search

nginxinc / kubernetes-ingress

NGINX and NGINX Plus Ingress Controllers for Kubernetes
https://docs.nginx.com/nginx-ingress-controller
Apache License 2.0
4.64k stars 1.96k forks source link

Listener options #5363

Closed brianehlert closed 5 days ago

brianehlert commented 6 months ago

Discussed in https://github.com/nginxinc/kubernetes-ingress/discussions/3724

Originally posted by **brianehlert** April 4, 2023 Project users have asked for an easy way to deploy NIC with non-default and / or custom listeners for http (L7) as well as stream (L4). The stream use case is currently enabled through the GlobalConfiguration custom resource. It is possible to modify the http listeners today, however the path for customers to do this is complicated and involves modifying the core listener template. This has been requested for the use cases of: - customizing dual stack listener behavior (IPFamily) - binding a listener to a specific interface (IPAddress) - ability to set `proxy_protocol` for an individual HTTP listener Project users should not have to modify the project code or templates to set non-default listeners. Suggested modification to GlobalConfiguration to help visualize: https://github.com/nginxinc/kubernetes-ingress/blob/main/examples/custom-resources/basic-tcp-udp/global-configuration.yaml ``` apiVersion: k8s.nginx.org/v1beta2 kind: GlobalConfiguration metadata: name: nginx-configuration namespace: nginx-ingress spec: listeners: - name: http port: 80 protocol: HTTP ipfamily: both - name: https port: 443 protocol: HTTP ssl: true ipfamily: both - name: http2-grpc port: 85 protocol: HTTP ipfamily: both http2: true - name: dns-tcp port: 5353 protocol: TCP ipfamily: both - name: port-range port: 1494-1496 protocol: TCP ipfamily: ipv6 - name: accelerated-nic port: 1433 protocol: HTTP ipfamily: ipv4 ip: 10.0.5.56 - name: proxy port: 1434 protocol: HTTP ipfamily: ipv4 proxy_protocol: true - name: proxy port: 1434 protocol: HTTP ipfamily: ipv4 proxy_protocol: true - name: mqtt port: 1883 protocol: MQTT ipfamily: ipv4 - name: mqtt-ssl port: 8883 protocol: MQTT ipfamily: ipv4 ssl: true (?) - name: http2-ssl port: 9993 protocol: HTTP2 ipfamily: ipv4 ssl: true (?) - name: http3-ssl port: 4567 protocol: HTTP3 ipfamily: ipv4 ssl: true (?) ``` The listener names would then be referenced following the current pattern in TransportServer https://github.com/nginxinc/kubernetes-ingress/blob/main/examples/custom-resources/basic-tcp-udp/transport-server-tcp.yaml This is necessary for many of these use cases because this all happens at the socket / session / listener level with NGINX.
### Investigation, Design & POC and tasks
- [ ] https://github.com/nginxinc/kubernetes-ingress/issues/5994
### Implementation
- [ ] https://github.com/nginxinc/kubernetes-ingress/issues/6067
- [ ] https://github.com/nginxinc/kubernetes-ingress/issues/6134
brianehlert commented 3 months ago

Is it possible to add this tuning knob? https://github.com/nginxinc/kubernetes-ingress/discussions/5402