Fix: nginx proxy server list not changed

Signed-off-by: joey <[email protected]>

Author: chengjoey

internal/ingress/controller/controller.go

@@ -46,6 +46,7 @@ import (
 	"k8s.io/ingress-nginx/internal/k8s"
 	"k8s.io/ingress-nginx/internal/nginx"
 	"k8s.io/ingress-nginx/pkg/apis/ingress"
+	"k8s.io/ingress-nginx/pkg/tcpproxy"
 	utilingress "k8s.io/ingress-nginx/pkg/util/ingress"
 	"k8s.io/klog/v2"
 )
@@ -185,6 +186,44 @@ func (n *NGINXController) syncIngress(interface{}) error {
 	n.metricCollector.SetSSLExpireTime(servers)
 	n.metricCollector.SetSSLInfo(servers)
 
+	if n.cfg.EnableSSLPassthrough {
+		servers := []*tcpproxy.TCPServer{}
+		for _, pb := range pcfg.PassthroughBackends {
+			svc := pb.Service
+			if svc == nil {
+				klog.Warningf("Missing Service for SSL Passthrough backend %q", pb.Backend)
+				continue
+			}
+			port, err := strconv.Atoi(pb.Port.String()) // #nosec
+			if err != nil {
+				for _, sp := range svc.Spec.Ports {
+					if sp.Name == pb.Port.String() {
+						port = int(sp.Port)
+						break
+					}
+				}
+			} else {
+				for _, sp := range svc.Spec.Ports {
+					//nolint:gosec // Ignore G109 error
+					if sp.Port == int32(port) {
+						port = int(sp.Port)
+						break
+					}
+				}
+			}
+
+			// TODO: Allow PassthroughBackends to specify they support proxy-protocol
+			servers = append(servers, &tcpproxy.TCPServer{
+				Hostname:      pb.Hostname,
+				IP:            svc.Spec.ClusterIP,
+				Port:          port,
+				ProxyProtocol: false,
+			})
+		}
+
+		n.Proxy.ServerList = servers
+	}
+
 	if n.runningConfig.Equal(pcfg) {
 		klog.V(3).Infof("No configuration change detected, skipping backend reload")
 		return nil

internal/ingress/controller/nginx.go

@@ -455,44 +455,6 @@ func (n *NGINXController) DefaultEndpoint() ingress.Endpoint {
 //
 //nolint:gocritic // the cfg shouldn't be changed, and shouldn't be mutated by other processes while being rendered.
 func (n *NGINXController) generateTemplate(cfg ngx_config.Configuration, ingressCfg ingress.Configuration) ([]byte, error) {
-	if n.cfg.EnableSSLPassthrough {
-		servers := []*tcpproxy.TCPServer{}
-		for _, pb := range ingressCfg.PassthroughBackends {
-			svc := pb.Service
-			if svc == nil {
-				klog.Warningf("Missing Service for SSL Passthrough backend %q", pb.Backend)
-				continue
-			}
-			port, err := strconv.Atoi(pb.Port.String()) // #nosec
-			if err != nil {
-				for _, sp := range svc.Spec.Ports {
-					if sp.Name == pb.Port.String() {
-						port = int(sp.Port)
-						break
-					}
-				}
-			} else {
-				for _, sp := range svc.Spec.Ports {
-					//nolint:gosec // Ignore G109 error
-					if sp.Port == int32(port) {
-						port = int(sp.Port)
-						break
-					}
-				}
-			}
-
-			// TODO: Allow PassthroughBackends to specify they support proxy-protocol
-			servers = append(servers, &tcpproxy.TCPServer{
-				Hostname:      pb.Hostname,
-				IP:            svc.Spec.ClusterIP,
-				Port:          port,
-				ProxyProtocol: false,
-			})
-		}
-
-		n.Proxy.ServerList = servers
-	}
-
 	// NGINX cannot resize the hash tables used to store server names. For
 	// this reason we check if the current size is correct for the host
 	// names defined in the Ingress rules and adjust the value if