add policy, location snippet, error page from VS to VSR for route sel…

…ector

Signed-off-by: Haywood Shannon <[email protected]>

Signed-off-by: Haywood Shannon <[email protected]>

examples/custom-resources/cross-namespace-configuration/api-key-policy.yaml

@@ -0,0 +1,13 @@
+apiVersion: k8s.nginx.org/v1
+kind: Policy
+metadata:
+  name: api-key-policy
+  namespace: cafe
+spec:
+  apiKey:
+    suppliedIn:
+      header:
+      - "X-header-name"
+      query:
+      - "queryName"
+    clientSecret: api-key-client-secret

examples/custom-resources/cross-namespace-configuration/api-key-secret.yaml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: api-key-client-secret
+  namespace: cafe
+type: nginx.org/apikey
+data:
+    client1: cGFzc3dvcmQ= # password
+    client2: YW5vdGhlci1wYXNzd29yZA== # another-password

examples/custom-resources/cross-namespace-configuration/cafe-virtual-server.yaml

@@ -7,16 +7,28 @@ spec:
   host: cafe.example.com
   tls:
     secret: cafe-secret
+  server-snippets: |
+    # snippet defined in VS server block
+    proxy_set_header X-VS-Name "Cafe";
   routes:
 #  - path: /tea
 #    route: tea/tea
+#    policies:
+#      - name: rate-limit-policy
 #  - path: /coffee
 #    route: coffee/coffee
-#  - path: /coffee
-#    routeSelector:
-#      matchLabels:
-#       route: coffee
   - path: /
     routeSelector:
       matchLabels:
-        app: cafe
+       app: cafe
+#       route: tea
+    policies:
+    - name: api-key-policy
+    location-snippets: |
+      # snippet defined in VS
+      proxy_set_header X-VS-Name "Cafe";
+    errorPages:
+    - codes: [ 502, 503 ]
+      redirect:
+        code: 301
+        url: https://nginx.org

examples/custom-resources/cross-namespace-configuration/coffee-virtual-server-route.yaml

@@ -4,8 +4,8 @@ metadata:
   name: coffee
   namespace: coffee
   labels:
-    route: coffee
     app: cafe
+    route: coffee
 spec:
   host: cafe.example.com
   upstreams:
@@ -16,3 +16,15 @@ spec:
   - path: /coffee
     action:
       pass: coffee
+    policies:
+     - name: rate-limit-policy
+    location-snippets: |
+      # snippet defined in VSR
+      proxy_set_header X-VSR-Name "Coffee";
+    errorPages:
+    - codes: [404]
+      return:
+        code: 200
+        body: "Original resource not found, but success!"
+
+

examples/custom-resources/cross-namespace-configuration/rate-limit.yaml

@@ -0,0 +1,10 @@
+apiVersion: k8s.nginx.org/v1
+kind: Policy
+metadata:
+  name: rate-limit-policy
+  namespace: coffee
+spec:
+  rateLimit:
+    rate: 1r/s
+    key: ${binary_remote_addr}
+    zoneSize: 10M

examples/custom-resources/cross-namespace-configuration/tea-virtual-server-route.yaml

@@ -4,7 +4,7 @@ metadata:
   name: tea
   namespace: tea
   labels:
-#    route: tea
+    route: tea
     app: cafe
 spec:
   host: cafe.example.com
@@ -16,3 +16,6 @@ spec:
   - path: /tea
     action:
       pass: tea
+#    location-snippets: |
+#      # snippet defined in VSR
+#      proxy_set_header X-VSR-Name "Tea";

internal/configs/virtualserver.go

@@ -5,6 +5,7 @@ import (
 	"crypto/sha256"
 	"encoding/hex"
 	"fmt"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"net/url"
 	"os"
 	"path"
@@ -85,23 +86,24 @@ type PodInfo struct {
 
