WeightedRoundRobin load balancer

Co-authored-by: Ludovic Fernandez <ldez@users.noreply.github.com>

pkg/provider/kubernetes/crd/kubernetes_http.go

@@ -0,0 +1,274 @@
+package crd
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"strings"
+
+	"github.com/containous/traefik/v2/pkg/config/dynamic"
+	"github.com/containous/traefik/v2/pkg/log"
+	"github.com/containous/traefik/v2/pkg/provider/kubernetes/crd/traefik/v1alpha1"
+	"github.com/containous/traefik/v2/pkg/tls"
+	corev1 "k8s.io/api/core/v1"
+)
+
+func (p *Provider) loadIngressRouteConfiguration(ctx context.Context, client Client, tlsConfigs map[string]*tls.CertAndStores) *dynamic.HTTPConfiguration {
+	conf := &dynamic.HTTPConfiguration{
+		Routers:     map[string]*dynamic.Router{},
+		Middlewares: map[string]*dynamic.Middleware{},
+		Services:    map[string]*dynamic.Service{},
+	}
+
+	for _, ingressRoute := range client.GetIngressRoutes() {
+		ctxRt := log.With(ctx, log.Str("ingress", ingressRoute.Name), log.Str("namespace", ingressRoute.Namespace))
+		logger := log.FromContext(ctxRt)
+
+		// TODO keep the name ingressClass?
+		if !shouldProcessIngress(p.IngressClass, ingressRoute.Annotations[annotationKubernetesIngressClass]) {
+			continue
+		}
+
+		err := getTLSHTTP(ctx, ingressRoute, client, tlsConfigs)
+		if err != nil {
+			logger.Errorf("Error configuring TLS: %v", err)
+		}
+
+		ingressName := ingressRoute.Name
+		if len(ingressName) == 0 {
+			ingressName = ingressRoute.GenerateName
+		}
+
+		for _, route := range ingressRoute.Spec.Routes {
+			if route.Kind != "Rule" {
+				logger.Errorf("Unsupported match kind: %s. Only \"Rule\" is supported for now.", route.Kind)
+				continue
+			}
+
+			if len(route.Match) == 0 {
+				logger.Errorf("Empty match rule")
+				continue
+			}
+
+			if err := checkStringQuoteValidity(route.Match); err != nil {
+				logger.Errorf("Invalid syntax for match rule: %s", route.Match)
+				continue
+			}
+
+			key, err := makeServiceKey(route.Match, ingressName)
+			if err != nil {
+				logger.Error(err)
+				continue
+			}
+
+			serviceName := makeID(ingressRoute.Namespace, key)
+
+			for _, service := range route.Services {
+				balancerServerHTTP, err := createLoadBalancerServerHTTP(client, ingressRoute, service)
+				if err != nil {
+					logger.
+						WithField("serviceName", service.Name).
+						WithField("servicePort", service.Port).
+						Errorf("Cannot create service: %v", err)
+					continue
+				}
+
+				if len(route.Services) == 1 {
+					conf.Services[serviceName] = balancerServerHTTP
+					break
+				}
+
+				serviceKey := fmt.Sprintf("%s-%s-%d", serviceName, service.Name, service.Port)
+				conf.Services[serviceKey] = balancerServerHTTP
+
+				srv := dynamic.WRRService{Name: serviceKey}
+				srv.SetDefaults()
+				if service.Weight != nil {
+					srv.Weight = service.Weight
+				}
+
+				if conf.Services[serviceName] == nil {
+					conf.Services[serviceName] = &dynamic.Service{Weighted: &dynamic.WeightedRoundRobin{}}
+				}
+				conf.Services[serviceName].Weighted.Services = append(conf.Services[serviceName].Weighted.Services, srv)
+			}
+
+			var mds []string
+			for _, mi := range route.Middlewares {
+				if strings.Contains(mi.Name, "@") {
+					if len(mi.Namespace) > 0 {
+						logger.
+							WithField(log.MiddlewareName, mi.Name).
+							Warnf("namespace %q is ignored in cross-provider context", mi.Namespace)
+					}
+					mds = append(mds, mi.Name)
+					continue
+				}
+
+				ns := mi.Namespace
+				if len(ns) == 0 {
+					ns = ingressRoute.Namespace
+				}
+				mds = append(mds, makeID(ns, mi.Name))
+			}
+
+			conf.Routers[serviceName] = &dynamic.Router{
+				Middlewares: mds,
+				Priority:    route.Priority,
+				EntryPoints: ingressRoute.Spec.EntryPoints,
+				Rule:        route.Match,
+				Service:     serviceName,
+			}
+
+			if ingressRoute.Spec.TLS != nil {
+				tlsConf := &dynamic.RouterTLSConfig{
+					CertResolver: ingressRoute.Spec.TLS.CertResolver,
