diff --git a/cmd/nginx-ingress/main.go b/cmd/nginx-ingress/main.go index 41b5cb796b..ab76228686 100644 --- a/cmd/nginx-ingress/main.go +++ b/cmd/nginx-ingress/main.go @@ -64,12 +64,12 @@ var ( ingressClass = flag.String("ingress-class", "nginx", `A class of the Ingress controller. The Ingress controller only processes Ingress resources that belong to its class - - i.e. have the annotation "kubernetes.io/ingress.class" equal to the class. Additionally, + - i.e. have the annotation "kubernetes.io/ingress.class" or the "ingressClassName" field in VirtualServer/VirtualServerRoute equal to the class. Additionally, the Ingress controller processes Ingress resources that do not have that annotation, which can be disabled by setting the "-use-ingress-class-only" flag`) useIngressClassOnly = flag.Bool("use-ingress-class-only", false, - `Ignore Ingress resources without the "kubernetes.io/ingress.class" annotation`) + `Ignore Ingress resources without the "kubernetes.io/ingress.class" annotation or the "ingressClassName" field in VirtualServer/VirtualServerRoute`) defaultServerSecret = flag.String("default-server-tls-secret", "", `A Secret with a TLS certificate and key for TLS termination of the default server. Format: /. diff --git a/deployments/common/vs-definition.yaml b/deployments/common/vs-definition.yaml index 593767d84b..a43161dc73 100644 --- a/deployments/common/vs-definition.yaml +++ b/deployments/common/vs-definition.yaml @@ -59,6 +59,8 @@ spec: properties: host: type: string + ingressClassName: + type: string routes: type: array items: diff --git a/deployments/common/vsr-definition.yaml b/deployments/common/vsr-definition.yaml index e960db4363..3a6ba1ac78 100644 --- a/deployments/common/vsr-definition.yaml +++ b/deployments/common/vsr-definition.yaml @@ -57,6 +57,8 @@ spec: properties: host: type: string + ingressClassName: + type: string subroutes: type: array items: diff --git a/deployments/helm-chart/README.md b/deployments/helm-chart/README.md index c53ab31000..ae7f17b279 100644 --- a/deployments/helm-chart/README.md +++ b/deployments/helm-chart/README.md @@ -142,8 +142,8 @@ Parameter | Description | Default `controller.volumeMounts` | The volumeMounts of the Ingress controller pods. | [] `controller.resources` | The resources of the Ingress controller pods. | {} `controller.replicaCount` | The number of replicas of the Ingress controller deployment. | 1 -`controller.ingressClass` | A class of the Ingress controller. The Ingress controller only processes Ingress resources that belong to its class - i.e. have the annotation `"kubernetes.io/ingress.class"` equal to the class. Additionally, the Ingress controller processes Ingress resources that do not have that annotation which can be disabled by setting the "-use-ingress-class-only" flag. | nginx -`controller.useIngressClassOnly` | Ignore Ingress resources without the `"kubernetes.io/ingress.class"` annotation. | false +`controller.ingressClass` | A class of the Ingress controller. The Ingress controller only processes Ingress resources that belong to its class - i.e. have the annotation `"kubernetes.io/ingress.class"` or the `"ingressClassName"` field in VirtualServer/VirtualServerRoute equal to the class. Additionally, the Ingress controller processes Ingress resources that do not have that annotation which can be disabled by setting the "-use-ingress-class-only" flag. | nginx +`controller.useIngressClassOnly` | Ignore Ingress resources without the `"kubernetes.io/ingress.class"` annotation or the `"ingressClassName"` field in VirtualServer/VirtualServerRoute. | false `controller.watchNamespace` | Namespace to watch for Ingress resources. By default the Ingress controller watches all namespaces. | "" `controller.enableCustomResources` | Enable the custom resources. | true `controller.enableTLSPassthrough` | Enable TLS Passthrough on port 443. Requires `controller.enableCustomResources`. | false diff --git