nginx milestone

Author: jshum2479

electron/app/locales/en/webui.json

@@ -608,6 +608,8 @@
   "ingress-design-ingress-namespace-help": "The Kubernetes namespace to use for the ingress controller.",
   "ingress-design-voyager-provider-label": "Kubernetes Cluster Provider for Voyager",
   "ingress-design-voyager-provider-help": "The Kubernetes cluster provider type to use for Voyager.",
+  "ingress-design-nginx-allow-passthrough-label": "Allow SSL pass through to backend service",
+  "ingress-design-nginx-allow-passthrough-help": "Enable this allows creating ssl ingress pass through to the backend service.",
   "ingress-design-specify-docker-registry-secret-label": "Use Docker Hub Secret",
   "ingress-design-specify-docker-registry-secret-help": "Whether to use a Docker Hub credential secret to pull the ingress controller image.  This is helpful if you encounter a Docker Hub pull limit exceeded error.",
   "ingress-design-ingress-docker-reg-secret-name": "Docker Registry Secret Name",
@@ -633,8 +635,8 @@
   "ingress-design-ingress-route-tlsoption-plain": "Plain HTTP",
   "ingress-design-ingress-route-tlsoption-ssl-passthrough": "HTTPS pass through to the target service",
   "ingress-design-ingress-route-tlsoption-ssl-terminate-ingress": "HTTPS terminate at ingress and plain HTTP traffic from ingress to target service",
-  "ingress-design-ingress-route-is-console-svc-label": "Check if target service is WebLogic Console Service",
-  "ingress-design-ingress-route-yes-console-svc": "WebLogic Console Service",
+  "ingress-design-ingress-route-is-console-svc-label": "Is target service WebLogic Console?",
+  "ingress-design-ingress-route-is-console-svc-help": "For SSL terminating at ingress and accessing WebLogic Console, turn on this option",
   "ingress-design-ingress-route-name-label": "Name",
   "ingress-design-ingress-route-dialog-title": "Edit Ingress Route",
   "ingress-design-ingress-route-annotation-label": "Annotation",

webui/src/js/models/ingress-definition.js

@@ -59,7 +59,7 @@ define(['knockout', 'utils/observable-properties', 'utils/validation-helper'],
         this.createTLSSecret = props.createProperty(false);
         this.ingressTLSSecretName = props.createProperty('');
         this.ingressTLSSecretName.addValidator(...validationHelper.getK8sNameValidators());
-
+        this.allowNginxSSLPassThrough = props.createProperty(false);
         this.generateTLSFiles = props.createProperty(false);
         this.ingressTLSSubject = props.createProperty('');
 

webui/src/js/utils/ingress-controller-installer.js

@@ -246,6 +246,9 @@ function(IngressActionsBase, project, wktConsole, k8sHelper, i18n, dialogHelper,
         helmChartData['kubernetes.namespaces'] =
           `{${ingressControllerNamespace},${this.project.k8sDomain.kubernetesNamespace.value}}`;
       }
+      if (ingressControllerProvider === 'nginx' && this.project.ingress.allowNginxSSLPassThrough) {
+        helmChartData['controller.extraArgs.enable-ssl-passthrough'] = true;
+      }
       return helmChartData;
     }
   }

webui/src/js/utils/ingress-resource-generator.js

@@ -75,10 +75,55 @@ define(['models/wkt-project', 'js-yaml'],
       }
 
       createNginxRoutesAsYaml(item) {
-        return this._createStandardRoutesAsYaml(item);
+        const namespace = item['targetServiceNameSpace'] || 'default';
+
+        const result = {
+          apiVersion: 'networking.k8s.io/v1',
+          kind: 'Ingress',
+          metadata: {
+            name: item['name'],
+            namespace: namespace,
+          },
+          spec: {
+            rules: [
+              {
+                http: {
+                  paths: [
+                    {
+                      backend: {
+                        service : {
+                          name: item['targetService'],
+                          port: {
+                            number: Number(item['targetPort'])
+                          }
+                        }
+                      },
+                      path: item['path'],
+                      pathType: 'Prefix'
+                    }
+                  ]
+                }
+              }
+            ]
+          }
+        };
+        this.addTlsSpec(result, item);
+        this.addVirtualHost(result, item);
+        this.addAnnotations(result, item);
+
+        if (this.isSSLTerminateAtIngress(item)) {
+          if (item['isConsoleService']) {
+            const snippet = 'more_clear_input_headers "WL-Proxy-Client-IP" "WL-Proxy-SSL";\n'
+              + 'more_set_input_headers "X-Forwarded-Proto: https";\n'
+              + 'more_set_input_headers "WL-Proxy-SSL: true";\n';  // must have nl at the end
+            result.metadata.annotations['nginx.ingress.kubernetes.io/configuration-snippet'] = snippet;
+            result.metadata.annotations['nginx.ingress.kubernetes.io/ingress.allow-http'] = 'false';
+          }
+        }
+        return jsYaml.dump(result);
       }
 
