Merge pull request #1219 from sethpollack/whitelist-dedup

keep zones unique per ingress resource
kubernetes · Aug 22, 2017 · 2782def · 2782def
2 parents ed3803c + a3594f6
commit 2782def
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 5 deletions.
diff --git a/controllers/nginx/pkg/template/template.go b/controllers/nginx/pkg/template/template.go
@@ -133,6 +133,7 @@ var (
 		"buildAuthResponseHeaders": buildAuthResponseHeaders,
 		"buildProxyPass":           buildProxyPass,
 		"buildWhitelistVariable":   buildWhitelistVariable,
+		"whitelistExists":          whitelistExists,
 		"buildRateLimitZones":      buildRateLimitZones,
 		"buildRateLimit":           buildRateLimit,
 		"buildResolvers":           buildResolvers,
@@ -340,6 +341,11 @@ var (
 	whitelistVarMap = map[string]string{}
 )
 
+func whitelistExists(s string) bool {
+	_, ok := whitelistVarMap[s]
+	return ok
+}
+
 func buildWhitelistVariable(s string) string {
 	if _, ok := whitelistVarMap[s]; !ok {
 		whitelistVarMap[s] = buildRandomUUID()
@@ -360,8 +366,7 @@ func buildRateLimitZones(input interface{}) []string {
 
 	for _, server := range servers {
 		for _, loc := range server.Locations {
-			lrn := fmt.Sprintf("%v_%v", server.Hostname, loc.RateLimit.Name)
-			whitelistVar := buildWhitelistVariable(lrn)
+			whitelistVar := buildWhitelistVariable(loc.RateLimit.Name)
 
 			if loc.RateLimit.Connections.Limit > 0 {
 				zone := fmt.Sprintf("limit_conn_zone $limit_%s zone=%v:%vm;",

diff --git a/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl b/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl
@@ -292,22 +292,23 @@ http {
     {{ end }}
 
     {{ if ne $location.RateLimit.Name "" }}
+    {{ if ne (whitelistExists $location.RateLimit.Name) true }}
     # Ratelimit {{ $location.RateLimit.Name }}
-    {{ $rln := (print $server.Hostname "_" $location.RateLimit.Name) }}
-    geo $whitelist_{{ buildWhitelistVariable $rln }} {
+    geo $whitelist_{{ buildWhitelistVariable $location.RateLimit.Name }} {
         default 0;
         {{ range $ip := $location.RateLimit.Whitelist }}
         {{ $ip }} 1;{{ end }}
     }
 
     # Ratelimit {{ $location.RateLimit.Name }}
-    map $whitelist_{{ buildWhitelistVariable $rln }} $limit_{{ buildWhitelistVariable $rln }} {
+    map $whitelist_{{ buildWhitelistVariable $location.RateLimit.Name }} $limit_{{ buildWhitelistVariable $location.RateLimit.Name }} {
         0 {{ $cfg.LimitConnZoneVariable }};
         1 "";
     }
     {{ end }}
     {{ end }}
     {{ end }}
+    {{ end }}
 
     {{/* build all the required rate limit zones. Each annotation requires a dedicated zone */}}
     {{/* 1MB -> 16 thousand 64-byte states or about 8 thousand 128-byte states */}}