a/deployments/helm-chart/templates/controller-vs-definition.yaml b/deployments/helm-chart/templates/controller-vs-definition.yaml index 8936296b76..de041cad3e 100644 --- a/deployments/helm-chart/templates/controller-vs-definition.yaml +++ b/deployments/helm-chart/templates/controller-vs-definition.yaml @@ -60,6 +60,8 @@ spec: description: VirtualServerSpec is the spec of the VirtualServer resource. type: object properties: + ingressClassName: + type: string host: type: string routes: diff --git a/deployments/helm-chart/templates/controller-vsr-definition.yaml b/deployments/helm-chart/templates/controller-vsr-definition.yaml index 3da6d71648..2de1e3c4c2 100644 --- a/deployments/helm-chart/templates/controller-vsr-definition.yaml +++ b/deployments/helm-chart/templates/controller-vsr-definition.yaml @@ -58,6 +58,8 @@ spec: spec: type: object properties: + ingressClassName: + type: string host: type: string subroutes: diff --git a/deployments/helm-chart/values.yaml b/deployments/helm-chart/values.yaml index 15b16e5a68..d87f435485 100644 --- a/deployments/helm-chart/values.yaml +++ b/deployments/helm-chart/values.yaml @@ -105,11 +105,11 @@ controller: replicaCount: 1 ## A class of the Ingress controller. The Ingress controller only processes Ingress resources that belong to its class - ## i.e. have the annotation "kubernetes.io/ingress.class" equal to the class. + ## i.e. have the annotation "kubernetes.io/ingress.class" or the "ingressClassName" field in VirtualServer/VirtualServerRoute equal to the class. ## Additionally, the Ingress controller processes Ingress resources that do not have that annotation which can be disabled by setting the "-use-ingress-class-only" flag. ingressClass: nginx - ## Ignore Ingress resources without the "kubernetes.io/ingress.class" annotation. + ## Ignore Ingress resources without the "kubernetes.io/ingress.class" annotation or the "ingressClassName" field in VirtualServer/VirtualServerRoute. useIngressClassOnly: false ## Namespace to watch for Ingress resources. By default the Ingress controller watches all namespaces. diff --git a/docs-web/configuration/global-configuration/command-line-arguments.md b/docs-web/configuration/global-configuration/command-line-arguments.md index 6c244e105d..7b9b688c91 100644 --- a/docs-web/configuration/global-configuration/command-line-arguments.md +++ b/docs-web/configuration/global-configuration/command-line-arguments.md @@ -62,7 +62,7 @@ Below we describe the available command-line arguments: .. option:: -ingress-class - A class of the Ingress controller. The Ingress controller only processes Ingress resources that belong to its class (in other words, have the annotation "kubernetes.io/ingress.class"). + A class of the Ingress controller. The Ingress controller only processes Ingress resources that belong to its class (i.e. have the annotation "kubernetes.io/ingress.class" or the "ingressClassName" field in VirtualServer/VirtualServerRoute"). Additionally, the Ingress controller processes Ingress resources that do not have that annotation, which can be disabled by setting the :option:`-use-ingress-class-only` flag (default "nginx"). .. option:: -ingress-template-path @@ -132,7 +132,7 @@ Below we describe the available command-line arguments: .. option:: -use-ingress-class-only - Ignore Ingress resources without the "kubernetes.io/ingress.class" annotation. + Ignore Ingress resources without the "kubernetes.io/ingress.class" annotation or the "ingressClassName" field in VirtualServer/VirtualServerRoute. .. option:: -v diff --git a/docs-web/configuration/virtualserver-and-virtualserverroute-resources.md b/docs-web/configuration/virtualserver-and-virtualserverroute-resources.md index 385c4ffb91..c8d1d15727 100644 --- a/docs-web/configuration/virtualserver-and-virtualserverroute-resources.md +++ b/docs-web/configuration/virtualserver-and-virtualserverroute-resources.md @@ -95,6 +95,10 @@ spec: - A list of routes. - `[]route <#virtualserver-route>`_ - No + * - ``ingressClassName`` + - Specifies which Ingress controller must handle the VirtualServer resource. + - ``string`` + - No ``` ### VirtualServer.TLS @@ -273,6 +277,10 @@ Note that each subroute must have a `path` that starts with the same prefix (her - A list of subroutes. - `[]subroute <#virtualserverroute-subroute>`_ - No + * - ``ingressClassName`` + - Specifies which Ingress controller must handle the VirtualServerRoute resource. Must be the same as the ``ingressClassName`` of the VirtualServer that references this resource. + - ``string``_ + - No ``` ### VirtualServerRoute.Subroute diff --git a/docs-web/installation/installation-with-helm.md b/docs-web/installation/installation-with-helm.md index f0cbf6d6d9..154f9672a8 100644 --- a/docs-web/installation/installation-with-helm.md +++ b/docs-web/installation/installation-with-helm.md @@ -197,10 +197,10 @@ The following tables lists the configurable parameters of the NGINX Ingress cont - The number of replicas of the Ingress controller deployment. - 1 * - ``controller.ingressClass`` - - A class of the Ingress controller. The Ingress controller only processes Ingress resources that belong to its class - i.e. have the annotation ``"kubernetes.io/ingress.class"`` equal to the class. Additionally, the Ingress controller processes Ingress resources that do not have that annotation which can be disabled by setting the "-use-ingress-class-only" flag. + - A class of the Ingress controller. The Ingress controller only processes Ingress resources that belong to its class - i.e. have the annotation ``"kubernetes.io/ingress.class"`` or the ``"ingressClassName"`` field in VirtualServer/VirtualServerRoute equal to the class. Additionally, the Ingress controller processes Ingress resources that do not have that annotation which can be disabled by setting the "-use-ingress-class-only" flag. - nginx * - ``controller.useIngressClassOnly`` - - Ignore Ingress resources without the ``"kubernetes.io/ingress.class"`` annotation. + - Ignore Ingress resources without the ``"kubernetes.io/ingress.class"`` annotation or the ``"ingressClassName"`` field in VirtualServer/VirtualServerRoute. - false * - ``controller.watchNamespace`` - Namespace to watch for Ingress resources. By default the Ingress controller watches all namespaces. diff --git a/docs-web/installation/running-multiple-ingress-controllers.md b/docs-web/installation/running-multiple-ingress-controllers.md index 4fe99dacaf..f6a84c3329 100644 --- a/docs-web/installation/running-multiple-ingress-controllers.md +++ b/docs-web/installation/running-multiple-ingress-controllers.md @@ -5,37 +5,39 @@ This document explains the following topics: * How to run NGINX Ingress Controller in the same cluster with another Ingress Controller, such as an Ingress Controller for a cloud HTTP load balancer, and prevent any conflicts between the Ingress Controllers. * How to run multiple NGINX Ingress Controllers. +**Note**: In this document we refer to Ingress, VirtualServer and VirtualServerRoute resources as configuration resources. + ## Ingress Class The smooth coexistence of multiple Ingress Controllers in one cluster is provided by the Ingress class concept, which mandates the following: * Every Ingress Controller must only handle Ingress resources for its particular class. * Ingress resources should be annotated with the `kubernetes.io/ingress.class` annotation set to the value, which corresponds to the class of the Ingress Controller the user wants to use. +* VirtualServer and VirtualServerRoute resources should have the `ingressClassName` field set to the value, which corresponds to the class of the Ingress Controller the user wants to use. ### Configuring Ingress Class -The default Ingress class of NGINX Ingress Controller is `nginx`, which means that it only handles Ingress resources with the `kubernetes.io/ingress.class` annotation set to `nginx`. You can customize the class through the `-ingress-class` command-line argument. +The default Ingress class of NGINX Ingress Controller is `nginx`, which means that it only handles configuration resources with the `class` set to `nginx`. You can customize the class through the `-ingress-class` command-line argument. -**Note**: By default, if the `kubernetes.io/ingress.class` annotation is not set in an Ingress resource, the Ingress Controller will handle the resource. This is controlled via the `-use-ingress-class-only` argument. +**Note**: By default, if the `class` is not set in a configuration resource, the Ingress Controller will handle the resource. This is controlled via the `-use-ingress-class-only` argument. ## Running NGINX Ingress Controller and Another Ingress Controller It is possible to run NGINX Ingress Controller and an Ingress Controller for another load balancer in the same cluster. This is often the case if you create your cluster through a cloud provider managed Kubernetes service that by default might include the Ingress Controller for the HTTP load balancer of the cloud provider, and you want to use NGINX Ingress Controller. -To make sure that NGINX Ingress Controller handles particular Ingress resources, annotate those Ingress resources with the `kubernetes.io/ingress.class` set to `nginx` or the value that you configured. +To make sure that NGINX Ingress Controller handles particular configuration resources, update those resources with the `class` set to `nginx` or the value that you configured. ## Running Multiple NGINX Ingress Controllers -When running NGINX Ingress Controller, you have the following options with regards to which Ingress resources it handles: -* **Cluster-wide Ingress Controller (default)**. The Ingress Controller handles Ingress resources created in any namespace of the cluster. As NGINX is a high-performance load balancer capable of serving many applications at the same time, this option is used by default in our installation manifests and Helm chart. -* **Single-namespace Ingress Controller**. You can configure the Ingress Controller to handle Ingress resources only from a particular namespace, which is controlled through the `-watch-namespace` command-line argument. This can be useful if you want to use different NGINX Ingress Controllers for different applications, both in terms of isolation and/or operation. -* **Ingress Controller for Specific Ingress Class**. This option works in conjunction with either of the options above. You can further customize which Ingress resources are handled by the Ingress Controller by configuring the class of the Ingress Controller and using that class in your Ingress resources. See the section [Configuring Ingress Class](#configuring-ingress-class). +When running NGINX Ingress Controller, you have the following options with regards to which configuration resources it handles: +* **Cluster-wide Ingress Controller (default)**. The Ingress Controller handles configuration resources created in any namespace of the cluster. As NGINX is a high-performance load balancer capable of serving many applications at the same time, this option is used by default in our installation manifests and Helm chart. +* **Single-namespace Ingress Controller**. You can configure the Ingress Controller to handle configuration resources only from a particular namespace, which is controlled through the `-watch-namespace` command-line argument. This can be useful if you want to use different NGINX Ingress Controllers for different applications, both in terms of isolation and/or operation. +* **Ingress Controller for Specific Ingress Class**. This option works in conjunction with either of the options above. You can further customize which configuration resources are handled by the Ingress Controller by configuring the class of the Ingress Controller and using that class in your configuration resources. See the section [Configuring Ingress Class](#configuring-ingress-class). -Considering