From 61343bbc919327ffdb7fda594d521de9ab6a70f5 Mon Sep 17 00:00:00 2001 From: Gong Yongjie Date: Sat, 6 Apr 2024 02:06:44 -0400 Subject: [PATCH] Support namespaced ingressClass without accessing the IngresClass object and using the annotation. suggestions: IngressController needn't cluster level permission to access the IngressClass for namespaced Ingress consumer drop annotation "kubernetes.io/ingress.class" from ingress Consumer set the ingressClassName by ingress.Spec.IngressClassName IngressController accept the incoming ingress object when a) IngressController has permission to IngressClass, keep the current implementation. b) IngressController dont' have permission to access the IngressClass but ingress.Spec.IngressClassName is equals to the ingress class name specified by CLI parameter "--ingress-class" --- internal/ingress/controller/store/store.go | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/internal/ingress/controller/store/store.go b/internal/ingress/controller/store/store.go index 284f53209..84519e22f 100644 --- a/internal/ingress/controller/store/store.go +++ b/internal/ingress/controller/store/store.go @@ -1049,12 +1049,16 @@ func (s *k8sStore) GetService(key string) (*corev1.Service, error) { func (s *k8sStore) GetIngressClass(ing *networkingv1.Ingress, icConfig *ingressclass.Configuration) (string, error) { // First we try ingressClassName - if !icConfig.IgnoreIngressClass && ing.Spec.IngressClassName != nil { - iclass, err := s.listers.IngressClass.ByKey(*ing.Spec.IngressClassName) - if err != nil { - return "", err + if ing.Spec.IngressClassName != nil { + if icConfig.IgnoreIngressClass && icConfig.AnnotationValue == *ing.Spec.IngressClassName { + return *ing.Spec.IngressClassName, nil + } else { + iclass, err := s.listers.IngressClass.ByKey(*ing.Spec.IngressClassName) + if err != nil { + return "", err + } + return iclass.Name, nil } - return iclass.Name, nil } // Then we try annotation