DevFW-CICD/ingress-nginx-helm
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #599 from aledbf/force-isolation

Browse source 
Add flag to force namespace isolation
This commit is contained in:
Manuel Alejandro de Brito Fontes 2017-04-15 11:42:46 -03:00 committed by GitHub
commit 0f9f082959
2 changed files with 30 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
core/pkg/ingress/controller/controller.go
View file

@ -119,6 +119,9 @@ type Configuration struct {
IngressClass string IngressClass string
Namespace string Namespace string
ConfigMapName string ConfigMapName string
ForceNamespaceIsolation bool
// optional // optional
TCPConfigMapName string TCPConfigMapName string
// optional // optional
@ -246,6 +249,11 @@ func newIngressController(config *Configuration) *GenericController {
}, },
} }
watchNs := api.NamespaceAll
if ic.cfg.ForceNamespaceIsolation && ic.cfg.Namespace != api.NamespaceAll {
watchNs = ic.cfg.Namespace
}
ic.ingLister.Store, ic.ingController = cache.NewInformer( ic.ingLister.Store, ic.ingController = cache.NewInformer(
cache.NewListWatchFromClient(ic.cfg.Client.Extensions().RESTClient(), "ingresses", ic.cfg.Namespace, fields.Everything()), cache.NewListWatchFromClient(ic.cfg.Client.Extensions().RESTClient(), "ingresses", ic.cfg.Namespace, fields.Everything()),
&extensions.Ingress{}, ic.cfg.ResyncPeriod, ingEventHandler) &extensions.Ingress{}, ic.cfg.ResyncPeriod, ingEventHandler)
@ -255,11 +263,11 @@ func newIngressController(config *Configuration) *GenericController {
&api.Endpoints{}, ic.cfg.ResyncPeriod, eventHandler) &api.Endpoints{}, ic.cfg.ResyncPeriod, eventHandler)
ic.secrLister.Store, ic.secrController = cache.NewInformer( ic.secrLister.Store, ic.secrController = cache.NewInformer(
cache.NewListWatchFromClient(ic.cfg.Client.Core().RESTClient(), "secrets", api.NamespaceAll, fields.Everything()), cache.NewListWatchFromClient(ic.cfg.Client.Core().RESTClient(), "secrets", watchNs, fields.Everything()),
&api.Secret{}, ic.cfg.ResyncPeriod, secrEventHandler) &api.Secret{}, ic.cfg.ResyncPeriod, secrEventHandler)
ic.mapLister.Store, ic.mapController = cache.NewInformer( ic.mapLister.Store, ic.mapController = cache.NewInformer(
cache.NewListWatchFromClient(ic.cfg.Client.Core().RESTClient(), "configmaps", api.NamespaceAll, fields.Everything()), cache.NewListWatchFromClient(ic.cfg.Client.Core().RESTClient(), "configmaps", watchNs, fields.Everything()),
&api.ConfigMap{}, ic.cfg.ResyncPeriod, mapEventHandler) &api.ConfigMap{}, ic.cfg.ResyncPeriod, mapEventHandler)
ic.svcLister.Store, ic.svcController = cache.NewInformer( ic.svcLister.Store, ic.svcController = cache.NewInformer(

5
core/pkg/ingress/controller/launch.go
View file

@ -85,6 +85,10 @@ func NewIngressController(backend ingress.Controller) *GenericController {
ingress controller should update the Ingress status IP/hostname. Default is true`) ingress controller should update the Ingress status IP/hostname. Default is true`)
electionID = flags.String("election-id", "ingress-controller-leader", `Election id to use for status update.`) electionID = flags.String("election-id", "ingress-controller-leader", `Election id to use for status update.`)
forceIsolation = flags.Bool("force-namespace-isolation", false,
`Force namespace isolation. This flag is required to avoid the reference of secrets or
configmaps located in a different namespace than the specified in the flag --watch-namespace.`)
) )
flags.AddGoFlagSet(flag.CommandLine) flags.AddGoFlagSet(flag.CommandLine)
@ -159,6 +163,7 @@ func NewIngressController(backend ingress.Controller) *GenericController {
DefaultHealthzURL: *defHealthzURL, DefaultHealthzURL: *defHealthzURL,
PublishService: *publishSvc, PublishService: *publishSvc,
Backend: backend, Backend: backend,
ForceNamespaceIsolation: *forceIsolation,
} }
ic := newIngressController(config) ic := newIngressController(config)