the options above, you can run multiple NGINX Ingress Controllers, each handling a different set of Ingress resources. +Considering the options above, you can run multiple NGINX Ingress Controllers, each handling a different set of configuration resources. ## See Also * [Command-line arguments](/nginx-ingress-controller/configuration/global-configuration/command-line-arguments) **Note**: all mentioned command-line arguments are also available as the parameters in the [Helm chart](/nginx-ingress-controller/installation/installation-with-helm). - diff --git a/internal/k8s/controller.go b/internal/k8s/controller.go index 37ec540303..ccea911bb1 100644 --- a/internal/k8s/controller.go +++ b/internal/k8s/controller.go @@ -442,7 +442,7 @@ func (lbc *LoadBalancerController) syncEndpoint(task task) { var mergableIngressesSlice []*configs.MergeableIngresses for i := range ings { - if !lbc.IsNginxIngress(&ings[i]) { + if !lbc.HasCorrectIngressClass(&ings[i]) { continue } if isMinion(&ings[i]) { @@ -647,7 +647,7 @@ func (lbc *LoadBalancerController) GetManagedIngresses() ([]extensions.Ingress, ings, _ := lbc.ingressLister.List() for i := range ings.Items { ing := ings.Items[i] - if !lbc.IsNginxIngress(&ing) { + if !lbc.HasCorrectIngressClass(&ing) { continue } if isMinion(&ing) { @@ -1418,6 +1418,11 @@ func (lbc *LoadBalancerController) updateVirtualServersStatusFromEvents() error for _, obj := range lbc.virtualServerLister.List() { vs := obj.(*conf_v1.VirtualServer) + if !lbc.HasCorrectIngressClass(vs) { + glog.V(3).Infof("Ignoring VirtualServer %v based on class %v", vs.Name, vs.Spec.IngressClass) + continue + } + events, err := lbc.client.CoreV1().Events(vs.Namespace).List(context.TODO(), meta_v1.ListOptions{FieldSelector: fmt.Sprintf("involvedObject.name=%v,involvedObject.uid=%v", vs.Name, vs.UID)}) if err != nil { @@ -1450,6 +1455,11 @@ func (lbc *LoadBalancerController) updateVirtualServerRoutesStatusFromEvents() e for _, obj := range lbc.virtualServerRouteLister.List() { vsr := obj.(*conf_v1.VirtualServerRoute) + if !lbc.HasCorrectIngressClass(vsr) { + glog.V(3).Infof("Ignoring VirtualServerRoute %v based on class %v", vsr.Name, vsr.Spec.IngressClass) + continue + } + events, err := lbc.client.CoreV1().Events(vsr.Namespace).List(context.TODO(), meta_v1.ListOptions{FieldSelector: fmt.Sprintf("involvedObject.name=%v,involvedObject.uid=%v", vsr.Name, vsr.UID)}) if err != nil { @@ -1541,7 +1551,7 @@ items: continue } - if !lbc.IsNginxIngress(&ing) { + if !lbc.HasCorrectIngressClass(&ing) { continue } @@ -1593,7 +1603,7 @@ items: func (lbc *LoadBalancerController) EnqueueIngressForService(svc *api_v1.Service) { ings := lbc.getIngressesForService(svc) for _, ing := range ings { - if !lbc.IsNginxIngress(&ing) { + if !lbc.HasCorrectIngressClass(&ing) { continue } if isMinion(&ing) { @@ -1821,6 +1831,11 @@ func (lbc *LoadBalancerController) getVirtualServers() []*conf_v1.VirtualServer for _, obj := range lbc.virtualServerLister.List() { vs := obj.(*conf_v1.VirtualServer) + if !lbc.HasCorrectIngressClass(vs) { + glog.V(3).Infof("Ignoring VirtualServer %v based on class %v", vs.Name, vs.Spec.IngressClass) + continue + } + err := validation.ValidateVirtualServer(vs, lbc.isNginxPlus) if err != nil { glog.V(3).Infof("Skipping invalid VirtualServer %s/%s: %v", vs.Namespace, vs.Name, err) @@ -1839,6 +1854,11 @@ func (lbc *LoadBalancerController) getVirtualServerRoutes() []*conf_v1.VirtualSe for _, obj := range lbc.virtualServerRouteLister.List() { vsr := obj.(*conf_v1.VirtualServerRoute) + if !lbc.HasCorrectIngressClass(vsr) { + glog.V(3).Infof("Ignoring VirtualServerRoute %v based on class %v", vsr.Name, vsr.Spec.IngressClass) + continue + } + err := validation.ValidateVirtualServerRoute(vsr, lbc.isNginxPlus) if err != nil { glog.V(3).Infof("Skipping invalid VirtualServerRoute %s/%s: %v", vsr.Namespace, vsr.Name, err) @@ -2135,6 +2155,12 @@ func (lbc *LoadBalancerController) createVirtualServer(virtualServer *conf_v1.Vi vsr := obj.