From da6d9dcf9ed909b7f2600b8841178112fb815827 Mon Sep 17 00:00:00 2001
From: Nick Gerace <nick.gerace@rancher.com>
Date: Thu, 3 Dec 2020 14:53:51 -0500
Subject: [PATCH] Set default http backend to be optional

Set default http backend to be optional for ingress nginx. It will be
enabled by default.
---
 cluster/addons.go              | 25 +++++++++++++++++++++++--
 cluster/defaults.go            |  4 ++++
 k8s/deployment.go              | 17 +++++++++++++++++
 k8s/service.go                 | 17 +++++++++++++++++
 types/rke_types.go             |  2 ++
 types/zz_generated_deepcopy.go |  5 +++++
 6 files changed, 68 insertions(+), 2 deletions(-)
 create mode 100644 k8s/deployment.go
 create mode 100644 k8s/service.go

diff --git a/cluster/addons.go b/cluster/addons.go
index 6b662a77..674c820e 100644
--- a/cluster/addons.go
+++ b/cluster/addons.go
@@ -37,7 +37,6 @@ const (
 	UserAddonJobName               = "rke-user-addon-deploy-job"
 	UserAddonIncludeJobName        = "rke-user-includes-addons-deploy-job"
 	MetricsServerAddonResourceName = "rke-metrics-addon"
-	NginxIngressAddonAppName       = "ingress-nginx"
 	KubeDNSAddonAppName            = "kube-dns"
 	KubeDNSAutoscalerAppName       = "kube-dns-autoscaler"
 	CoreDNSAutoscalerAppName       = "coredns-autoscaler"
@@ -47,6 +46,10 @@ const (
 	CoreDNSProvider = "coredns"
 	KubeDNSProvider = "kube-dns"
 	Nodelocal       = "nodelocal"
+
+	NginxIngressAddonAppName                 = "ingress-nginx"
+	NginxIngressAddonDefaultBackendName      = "default-http-backend"
+	NginxIngressAddonDefaultBackendNamespace = "ingress-nginx"
 )
 
 var DNSProviders = []string{KubeDNSProvider, CoreDNSProvider}
@@ -66,6 +69,7 @@ type ingressOptions struct {
 	HTTPPort          int
 	HTTPSPort         int
 	NetworkMode       string
+	DefaultBackend    bool
 	UpdateStrategy    *appsv1.DaemonSetUpdateStrategy
 	Tolerations       []v1.Toleration
 }
@@ -557,7 +561,6 @@ func (c *Cluster) deployIngress(ctx context.Context, data map[string]interface{}
 			if err := c.doAddonDelete(ctx, IngressAddonResourceName, false); err != nil {
 				return err
 			}
-
 			log.Infof(ctx, "[ingress] ingress controller removed successfully")
 		} else {
 			log.Infof(ctx, "[ingress] ingress controller is disabled, skipping ingress controller")
@@ -579,6 +582,7 @@ func (c *Cluster) deployIngress(ctx context.Context, data map[string]interface{}
 		HTTPPort:          c.Ingress.HTTPPort,
 		HTTPSPort:         c.Ingress.HTTPSPort,
 		NetworkMode:       c.Ingress.NetworkMode,
+		DefaultBackend:    *c.Ingress.DefaultBackend,
 		UpdateStrategy: &appsv1.DaemonSetUpdateStrategy{
 			Type:          c.Ingress.UpdateStrategy.Strategy,
 			RollingUpdate: c.Ingress.UpdateStrategy.RollingUpdate,
@@ -612,9 +616,26 @@ func (c *Cluster) deployIngress(ctx context.Context, data map[string]interface{}
 			return fmt.Errorf("Failed to apply default PodSecurityPolicy ClusterRole and ClusterRoleBinding: %v", err)
 		}
 	}
+
+	// After deployment of the new ingress controller based on the update strategy, remove the default backend as requested.
+	if !ingressConfig.DefaultBackend {
+		log.Infof(ctx, "[ingress] removing default backend service and deployment if they exist")
+		kubeClient, err := k8s.NewClient(c.LocalKubeConfigPath, c.K8sWrapTransport)
+		if err != nil {
+			return err
+		}
+		if err = k8s.DeleteServiceIfExists(ctx, kubeClient, NginxIngressAddonDefaultBackendName, NginxIngressAddonDefaultBackendNamespace); err != nil {
+			return err
+		}
+		if err = k8s.DeleteDeploymentIfExists(ctx, kubeClient, NginxIngressAddonDefaultBackendName, NginxIngressAddonDefaultBackendNamespace); err != nil {
+			return err
+		}
+	}
+
 	log.Infof(ctx, "[ingress] ingress controller %s deployed successfully", c.Ingress.Provider)
 	return nil
 }
+
 func (c *Cluster) removeDNSProvider(ctx context.Context, dnsprovider string) error {
 	AddonJobExists, err := addons.AddonJobExists(getAddonResourceName(dnsprovider)+"-deploy-job", c.LocalKubeConfigPath, c.K8sWrapTransport)
 	if err != nil {
diff --git a/cluster/defaults.go b/cluster/defaults.go
index 95186106..52ea5672 100644
--- a/cluster/defaults.go
+++ b/cluster/defaults.go
@@ -141,6 +141,7 @@ var (
 	}
 	DefaultClusterProportionalAutoscalerLinearParams = v3.LinearAutoscalerParams{CoresPerReplica: 128, NodesPerReplica: 4, Min: 1, PreventSinglePointFailure: true}
 	DefaultMonitoringAddonReplicas                   = int32(1)
+	DefaultDefaultBackend                            = true
 )
 
