DevFW-CICD/ingress-nginx-helm
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Do not validate ingresses with unknown ingress class in admission webhook endpoint. (#8221)

Browse source
This commit is contained in:
Elvin Efendi 2022-02-06 15:28:51 -05:00 committed by GitHub
parent d769ceaa5b
commit 04035cc1c2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 42 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
internal/ingress/controller/controller.go
View file

@ -233,6 +233,12 @@ func (n *NGINXController) CheckIngress(ing *networking.Ingress) error {
return nil return nil
} }
// Do not attempt to validate an ingress that's not meant to be controlled by the current instance of the controller.
if ingressClass, err := n.store.GetIngressClass(ing, n.cfg.IngressClassConfiguration); ingressClass == "" {
klog.Warningf("ignoring ingress %v in %v based on annotation %v: %v", ing.Name, ing.ObjectMeta.Namespace, ingressClass, err)
return nil
}
if n.cfg.Namespace != "" && ing.ObjectMeta.Namespace != n.cfg.Namespace { if n.cfg.Namespace != "" && ing.ObjectMeta.Namespace != n.cfg.Namespace {
klog.Warningf("ignoring ingress %v in namespace %v different from the namespace watched %s", ing.Name, ing.ObjectMeta.Namespace, n.cfg.Namespace) klog.Warningf("ignoring ingress %v in namespace %v different from the namespace watched %s", ing.Name, ing.ObjectMeta.Namespace, n.cfg.Namespace)
return nil return nil

4
internal/ingress/controller/controller_test.go
View file

@ -63,6 +63,10 @@ type fakeIngressStore struct {
configuration ngx_config.Configuration configuration ngx_config.Configuration
} }
func (fakeIngressStore) GetIngressClass(ing *networking.Ingress, icConfig *ingressclass.IngressClassConfiguration) (string, error) {
return "nginx", nil
}
func (fis fakeIngressStore) GetBackendConfiguration() ngx_config.Configuration { func (fis fakeIngressStore) GetBackendConfiguration() ngx_config.Configuration {
return fis.configuration return fis.configuration
} }

3
internal/ingress/controller/store/store.go
View file

@ -98,6 +98,9 @@ type Storer interface {
// Run initiates the synchronization of the controllers // Run initiates the synchronization of the controllers
Run(stopCh chan struct{}) Run(stopCh chan struct{})
// GetIngressClass validates given ingress against ingress class configuration and returns the ingress class.
GetIngressClass(ing *networkingv1.Ingress, icConfig *ingressclass.IngressClassConfiguration) (string, error)
} }
// EventType type of event associated with an informer // EventType type of event associated with an informer

29
test/e2e/admission/admission.go
View file

@ -191,6 +191,12 @@ var _ = framework.IngressNginxDescribe("[Serial] admission controller", func() {
assert.NotNil(ginkgo.GinkgoT(), err, "creating an ingress with invalid configuration should return an error") assert.NotNil(ginkgo.GinkgoT(), err, "creating an ingress with invalid configuration should return an error")
} }
}) })
ginkgo.It("should not return an error for an invalid Ingress when it has unknown class", func() {
out, err := createIngress(f.Namespace, invalidV1IngressWithOtherClass)
assert.Equal(ginkgo.GinkgoT(), "ingress.networking.k8s.io/extensions-invalid-other created\n", out)
assert.Nil(ginkgo.GinkgoT(), err, "creating an invalid ingress with unknown class using kubectl")
})
}) })
func uninstallChart(f *framework.Framework) error { func uninstallChart(f *framework.Framework) error {
@ -270,6 +276,29 @@ spec:
port: port:
number: 80 number: 80
--- ---
`
invalidV1IngressWithOtherClass = `
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: extensions-invalid-other
annotations:
nginx.ingress.kubernetes.io/configuration-snippet: |
invalid directive
spec:
ingressClassName: nginx-other
rules:
- host: extensions-invalid
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: echo
port:
number: 80
---
` `
) )