Proposal/Feature add flag --skip-empty-annotation to honor only annotated resources. #664
Conversation
|
|
|
We are discussing this internally if this should be added or not. This is something that has been asked for quite a bit. We need to figure out what would be a good default value and what would be the recommendation going forward, especially with Ingress V1 in Kubernetes 1.18 which changes how class should be interpreted. We will look into this post 0.9 release which is scheduled for next week. |
|
Thank you @hbagdi ! |
docs/concepts/deployment.md
Outdated
| @@ -264,6 +264,7 @@ There are a few different ways of accomplishing this: | |||
| where any ingress resource that is not annotated is picked up. | |||
| Therefore with different ingress class then `kong`, you have to use that | |||
| ingress class with every Kong CRD object (plugin, consumer) which you use. | |||
| You can force the honoring of only `kong` ingress class using the flag `--skip-empty-annotation=true`. | |||
There was a problem hiding this comment.
Please remove the doc update from this PR. We will do doc updates later.
go.mod
Outdated
| @@ -26,7 +26,9 @@ require ( | |||
| github.com/tidwall/gjson v1.2.1 | |||
| github.com/tidwall/match v1.0.1 // indirect | |||
| github.com/tidwall/pretty v0.0.0-20190325153808-1166b9ac2b65 // indirect | |||
| golang.org/x/lint v0.0.0-20200302205851-738671d3881b // indirect | |||
There was a problem hiding this comment.
These dependencies shouldn't be added. Please clean go.mod and go.sum files.
| @@ -46,15 +46,15 @@ const ( | |||
| DefaultIngressClass = "kong" | |||
| ) | |||
|
|
|||
| func validIngress(ingressAnnotationValue, ingressClass string) bool { | |||
| func validIngress(ingressAnnotationValue, ingressClass string, skipEmptyAnnotation bool) bool { | |||
There was a problem hiding this comment.
Can you rename the variable to skipClasslessIngress?
Ingress class is a formalized concept in Ingress v1 and we would like to reuse parts of this PR for that as well.
cli/ingress-controller/flags.go
Outdated
| @@ -158,6 +159,8 @@ Kong's Admin SSL certificate.`) | |||
| // Resource filtering | |||
| flags.String("watch-namespace", apiv1.NamespaceAll, | |||
| `Namespace to watch for Ingress. Default is to watch all namespaces`) | |||
| flags.Bool("skip-empty-annotation", false, | |||
There was a problem hiding this comment.
Please rename this flag to skip-classless-ingress-v1beta1.
We plan to introduce another flag to control this behavior for Ingress v1 as well.
cli/ingress-controller/flags.go
Outdated
| IngressClass string | ||
| ElectionID string | ||
| WatchNamespace string | ||
| SkipEmptyAnnotation bool |
There was a problem hiding this comment.
Please rename this field to SkipClasslessIngressV1beta1. Please rename other fields accordingly.
| // we have 2 valid combinations | ||
| // 1 - ingress with default class | blank annotation on ingress | ||
| // 2 - ingress with specific class | same annotation on ingress | ||
| // | ||
| // and 2 invalid combinations | ||
| // 3 - ingress with default class | fixed annotation on ingress | ||
| // 4 - ingress with specific class | different annotation on ingress | ||
| if ingressAnnotationValue == "" && ingressClass == DefaultIngressClass { | ||
| if ingressAnnotationValue == "" && !skipEmptyAnnotation && ingressClass == DefaultIngressClass { |
There was a problem hiding this comment.
Can you please update the code comments according to this change?
This is a tricky logic and we should document it for future-selves.
| controller string | ||
| isValid bool | ||
| ingress string | ||
| forceIngress bool |
There was a problem hiding this comment.
Please rename forceIngress to something meaningful.
How about SkipClasslessIngress?
| {"custom", false, "custom", true}, | ||
| {"", false, "killer", false}, | ||
| {"custom", false, "kong", false}, | ||
| {"custom", true, "kong", false}, |
There was a problem hiding this comment.
Can we add {"", true, "custom", false}?
internal/ingress/store/store.go
Outdated
| @@ -102,11 +104,12 @@ type CacheStores struct { | |||
| } | |||
|
|
|||
| // New creates a new object store to be used in the ingress controller | |||
| func New(cs CacheStores, ingressClass string) Storer { | |||
| func New(cs CacheStores, ingressClass string, skipEmptyAnnotation bool) Storer { | |||
There was a problem hiding this comment.
This needs to be refactored away but let's keep that out of scope for this PR.
|
Also, please rebase on latest |
|
Hi @hbagdi , i will make the requested changes as soon as possible, thank you for the feedback! |
…o/ingress.class: 'kong' annotation.
nutellinoit
force-pushed
the
feature/force-ingress-class
branch
from
296673c
to
8e5a39b
Compare
…/skip-empty-annotation/skip-classless-ingress-v1beta1/g, s/skipEmptyAnnotation/skipClasslessIngress/g, s/forceIngress/skipClasslessIngress/g, go fmt, added one more test
|
Hi @hbagdi , i did all the requested changes! |
internal/ingress/store/fake_store.go
Outdated
| @@ -140,7 +140,7 @@ func NewFakeStore( | |||
|
|
|||
| KnativeIngress: knativeIngressStore, | |||
| }, | |||
| isValidIngresClass: annotations.IngressClassValidatorFuncFromObjectMeta("kong"), | |||
| isValidIngresClass: annotations.IngressClassValidatorFuncFromObjectMeta("kong", false), | |||
There was a problem hiding this comment.
Can you make this configurable and tweak NewFakeStore to pass this in?
|
Friendly ping on an update on this. |
I will look into it this week! Thanks for the ping |
|
Hi @hbagdi , i did the requested changes! |
|
Thank you for your contribution. Please fill out the following form to claim your contributor swag: |
What this PR does / why we need it:
This PR addresses the need to limit kong ingress controller on only the annotated resources. Mainly when using multiple ingress controller in a Kubernetes cluster.
Special notes for your reviewer:
I added only a flag on the ingress controller
--skip-empty-annotationthat when set totrueskips the evaluation of all non annotated resources.I tried the setup on minikube with some ingresses and kong CRDs and everything is working. Also
make test-allis passing and I added some new test case oninternal/ingress/annotations/annotations_test.gotest suite.Thank you!