(*conf_v1.VirtualServerRoute) + if !lbc.HasCorrectIngressClass(vsr) { + glog.Warningf("Ignoring VirtualServerRoute %v based on class %v", vsr.Name, vsr.Spec.IngressClass) + virtualServerRouteErrors = append(virtualServerRouteErrors, newVirtualServerRouteErrorFromVSR(vsr, errors.New("VirtualServerRoute with incorrect class name"))) + continue + } + err = validation.ValidateVirtualServerRouteForVirtualServer(vsr, virtualServer.Spec.Host, r.Path, lbc.isNginxPlus) if err != nil { glog.Warningf("VirtualServer %s/%s references invalid VirtualServerRoute %s: %v", virtualServer.Name, virtualServer.Namespace, vsrKey, err) @@ -2452,16 +2478,27 @@ func (lbc *LoadBalancerController) getServiceForIngressBackend(backend *extensio return nil, fmt.Errorf("service %s doesn't exist", svcKey) } -// IsNginxIngress checks if resource ingress class annotation (if exists) is matching with ingress controller class -// If annotation is absent and use-ingress-class-only enabled - ingress resource would ignore -func (lbc *LoadBalancerController) IsNginxIngress(ing *extensions.Ingress) bool { - if class, exists := ing.Annotations[ingressClassKey]; exists { - if lbc.useIngressClassOnly { - return class == lbc.ingressClass - } - return class == lbc.ingressClass || class == "" +// HasCorrectIngressClass checks if resource ingress class annotation (if exists) or ingressClass string for VS/VSR is matching with ingress controller class +func (lbc *LoadBalancerController) HasCorrectIngressClass(obj interface{}) bool { + var class string + switch obj.(type) { + case *conf_v1.VirtualServer: + vs := obj.(*conf_v1.VirtualServer) + class = vs.Spec.IngressClass + case *conf_v1.VirtualServerRoute: + vsr := obj.(*conf_v1.VirtualServerRoute) + class = vsr.Spec.IngressClass + case *extensions.Ingress: + ing := obj.(*extensions.Ingress) + class = ing.Annotations[ingressClassKey] + default: + return false + } + + if lbc.useIngressClassOnly { + return class == lbc.ingressClass } - return !lbc.useIngressClassOnly + return class == lbc.ingressClass || class == "" } // isHealthCheckEnabled checks if health checks are enabled so we can only query pods if enabled. @@ -2508,7 +2545,7 @@ func (lbc *LoadBalancerController) getMinionsForMaster(master *configs.IngressEx var minionPaths = make(map[string]*extensions.Ingress) for i := range ings.Items { - if !lbc.IsNginxIngress(&ings.Items[i]) { + if !lbc.HasCorrectIngressClass(&ings.Items[i]) { continue } if !isMinion(&ings.Items[i]) { @@ -2562,7 +2599,7 @@ func (lbc *LoadBalancerController) FindMasterForMinion(minion *extensions.Ingres } for i := range ings.Items { - if !lbc.IsNginxIngress(&ings.Items[i]) { + if !lbc.HasCorrectIngressClass(&ings.Items[i]) { continue } if !lbc.configurator.HasIngress(&ings.Items[i]) { diff --git a/internal/k8s/controller_test.go b/internal/k8s/controller_test.go index 2ab77609dc..624ab568a1 100644 --- a/internal/k8s/controller_test.go +++ b/internal/k8s/controller_test.go @@ -23,7 +23,7 @@ import ( "k8s.io/client-go/tools/cache" ) -func TestIsNginxIngress(t *testing.T) { +func TestHasCorrectIngressClass(t *testing.T) { ingressClass := "ing-ctrl" var testsWithoutIngressClassOnly = []struct { @@ -145,29 +145,135 @@ func TestIsNginxIngress(t *testing.T) { } for _, test := range testsWithoutIngressClassOnly { - if result := test.lbc.IsNginxIngress(test.ing); result != test.expected { + if result := test.lbc.HasCorrectIngressClass(test.ing); result != test.expected { classAnnotation := "N/A" if class, exists := test.ing.Annotations[ingressClassKey]; exists { classAnnotation = class } - t.Errorf("lbc.IsNginxIngress(ing), lbc.ingressClass=%v, lbc.useIngressClassOnly=%v, ing.Annotations['%v']=%v; got %v, expected %v", + t.Errorf("lbc.HasCorrectIngressClass(ing), lbc.ingressClass=%v, lbc.useIngressClassOnly=%v, ing.Annotations['%v']=%v; got %v, expected %v", test.lbc.ingressClass, test.lbc.useIngressClassOnly, ingressClassKey, classAnnotation, result, test.expected) } } for _, test := range testsWithIngressClassOnly { - if result := test.lbc.IsNginxIngress(test.ing); result != test.expected { + if result := test.lbc.HasCorrectIngressClass(test.ing); result != test.expected { classAnnotation := "N/A" if class, exists := test.ing.Annotations[ingressClassKey]; exists { classAnnotation = class } - t.Errorf("lbc.IsNginxIngress(ing), lbc.ingressClass=%v, lbc.useIngressClassOnly=%v, ing.Annotations['%v']=%v; got %v, expected %v", + t.Errorf("lbc.HasCorrectIngressClass(ing), lbc.ingressClass=%v, lbc.useIngressClassOnly=%v, ing.Annotations['%v']=%v; got %v, expected %v", test.lbc.ingressClass, test.lbc.useIngressClassOnly, ingressClassKey, classAnnotation, result, test.expected) } } } +func TestHasCorrectIngressClassVS(t *testing.T) { + ingressClass := "ing-ctrl" + lbcIngOnlyTrue := &LoadBalancerController{ + ingressClass: ingressClass, + useIngressClassOnly: true, + metricsCollector: collectors.NewControllerFakeCollector(), + } + + var testsWithIngressClassOnlyVS = []struct { + lbc *LoadBalancerController + ing *conf_v1.VirtualServer + expected bool + }{ + { + lbcIngOnlyTrue, + &conf_v1.VirtualServer{ + Spec: conf_v1.VirtualServerSpec{ + IngressClass: "", + }, + }, + false, + }, + { + lbcIngOnlyTrue, + &conf_v1.VirtualServer{ + Spec: conf_v1.VirtualServerSpec{ + IngressClass: "gce", + }, + }, + false, + }, + { + lbcIngOnlyTrue, + &conf_v1.VirtualServer{ + Spec: conf_v1.VirtualServerSpec{ + IngressClass: ingressClass, + }, + }, + true, + }, + { + lbcIngOnlyTrue, + &conf_v1.VirtualServer{}, + false, + }, + } + + lbcIngOnlyFalse := &LoadBalancerController{ + ingressClass: ingressClass, + useIngressClassOnly: false, + metricsCollector: collectors.NewControllerFakeCollector(), + } + var testsWithoutIngressClassOnlyVS = []struct { + lbc *LoadBalancerController + ing *conf_v1.VirtualServer + expected bool + }{ + { + lbcIngOnlyFalse, + &conf_v1.VirtualServer{ + Spec: conf_v1.VirtualServerSpec{ + IngressClass: "", + }, + }, + true, + }, + { + lbcIngOnlyFalse, + &conf_v1.VirtualServer{ + Spec: conf_v1.VirtualServerSpec{ + IngressClass: "gce", + }, + }, + false, + }, + { + lbcIngOnlyFalse, + &conf_v1.VirtualServer{ + Spec: conf_v1.VirtualServerSpec{ + IngressClass: ingressClass, + }, + }, + true, + }, + { + lbcIngOnlyFalse, + &conf_v1.VirtualServer{}, + true, + }, + } + + for _, test := range testsWithIngressClassOnlyVS { + if result := test.lbc.HasCorrectIngressClass(test.ing); result != test.expected { + t.Errorf("lbc.HasCorrectIngressClass(ing), lbc.ingressClass=%v, lbc.useIngressClassOnly=%v, ingressClassKey=%v, ing.IngressClass=%v; got %v, expected %v", + test.lbc.ingressClass, test.lbc.useIngressClassOnly, ingressClassKey, test.ing.Spec.IngressClass, result, test.expected) + } + } + + for _, test := range testsWithoutIngressClassOnlyVS { + if result := test.lbc.HasCorrectIngressClass(test.ing); result != test.expected { + t.Errorf("lbc.HasCorrectIngressClass(ing), lbc.ingressClass=%v, lbc.useIngressClassOnly=%v, ingressClassKey=%v, ing.IngressClass=%v; got %v, expected %v", + test.lbc.ingressClass, test.lbc.useIngressClassOnly, ingressClassKey, test.ing.Spec.IngressClass, result, test.expected) + } + } +} + func TestCreateMergableIngresses(t *testing.T) { cafeMaster, coffeeMinion, teaMinion, lbc := getMergableDefaults() diff --git a/internal/k8s/handlers.go b/internal/k8s/handlers.go index 6b62d9f57f..d722583635 100644 --- a/internal/k8s/handlers.go +++ b/internal/k8s/handlers.go @@ -93,7 +93,7 @@ func createIngressHandlers(lbc *LoadBalancerController) cache.ResourceEventHandl return cache.ResourceEventHandlerFuncs{ AddFunc: func(obj interface{}) { ingress := obj.