+				}
+
+				if ingressRoute.Spec.TLS.Options != nil && len(ingressRoute.Spec.TLS.Options.Name) > 0 {
+					tlsOptionsName := ingressRoute.Spec.TLS.Options.Name
+					// Is a Kubernetes CRD reference, (i.e. not a cross-provider reference)
+					ns := ingressRoute.Spec.TLS.Options.Namespace
+					if !strings.Contains(tlsOptionsName, "@") {
+						if len(ns) == 0 {
+							ns = ingressRoute.Namespace
+						}
+						tlsOptionsName = makeID(ns, tlsOptionsName)
+					} else if len(ns) > 0 {
+						logger.
+							WithField("TLSoptions", ingressRoute.Spec.TLS.Options.Name).
+							Warnf("namespace %q is ignored in cross-provider context", ns)
+					}
+
+					tlsConf.Options = tlsOptionsName
+				}
+				conf.Routers[serviceName].TLS = tlsConf
+			}
+
+		}
+	}
+
+	return conf
+}
+
+func createLoadBalancerServerHTTP(client Client, ingressRoute *v1alpha1.IngressRoute, service v1alpha1.Service) (*dynamic.Service, error) {
+	servers, err := loadServers(client, ingressRoute.Namespace, service)
+	if err != nil {
+		return nil, err
+	}
+
+	return &dynamic.Service{
+		LoadBalancer: &dynamic.ServersLoadBalancer{
+			Servers: servers,
+			// TODO: support other strategies.
+			PassHostHeader: true,
+		},
+	}, nil
+}
+
+func loadServers(client Client, namespace string, svc v1alpha1.Service) ([]dynamic.Server, error) {
+	strategy := svc.Strategy
+	if strategy == "" {
+		strategy = "RoundRobin"
+	}
+	if strategy != "RoundRobin" {
+		return nil, fmt.Errorf("load balancing strategy %v is not supported", strategy)
+	}
+
+	service, exists, err := client.GetService(namespace, svc.Name)
+	if err != nil {
+		return nil, err
+	}
+
+	if !exists {
+		return nil, errors.New("service not found")
+	}
+
+	var portSpec *corev1.ServicePort
+	for _, p := range service.Spec.Ports {
+		if svc.Port == p.Port {
+			portSpec = &p
+			break
+		}
+	}
+
+	if portSpec == nil {
+		return nil, errors.New("service port not found")
+	}
+
+	var servers []dynamic.Server
+	if service.Spec.Type == corev1.ServiceTypeExternalName {
+		servers = append(servers, dynamic.Server{
+			URL: fmt.Sprintf("http://%s:%d", service.Spec.ExternalName, portSpec.Port),
+		})
+	} else {
+		endpoints, endpointsExists, endpointsErr := client.GetEndpoints(namespace, svc.Name)
+		if endpointsErr != nil {
+			return nil, endpointsErr
+		}
+
+		if !endpointsExists {
+			return nil, errors.New("endpoints not found")
+		}
+
+		if len(endpoints.Subsets) == 0 {
+			return nil, errors.New("subset not found")
+		}
+
+		var port int32
+		for _, subset := range endpoints.Subsets {
+			for _, p := range subset.Ports {
+				if portSpec.Name == p.Name {
+					port = p.Port
+					break
+				}
+			}
+
+			if port == 0 {
+				return nil, errors.New("cannot define a port")
+			}
+
+			protocol := "http"
+			switch svc.Scheme {
+			case "http", "https", "h2c":
+				protocol = svc.Scheme
+			case "":
+				if portSpec.Port == 443 || strings.HasPrefix(portSpec.Name, "https") {
+					protocol = "https"
+				}
+			default:
+				return nil, fmt.Errorf("invalid scheme %q specified", svc.Scheme)
+			}
+
+			for _, addr := range subset.Addresses {
+				servers = append(servers, dynamic.Server{
+					URL: fmt.Sprintf("%s://%s:%d", protocol, addr.IP, port),
+				})
+			}
+		}
+	}
+
+	return servers, nil
+}
+
+func getTLSHTTP(ctx context.Context, ingressRoute *v1alpha1.IngressRoute, k8sClient Client, tlsConfigs map[string]*tls.CertAndStores) error {
+	if ingressRoute.Spec.TLS == nil {
+		return nil
+	}
+	if ingressRoute.Spec.TLS.SecretName == "" {
+		log.FromContext(ctx).Debugf("No secret name provided")
+		return nil
+	}
+
+	configKey := ingressRoute.Namespace + "/" + ingressRoute.Spec.TLS.SecretName
+	if _, tlsExists := tlsConfigs[configKey]; !tlsExists {
+		tlsConf, err := getTLS(k8sClient, ingressRoute.Spec.TLS.SecretName, ingressRoute.Namespace)
+		if err != nil {
+			return err
+		}
+
+		tlsConfigs[configKey] = tlsConf
+	}
+
+	return nil
+}