 type ExternalFlags struct {
@@ -808,6 +809,9 @@ func (c *Cluster) setAddonsDefaults() {
 		c.Ingress.HTTPSPort = DefaultHTTPSPort
 	}
 
+	if c.Ingress.DefaultBackend == nil {
+		c.Ingress.DefaultBackend = &DefaultDefaultBackend
+	}
 }
 
 func setDaemonsetAddonDefaults(updateStrategy *v3.DaemonSetUpdateStrategy) *v3.DaemonSetUpdateStrategy {
diff --git a/k8s/deployment.go b/k8s/deployment.go
new file mode 100644
index 00000000..45bbbf1a
--- /dev/null
+++ b/k8s/deployment.go
@@ -0,0 +1,17 @@
+package k8s
+
+import (
+	"context"
+
+	"k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/client-go/kubernetes"
+)
+
+func DeleteDeploymentIfExists(ctx context.Context, k8sClient *kubernetes.Clientset, name, namespace string) error {
+	err := k8sClient.AppsV1().Deployments(namespace).Delete(ctx, name, metav1.DeleteOptions{})
+	if err != nil && !errors.IsNotFound(err) {
+		return err
+	}
+	return nil
+}
diff --git a/k8s/service.go b/k8s/service.go
new file mode 100644
index 00000000..00c075bb
--- /dev/null
+++ b/k8s/service.go
@@ -0,0 +1,17 @@
+package k8s
+
+import (
+	"context"
+
+	"k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/client-go/kubernetes"
+)
+
+func DeleteServiceIfExists(ctx context.Context, k8sClient *kubernetes.Clientset, name, namespace string) error {
+	err := k8sClient.CoreV1().Services(namespace).Delete(ctx, name, metav1.DeleteOptions{})
+	if err != nil && !errors.IsNotFound(err) {
+		return err
+	}
+	return nil
+}
diff --git a/types/rke_types.go b/types/rke_types.go
index c1c93794..85e3a3d3 100644
--- a/types/rke_types.go
+++ b/types/rke_types.go
@@ -443,6 +443,8 @@ type IngressConfig struct {
 	NetworkMode string `yaml:"network_mode" json:"networkMode,omitempty"`
 	// Tolerations for Deployments
 	Tolerations []v1.Toleration `yaml:"tolerations" json:"tolerations,omitempty"`
+	// Enable or disable nginx default-http-backend
+	DefaultBackend *bool `yaml:"default_backend" json:"defaultBackend,omitempty" norman:"default=true"`
 }
 
 type ExtraEnv struct {
diff --git a/types/zz_generated_deepcopy.go b/types/zz_generated_deepcopy.go
index bc9f5676..654ce977 100644
--- a/types/zz_generated_deepcopy.go
+++ b/types/zz_generated_deepcopy.go
@@ -858,6 +858,11 @@ func (in *IngressConfig) DeepCopyInto(out *IngressConfig) {
 			(*in)[i].DeepCopyInto(&(*out)[i])
 		}
 	}
+	if in.DefaultBackend != nil {
+		in, out := &in.DefaultBackend, &out.DefaultBackend
+		*out = new(bool)
+		**out = **in
+	}
 	return
 }