(*v1beta1.Ingress) - if !lbc.IsNginxIngress(ingress) { + if !lbc.HasCorrectIngressClass(ingress) { glog.Infof("Ignoring Ingress %v based on Annotation %v", ingress.Name, ingressClassKey) return } @@ -114,7 +114,7 @@ func createIngressHandlers(lbc *LoadBalancerController) cache.ResourceEventHandl return } } - if !lbc.IsNginxIngress(ingress) { + if !lbc.HasCorrectIngressClass(ingress) { return } if isMinion(ingress) { @@ -133,7 +133,7 @@ func createIngressHandlers(lbc *LoadBalancerController) cache.ResourceEventHandl UpdateFunc: func(old, current interface{}) { c := current.(*v1beta1.Ingress) o := old.(*v1beta1.Ingress) - if !lbc.IsNginxIngress(c) { + if !lbc.HasCorrectIngressClass(c) { return } if hasChanges(o, c) { @@ -316,6 +316,10 @@ func createVirtualServerHandlers(lbc *LoadBalancerController) cache.ResourceEven return cache.ResourceEventHandlerFuncs{ AddFunc: func(obj interface{}) { vs := obj.(*conf_v1.VirtualServer) + if !lbc.HasCorrectIngressClass(vs) { + glog.Infof("Ignoring VirtualServer %v based on class %v", vs.Name, vs.Spec.IngressClass) + return + } glog.V(3).Infof("Adding VirtualServer: %v", vs.Name) lbc.AddSyncQueue(vs) }, @@ -333,12 +337,20 @@ func createVirtualServerHandlers(lbc *LoadBalancerController) cache.ResourceEven return } } + if !lbc.HasCorrectIngressClass(vs) { + glog.Infof("Ignoring VirtualServer %v based on class %v", vs.Name, vs.Spec.IngressClass) + return + } glog.V(3).Infof("Removing VirtualServer: %v", vs.Name) lbc.AddSyncQueue(vs) }, UpdateFunc: func(old, cur interface{}) { curVs := cur.(*conf_v1.VirtualServer) oldVs := old.(*conf_v1.VirtualServer) + if !lbc.HasCorrectIngressClass(curVs) { + glog.Infof("Ignoring VirtualServer %v based on class %v", curVs.Name, curVs.Spec.IngressClass) + return + } if !reflect.DeepEqual(oldVs.Spec, curVs.Spec) { glog.V(3).Infof("VirtualServer %v changed, syncing", curVs.Name) lbc.AddSyncQueue(curVs) @@ -351,6 +363,10 @@ func createVirtualServerRouteHandlers(lbc *LoadBalancerController) cache.Resourc return cache.ResourceEventHandlerFuncs{ AddFunc: func(obj interface{}) { vsr := obj.(*conf_v1.VirtualServerRoute) + if !lbc.HasCorrectIngressClass(vsr) { + glog.Infof("Ignoring VirtualServerRoute %v based on class %v", vsr.Name, vsr.Spec.IngressClass) + return + } glog.V(3).Infof("Adding VirtualServerRoute: %v", vsr.Name) lbc.AddSyncQueue(vsr) }, @@ -368,12 +384,20 @@ func createVirtualServerRouteHandlers(lbc *LoadBalancerController) cache.Resourc return } } + if !lbc.HasCorrectIngressClass(vsr) { + glog.Infof("Ignoring VirtualServerRoute %v based on class %v", vsr.Name, vsr.Spec.IngressClass) + return + } glog.V(3).Infof("Removing VirtualServerRoute: %v", vsr.Name) lbc.AddSyncQueue(vsr) }, UpdateFunc: func(old, cur interface{}) { curVsr := cur.(*conf_v1.VirtualServerRoute) oldVsr := old.(*conf_v1.VirtualServerRoute) + if !lbc.HasCorrectIngressClass(curVsr) { + glog.Infof("Ignoring VirtualServerRoute %v based on class %v", curVsr.Name, curVsr.Spec.IngressClass) + return + } if !reflect.DeepEqual(oldVsr.Spec, curVsr.Spec) { glog.V(3).Infof("VirtualServerRoute %v changed, syncing", curVsr.Name) lbc.AddSyncQueue(curVsr) diff --git a/pkg/apis/configuration/v1/types.go b/pkg/apis/configuration/v1/types.go index 9ee54e19fd..6ce20dbfbe 100644 --- a/pkg/apis/configuration/v1/types.go +++ b/pkg/apis/configuration/v1/types.go @@ -28,10 +28,11 @@ type VirtualServer struct { // VirtualServerSpec is the spec of the VirtualServer resource. type VirtualServerSpec struct { - Host string `json:"host"` - TLS *TLS `json:"tls"` - Upstreams []Upstream `json:"upstreams"` - Routes []Route `json:"routes"` + IngressClass string `json:"ingressClassName"` + Host string `json:"host"` + TLS *TLS `json:"tls"` + Upstreams []Upstream `json:"upstreams"` + Routes []Route `json:"routes"` } // Upstream defines an upstream. @@ -226,9 +227,10 @@ type VirtualServerRoute struct { } type VirtualServerRouteSpec struct { - Host string `json:"host"` - Upstreams []Upstream `json:"upstreams"` - Subroutes []Route `json:"subroutes"` + IngressClass string `json:"ingressClassName"` + Host string `json:"host"` + Upstreams []Upstream `json:"upstreams"` + Subroutes []Route `json:"subroutes"` } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object