-      isTraefikSSLTerminateAtIngress(item) {
+      isSSLTerminateAtIngress(item) {
         if (item && item['tlsOption'] === 'ssl_terminate_ingress') {
           return true;
         } else {
@@ -115,8 +160,8 @@ define(['models/wkt-project', 'js-yaml'],
           }
         };
 
-        if (this.isTraefikSSLTerminateAtIngress(item)) {
-          if (item['isConsoleService'].includes('yes')) {
+        if (this.isSSLTerminateAtIngress(item)) {
+          if (item['isConsoleService']) {
             result.spec = {
               headers: {
                 sslRedirect: true,
@@ -133,7 +178,6 @@ define(['models/wkt-project', 'js-yaml'],
           }
 
           if (item['path'].indexOf('.') < 0) {
-            console.log('at here');
             result.spec = { replacePathRegex: { regex: '^' + item['path'] + '(.*)'}, replacement: item['path'] + '/$1'};
             return jsYaml.dump(result);
           }
@@ -190,7 +234,7 @@ define(['models/wkt-project', 'js-yaml'],
         result.spec.routes[0].match = matchExpression;
 
         // if SSL terminate at ingress
-        if (this.project.ingress.specifyIngressTLSSecret.value && this.isTraefikSSLTerminateAtIngress(item)) {
+        if (this.project.ingress.specifyIngressTLSSecret.value && this.isSSLTerminateAtIngress(item)) {
           if (!item['tlsSecretName']) {
             item['tlsSecretName'] = this.project.ingress.ingressTLSSecretName.value;
           }
@@ -222,45 +266,6 @@ define(['models/wkt-project', 'js-yaml'],
         return yaml;
       }
 
-      _createStandardRoutesAsYaml(item) {
-        const namespace = item['targetServiceNameSpace'] || 'default';
-
-        const result = {
-          apiVersion: 'networking.k8s.io/v1',
-          kind: 'Ingress',
-          metadata: {
-            name: item['name'],
-            namespace: namespace,
-          },
-          spec: {
-            rules: [
-              {
-                http: {
-                  paths: [
-                    {
-                      backend: {
-                        service : {
-                          name: item['targetService'],
-                          port: {
-                            number: Number(item['targetPort'])
-                          }
-                        }
-                      },
-                      path: item['path'],
-                      pathType: 'Prefix'
-                    }
-                  ]
-                }
-              }
-            ]
-          }
-        };
-        this.addTlsSpec(result, item);
-        this.addVirtualHost(result, item);
-        this.addAnnotations(result, item);
-        return jsYaml.dump(result);
-      }
-
       addTlsSpec(result, item) {
         // If the Ingress TLS secret is not enabled, do not add the ingress TLS secret name even if it exists.
         if (this.project.ingress.specifyIngressTLSSecret.value && !this.isTraefikPlain(item)) {

webui/src/js/utils/ingress-routes-updater.js

@@ -491,7 +491,6 @@ function(IngressActionsBase, project, wktConsole, k8sHelper, i18n, projectIo, di
             });
           }
         }
-        console.log(ingressDefinition);
         if (useNodePort) {
           if (ingressDefinition['tlsOption'] !== 'plain') {
             results['accessPoint'] = 'https:' + externalLoadBalancerHost + ':' + ingressSSLPort  + ingressDefinition.path;

webui/src/js/viewModels/ingress-design-view-impl.js

@@ -52,6 +52,10 @@ function(i18n, accUtils, ko, ArrayDataProvider, BufferingDataProvider, project,
       return this.project.ingress.ingressControllerProvider.value === 'voyager';
     };
 
+    this.isNginx = () => {
+      return this.project.ingress.ingressControllerProvider.value === 'nginx';
+    };
+
     this.imageOnDockerHub = () => {
       return (this.project.ingress.ingressControllerProvider.value === 'voyager') ||
         (this.project.ingress.ingressControllerProvider.value === 'traefik');
@@ -178,7 +182,7 @@ function(i18n, accUtils, ko, ArrayDataProvider, BufferingDataProvider, project,
         targetServiceNameSpace: this.project.k8sDomain.kubernetesNamespace.value,
         accessPoint: '',
         tlsOption: 'plain',
-        isConsoleService: []
+        isConsoleService: false
       };
 
       // if controller is Voyager and provider is baremetal only nodeport is supported, set the default in the UI

webui/src/js/viewModels/route-edit-dialog.js

@@ -38,7 +38,7 @@ function(accUtils, ko, i18n, project, viewHelper, ArrayDataProvider, BufferingDa
 
     this.project = project;
     this.route = args.route;
-    this.route.isConsoleService = [];
+    this.askIfConsoleSvc = ko.observable(this.route.isConsoleService);
 
     this.savedAnnotations = args.route.annotations || {};
 
@@ -48,10 +48,6 @@ function(accUtils, ko, i18n, project, viewHelper, ArrayDataProvider, BufferingDa
       { id: 'ssl_passthrough', value: 'ssl_passthrough', text: this.labelMapper('route-tlsoption-ssl-passthrough') },
     ];
 
