error +} + +func startChildProcesses(nginxManager nginx.Manager) childProcessConfig { var aPPluginDone chan error if *appProtect { @@ -442,7 +447,17 @@ func startApAgentsAndPlugins(nginxManager nginx.Manager) (chan error, chan error aPPDosAgentDone = make(chan error, 1) nginxManager.AppProtectDosAgentStart(aPPDosAgentDone, *appProtectDosDebug, *appProtectDosMaxDaemons, *appProtectDosMaxWorkers, *appProtectDosMemory) } - return aPPluginDone, aPPDosAgentDone + + nginxDone := make(chan error, 1) + nginxManager.Start(nginxDone) + + return childProcessConfig{ + nginxDone: nginxDone, + aPPluginEnable: *appProtect, + aPPluginDone: aPPluginDone, + aPDosEnable: *appProtectDos, + aPDosDone: aPPDosAgentDone, + } } func processDefaultServerSecret(kubeClient *kubernetes.Clientset, nginxManager nginx.Manager) bool { @@ -527,40 +542,6 @@ func processNginxConfig(staticCfgParams *configs.StaticConfigParams, cfgParams * } } -func handleTermination(lbc *k8s.LoadBalancerController, nginxManager nginx.Manager, listener metrics.SyslogListener, nginxDone chan error) { - signalChan := make(chan os.Signal, 1) - signal.Notify(signalChan, syscall.SIGTERM) - - exitStatus := 0 - exited := false - - select { - case err := <-nginxDone: - if err != nil { - glog.Errorf("nginx command exited with an error: %v", err) - exitStatus = 1 - } else { - glog.Info("nginx command exited successfully") - } - exited = true - case <-signalChan: - glog.Info("Received SIGTERM, shutting down") - } - - glog.Info("Shutting down the controller") - lbc.Stop() - - if !exited { - glog.Info("Shutting down NGINX") - nginxManager.Quit() - <-nginxDone - } - listener.Stop() - - glog.Infof("Exiting with a status: %v", exitStatus) - os.Exit(exitStatus) -} - // getSocketClient gets an http.Client with the a unix socket transport. func getSocketClient(sockPath string) *http.Client { return &http.Client{ @@ -589,29 +570,33 @@ func getAndValidateSecret(kubeClient *kubernetes.Clientset, secretNsName string) return secret, nil } -func handleTerminationWithAppProtect(lbc *k8s.LoadBalancerController, nginxManager nginx.Manager, listener metrics.SyslogListener, nginxDone, pluginDone, agentDosDone chan error, appProtectEnabled, appProtectDosEnabled bool) { +func handleTermination(lbc *k8s.LoadBalancerController, nginxManager nginx.Manager, listener metrics.SyslogListener, cpcfg childProcessConfig) { signalChan := make(chan os.Signal, 1) signal.Notify(signalChan, syscall.SIGTERM) select { - case err := <-nginxDone: - glog.Fatalf("nginx command exited unexpectedly with status: %v", err) - case err := <-pluginDone: + case err := <-cpcfg.nginxDone: + if err != nil { + glog.Fatalf("nginx command exited unexpectedly with status: %v", err) + } else { + glog.Info("nginx command exited successfully") + } + case err := <-cpcfg.aPPluginDone: glog.Fatalf("AppProtectPlugin command exited unexpectedly with status: %v", err) - case err := <-agentDosDone: + case err := <-cpcfg.aPDosDone: glog.Fatalf("AppProtectDosAgent command exited unexpectedly with status: %v", err) case <-signalChan: glog.Infof("Received SIGTERM, shutting down") lbc.Stop() nginxManager.Quit() - <-nginxDone - if appProtectEnabled { + <-cpcfg.nginxDone + if cpcfg.aPPluginEnable { nginxManager.AppProtectPluginQuit() - <-pluginDone + <-cpcfg.aPPluginDone } - if appProtectDosEnabled { + if cpcfg.aPDosEnable { nginxManager.AppProtectDosAgentQuit() - <-agentDosDone + <-cpcfg.aPDosDone } listener.Stop() } From 7bdef46bd550ca15999cb6836d528fa8c580c44b Mon Sep 17 00:00:00 2001 From: Eoin O'Shaughnessy Date: Mon, 19 Feb 2024 16:37:08 +0000 Subject: [PATCH 2/2] remove agent ref --- cmd/nginx-ingress/main.go | 4 ---- 1 file changed, 4 deletions(-) diff --git a/cmd/nginx-ingress/main.go b/cmd/nginx-ingress/main.go index cd6646cf5e..57bb70426d 100644 --- a/cmd/nginx-ingress/main.go +++ b/cmd/nginx-ingress/main.go @@ -421,10 +421,6 @@ func getAppProtectVersionInfo() string { return version } -func getAgentVersionInfo(nginxManager nginx.Manager) string { - return nginxManager.AgentVersion() -} - type childProcessConfig struct { nginxDone chan error aPPluginEnable bool