mirror of
https://github.com/VictoriaMetrics/VictoriaMetrics.git
synced 2025-01-10 15:14:09 +00:00
lib/promscrape/discovery/kubernetes: properly use https scheme for wildcard TLS certificates in ingress target discovery
See https://github.com/prometheus/prometheus/issues/8902
This commit is contained in:
parent
1f6082be3a
commit
6ed9f10da5
3 changed files with 50 additions and 10 deletions
|
@ -20,6 +20,7 @@ sort: 15
|
|||
* BUGFIX: properly handle queries with multiple filters matching empty labels such as `metric{label1=~"foo|",label2="bar|"}`. This filter must match the following series: `metric`, `metric{label1="foo"}`, `metric{label2="bar"}` and `metric{label1="foo",label2="bar"}`. Previously it was matching only `metric{label1="foo",label2="bar"}`. See [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/1601).
|
||||
* BUGFIX: vmselect: reset connection timeouts after each request to `vmstorage`. This should prevent from `cannot read data in 0.000 seconds: unexpected EOF` warning in logs. See [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/1562). Thanks to @mxlxm .
|
||||
* BUGFIX: keep metric name for time series returned from [rollup_candlestick](https://docs.victoriametrics.com/MetricsQL.html#rollup_candlestick) function, since the returned series don't change the meaning of the original series. See [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/1600).
|
||||
* BUGFIX: vmagent: properly use `https` scheme for wildcard TLS certificates for `role: ingress` targets in Kubernetes service discovery. See [this issue](https://github.com/prometheus/prometheus/issues/8902).
|
||||
|
||||
|
||||
## [v1.65.0](https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.65.0)
|
||||
|
|
|
@ -4,6 +4,7 @@ import (
|
|||
"encoding/json"
|
||||
"fmt"
|
||||
"io"
|
||||
"strings"
|
||||
)
|
||||
|
||||
func (ig *Ingress) key() string {
|
||||
|
@ -88,19 +89,10 @@ type HTTPIngressPath struct {
|
|||
//
|
||||
// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ingress
|
||||
func (ig *Ingress) getTargetLabels(gw *groupWatcher) []map[string]string {
|
||||
tlsHosts := make(map[string]bool)
|
||||
for _, tls := range ig.Spec.TLS {
|
||||
for _, host := range tls.Hosts {
|
||||
tlsHosts[host] = true
|
||||
}
|
||||
}
|
||||
var ms []map[string]string
|
||||
for _, r := range ig.Spec.Rules {
|
||||
paths := getIngressRulePaths(r.HTTP.Paths)
|
||||
scheme := "http"
|
||||
if tlsHosts[r.Host] {
|
||||
scheme = "https"
|
||||
}
|
||||
scheme := getSchemeForHost(r.Host, ig.Spec.TLS)
|
||||
for _, path := range paths {
|
||||
m := getLabelsForIngressPath(ig, scheme, r.Host, path)
|
||||
ms = append(ms, m)
|
||||
|
@ -109,6 +101,33 @@ func (ig *Ingress) getTargetLabels(gw *groupWatcher) []map[string]string {
|
|||
return ms
|
||||
}
|
||||
|
||||
func getSchemeForHost(host string, tlss []IngressTLS) string {
|
||||
for _, tls := range tlss {
|
||||
for _, hostPattern := range tls.Hosts {
|
||||
if matchesHostPattern(hostPattern, host) {
|
||||
return "https"
|
||||
}
|
||||
}
|
||||
}
|
||||
return "http"
|
||||
}
|
||||
|
||||
func matchesHostPattern(pattern, host string) bool {
|
||||
if pattern == host {
|
||||
return true
|
||||
}
|
||||
if !strings.HasPrefix(pattern, "*.") {
|
||||
return false
|
||||
}
|
||||
pattern = pattern[len("*."):]
|
||||
n := strings.IndexByte(host, '.')
|
||||
if n < 0 {
|
||||
return false
|
||||
}
|
||||
host = host[n+1:]
|
||||
return pattern == host
|
||||
}
|
||||
|
||||
func getLabelsForIngressPath(ig *Ingress, scheme, host, path string) map[string]string {
|
||||
m := map[string]string{
|
||||
"__address__": host,
|
||||
|
|
|
@ -8,6 +8,26 @@ import (
|
|||
"github.com/VictoriaMetrics/VictoriaMetrics/lib/promscrape/discoveryutils"
|
||||
)
|
||||
|
||||
func TestMatchesHostPattern(t *testing.T) {
|
||||
f := func(pattern, host string, resultExpected bool) {
|
||||
t.Helper()
|
||||
result := matchesHostPattern(pattern, host)
|
||||
if result != resultExpected {
|
||||
t.Fatalf("unexpected result for matchesHostPattern(%q, %q); got %v; want %v", pattern, host, result, resultExpected)
|
||||
}
|
||||
}
|
||||
f("", "", true)
|
||||
f("", "foo", false)
|
||||
f("foo", "", false)
|
||||
f("localhost", "localhost", true)
|
||||
f("localhost", "localhost2", false)
|
||||
f("*.foo", "bar", false)
|
||||
f("foo.bar", "foo.bar", true)
|
||||
f("foo.baz", "foo.bar", false)
|
||||
f("a.x.yyy", "b.x.yyy", false)
|
||||
f("*.x.yyy", "b.x.yyy", true)
|
||||
}
|
||||
|
||||
func TestParseIngressListFailure(t *testing.T) {
|
||||
f := func(s string) {
|
||||
t.Helper()
|
||||
|
|
Loading…
Reference in a new issue