-    this.isConsoleOptions = [
-      { id: 'isConsole', value: 'yes', text: this.labelMapper('route-yes-console-svc') }
-    ];
-
     // this is dynamic to allow i18n fields to load correctly
     this.annotationColumns = [
       {
@@ -148,6 +144,18 @@ function(accUtils, ko, i18n, project, viewHelper, ArrayDataProvider, BufferingDa
       }
     }
 
+    this.askIfConsoleService = () => {
+      return this.askIfConsoleSvc();
+    };
+
+    this.transportValueChanged = (event) => {
+      if (event.detail.value === 'ssl_terminate_ingress') {
+        this.askIfConsoleSvc(true);
+      } else {
+        this.askIfConsoleSvc(false);
+      }
+    };
+
     this.okInput = () => {
       let tracker = document.getElementById('ingressTracker');
       if (tracker.valid !== 'valid') {
@@ -175,9 +183,16 @@ function(accUtils, ko, i18n, project, viewHelper, ArrayDataProvider, BufferingDa
         changedAnnotations[annotation.key] = annotation.value ? annotation.value : '';
       });
 
+      const ingressClassKey = 'kubernetes.io/ingress.class';
+      let tlsOption = result['tlsOption'];
+
+      if (typeof tlsOption === 'undefined') {
+        tlsOption = this.route.tlsOption;
+      }
+
       if (this.project.ingress.ingressControllerProvider.value === 'traefik') {
         const sslKey = 'traefik.ingress.kubernetes.io/router.tls';
-        const tlsOption = result['tlsOption'];
+        changedAnnotations[ingressClassKey] = 'traefik';
         addOrDeleteAnnotation(changedAnnotations, (tlsOption !== 'plain'),
           sslKey, 'true', '');
         // if user switched to plain
@@ -191,10 +206,12 @@ function(accUtils, ko, i18n, project, viewHelper, ArrayDataProvider, BufferingDa
       if (this.project.ingress.ingressControllerProvider.value === 'nginx') {
         const sslKey = 'nginx.ingress.kubernetes.io/backend-protocol';
         const sslPassThroughKey = 'nginx.ingress.kubernetes.io/ssl-passthrough';
-        const tlsOption = result['tlsOption'];
+        changedAnnotations[ingressClassKey] = 'nginx';
         addOrDeleteAnnotation(changedAnnotations, (tlsOption === 'ssl_terminate_ingress'),
           sslKey, 'HTTPS', sslPassThroughKey);
-        addOrDeleteAnnotation(changedAnnotations, (tlsOption === 'ssl_passthrough'), 'true', sslKey);
+        // passthrough require both
+        addOrDeleteAnnotation(changedAnnotations, (tlsOption === 'ssl_passthrough'), sslPassThroughKey, 'true', '');
+        addOrDeleteAnnotation(changedAnnotations, (tlsOption === 'ssl_passthrough'), sslKey, 'HTTPS', '');
       }
 
       if(compareObjects(changedAnnotations, this.savedAnnotations)) {

webui/src/js/views/ingress-design-view.html

@@ -39,6 +39,12 @@ <h6 class="wkt-subheading">
                             help.instruction="[[labelMapper('voyager-provider-help')]]">
           </oj-select-single>
         </oj-bind-if>
+        <oj-bind-if test="[[isNginx() === true]]">
+          <oj-switch label-hint="[[labelMapper('nginx-allow-passthrough-label')]]"
+                     value="{{project.ingress.allowNginxSSLPassThrough.observable}}"
+                     help.instruction="[[labelMapper('nginx-allow-passthrough-help')]]">
+          </oj-switch>
+        </oj-bind-if>
       </oj-form-layout>
 
 

webui/src/js/views/route-edit-dialog.html

@@ -48,6 +48,7 @@
         <oj-radioset id="tlsOptionId"
                      label-hint="[[labelMapper('route-tls-label')]]"
                      label-edge="inside"
+                     on-value-changed = "[[transportValueChanged]]"
                      value="{{tlsOption.observable}}">
           <oj-bind-for-each data="[[tlsOptions]]">
             <template>
@@ -58,18 +59,12 @@
           </oj-bind-for-each>
         </oj-radioset>
 
-        <oj-checkboxset id="isConsoleSetId"
-                        label-hint="[[labelMapper('route-is-console-svc-label')]]"
-                        label-edge="inside"
-                        value="{{isConsoleService.observable}}">
-          <oj-bind-for-each data="[[isConsoleOptions]]">
-            <template>
-              <oj-option value="[[$current.data.value]]">
-                <oj-bind-text value="[[$current.data.text]]"></oj-bind-text>
-              </oj-option>
-            </template>
-          </oj-bind-for-each>
-        </oj-checkboxset>
+        <oj-bind-if test="[[askIfConsoleService() === true]]">
+          <oj-switch label-hint="[[labelMapper('route-is-console-svc-label')]]"
+                     value="{{isConsoleService.observable}}"
+                     help.instruction="[[labelMapper('route-is-console-svc-help')]]">
+          </oj-switch>
+        </oj-bind-if>
 
       </oj-form-layout>