 // VirtualServerEx holds a VirtualServer along with the resources that are referenced in this VirtualServer.
 type VirtualServerEx struct {
-	VirtualServer       *conf_v1.VirtualServer
-	HTTPPort            int
-	HTTPSPort           int
-	HTTPIPv4            string
-	HTTPIPv6            string
-	HTTPSIPv4           string
-	HTTPSIPv6           string
-	Endpoints           map[string][]string
-	VirtualServerRoutes []*conf_v1.VirtualServerRoute
-	ExternalNameSvcs    map[string]bool
-	Policies            map[string]*conf_v1.Policy
-	PodsByIP            map[string]PodInfo
-	SecretRefs          map[string]*secrets.SecretReference
-	ApPolRefs           map[string]*unstructured.Unstructured
-	LogConfRefs         map[string]*unstructured.Unstructured
-	DosProtectedRefs    map[string]*unstructured.Unstructured
-	DosProtectedEx      map[string]*DosEx
+	VirtualServer               *conf_v1.VirtualServer
+	HTTPPort                    int
+	HTTPSPort                   int
+	HTTPIPv4                    string
+	HTTPIPv6                    string
+	HTTPSIPv4                   string
+	HTTPSIPv6                   string
+	Endpoints                   map[string][]string
+	VirtualServerRoutes         []*conf_v1.VirtualServerRoute
+	VirtualServerSelectorRoutes map[string][]string
+	ExternalNameSvcs            map[string]bool
+	Policies                    map[string]*conf_v1.Policy
+	PodsByIP                    map[string]PodInfo
+	SecretRefs                  map[string]*secrets.SecretReference
+	ApPolRefs                   map[string]*unstructured.Unstructured
+	LogConfRefs                 map[string]*unstructured.Unstructured
+	DosProtectedRefs            map[string]*unstructured.Unstructured
+	DosProtectedEx              map[string]*DosEx
 }
 
 func (vsx *VirtualServerEx) String() string {
@@ -398,6 +400,7 @@ func (vsc *virtualServerConfigurator) GenerateVirtualServerConfig(
 	apResources *appProtectResourcesForVS,
 	dosResources map[string]*appProtectDosResource,
 ) (version2.VirtualServerConfig, Warnings) {
+	//l := nl.LoggerFromContext(vsc.cfgParams.Context)
 	vsc.clearWarnings()
 
 	useCustomListeners := false
@@ -570,10 +573,48 @@ func (vsc *virtualServerConfigurator) GenerateVirtualServerConfig(
 
 			continue
 		} else if r.RouteSelector != nil {
-			selector := r.RouteSelector
-			glog.Infof("RouteSelector: %v", selector)
 
 			// get vsr name
+
+			selector := &metav1.LabelSelector{
+				MatchLabels: r.RouteSelector.MatchLabels,
+			}
+			sel, _ := metav1.LabelSelectorAsSelector(selector)
+
+			selectorKey := sel.String()
+			vsrKeys := vsEx.VirtualServerSelectorRoutes[selectorKey]
+			//nl.Infof(l, "VirtualServerRoutes: %v", vsEx.VirtualServerRoutes)
+			//
+			//nl.Infof(l, "VirtualServerSelectorRoutes: %v", vsEx.VirtualServerSelectorRoutes)
+			//
+			//nl.Infof(l, "vsrKeys: %v", vsrKeys)
+			//
+			//nl.Infof(l, "RouteSelector: %v", selector)
+
+			// store route location snippet for the referenced VirtualServerRoute in case they don't define their own
+			if r.LocationSnippets != "" {
+				for _, name := range vsrKeys {
+					vsrLocationSnippetsFromVs[name] = r.LocationSnippets
+				}
+			}
+
+			// store route error pages and route index for the referenced VirtualServerRoute in case they don't define their own
+			if len(r.ErrorPages) > 0 {
+				for _, name := range vsrKeys {
+					vsrErrorPagesFromVs[name] = errorPages.pages
+					vsrErrorPagesRouteIndex[name] = errorPages.index
+				}
+			}
+
+			// store route policies for the referenced VirtualServerRoute in case they don't define their own
+			if len(r.Policies) > 0 {
+				//nl.Infof(l, "Route Policies: %v", r.Policies)
+				for _, name := range vsrKeys {
+					//nl.Infof(l, "Adding policy to VSR $v: %v", name, r.Policies)
+					vsrPoliciesFromVs[name] = r.Policies
+				}
+			}
+
 			continue
 		}
 
@@ -687,7 +728,7 @@ func (vsc *virtualServerConfigurator) GenerateVirtualServerConfig(
 			}
 			errorPageLocations = append(errorPageLocations, generateErrorPageLocations(errorPages.index, errorPages.pages)...)
 			vsrNamespaceName := fmt.Sprintf("%v/%v", vsr.Namespace, vsr.Name)
-			glog.Infof("vsrNamespaceName: %v", vsrNamespaceName)
+			//glog.Infof("vsrNamespaceName: %v", vsrNamespaceName)
 			// use the VirtualServer error pages if the route does not define any
 			if r.ErrorPages == nil {
 				if vsErrorPages, ok := vsrErrorPagesFromVs[vsrNamespaceName]; ok {