From 21812311ab1d304b0e9899f379006b55de54d06a Mon Sep 17 00:00:00 2001 From: Carlos Tadeu Panato Junior Date: Mon, 12 Jul 2021 15:36:48 +0200 Subject: [PATCH] controller: ignore non-service backends (#7332) * controller: ignore non-service backends Signed-off-by: Carlos Panato * update per feedback Signed-off-by: Carlos Panato --- internal/ingress/controller/controller.go | 25 ++++++++ .../ingress/controller/controller_test.go | 61 +++++++++++++++++++ 2 files changed, 86 insertions(+) diff --git a/internal/ingress/controller/controller.go b/internal/ingress/controller/controller.go index 7f87dc2d84..34457f640d 100644 --- a/internal/ingress/controller/controller.go +++ b/internal/ingress/controller/controller.go @@ -573,6 +573,12 @@ func (n *NGINXController) getBackendServers(ingresses []*ingress.Ingress) ([]*in } for _, path := range rule.HTTP.Paths { + if path.Backend.Service == nil { + // skip non-service backends + klog.V(3).Infof("Ingress %q and path %q does not contain a service backend, using default backend", ingKey, path.Path) + continue + } + upsName := upstreamName(ing.Namespace, path.Backend.Service) ups := upstreams[upsName] @@ -788,6 +794,7 @@ func (n *NGINXController) createUpstreams(data []*ingress.Ingress, du *ingress.B upstreams[defUpstreamName] = du for _, ing := range data { + ingKey := k8s.MetaNamespaceKey(ing) anns := ing.ParsedAnnotations var defBackend string @@ -852,6 +859,12 @@ func (n *NGINXController) createUpstreams(data []*ingress.Ingress, du *ingress.B } for _, path := range rule.HTTP.Paths { + if path.Backend.Service == nil { + // skip non-service backends + klog.V(3).Infof("Ingress %q and path %q does not contain a service backend, using default backend", ingKey, path.Path) + continue + } + name := upstreamName(ing.Namespace, path.Backend.Service) svcName, svcPort := upstreamServiceNameAndPort(path.Backend.Service) if _, ok := upstreams[name]; ok { @@ -1391,6 +1404,12 @@ func mergeAlternativeBackends(ing *ingress.Ingress, upstreams map[string]*ingres } for _, path := range rule.HTTP.Paths { + if path.Backend.Service == nil { + // skip non-service backends + klog.V(3).Infof("Ingress %q and path %q does not contain a service backend, using default backend", k8s.MetaNamespaceKey(ing), path.Path) + continue + } + upsName := upstreamName(ing.Namespace, path.Backend.Service) altUps := upstreams[upsName] @@ -1607,6 +1626,12 @@ func checkOverlap(ing *networking.Ingress, ingresses []*ingress.Ingress, servers } for _, path := range rule.HTTP.Paths { + if path.Backend.Service == nil { + // skip non-service backends + klog.V(3).Infof("Ingress %q and path %q does not contain a service backend, using default backend", k8s.MetaNamespaceKey(ing), path.Path) + continue + } + if path.Path == "" { path.Path = rootLocation } diff --git a/internal/ingress/controller/controller_test.go b/internal/ingress/controller/controller_test.go index 095ad0ae6d..9ddf65dfaa 100644 --- a/internal/ingress/controller/controller_test.go +++ b/internal/ingress/controller/controller_test.go @@ -1784,6 +1784,67 @@ func TestGetBackendServers(t *testing.T) { } }, }, + { + Ingresses: []*ingress.Ingress{ + { + Ingress: networking.Ingress{ + ObjectMeta: metav1.ObjectMeta{ + Name: "proxy-ssl-1", + Namespace: "proxyssl", + }, + Spec: networking.IngressSpec{ + Rules: []networking.IngressRule{ + { + Host: "example.com", + IngressRuleValue: networking.IngressRuleValue{ + HTTP: &networking.HTTPIngressRuleValue{ + Paths: []networking.HTTPIngressPath{ + { + Path: "/path1", + PathType: &pathTypePrefix, + Backend: networking.IngressBackend{}, + }, + }, + }, + }, + }, + }, + }, + }, + ParsedAnnotations: &annotations.Ingress{ + ProxySSL: proxyssl.Config{ + AuthSSLCert: resolver.AuthSSLCert{ + CAFileName: "cafile1.crt", + Secret: "secret1", + }, + }, + }, + }, + }, + Validate: func(ingresses []*ingress.Ingress, upstreams []*ingress.Backend, servers []*ingress.Server) { + if len(servers) != 2 { + t.Errorf("servers count should be 1, got %d", len(servers)) + return + } + + s := servers[1] + + if s.Locations[0].Backend != "upstream-default-backend" { + t.Errorf("backend should be upstream-default-backend, got '%s'", s.Locations[0].Backend) + } + }, + SetConfigMap: func(ns string) *v1.ConfigMap { + return &v1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Name: "config", + SelfLink: fmt.Sprintf("/api/v1/namespaces/%s/configmaps/config", ns), + }, + Data: map[string]string{ + "proxy-ssl-location-only": "true", + }, + } + }, + }, } for _, testCase := range testCases {