From 8bbf8690304d5b5a626dbee6cb6c1aca9ed64016 Mon Sep 17 00:00:00 2001 From: Prashanth Balasubramanian Date: Tue, 28 Jun 2016 18:03:12 -0700 Subject: [PATCH] Add an annotation to ignore non-gce ingresses --- controllers/gce/controller/cluster_manager.go | 2 +- controllers/gce/controller/controller.go | 24 +++++++++++-- controllers/gce/controller/util_test.go | 3 +- controllers/gce/controller/utils.go | 34 ++++++++++++++++++- controllers/gce/firewalls/firewalls.go | 2 +- controllers/gce/instances/instances.go | 2 +- controllers/gce/main.go | 2 +- 7 files changed, 60 insertions(+), 9 deletions(-) diff --git a/controllers/gce/controller/cluster_manager.go b/controllers/gce/controller/cluster_manager.go index 1dba70a47..d6e6cf830 100644 --- a/controllers/gce/controller/cluster_manager.go +++ b/controllers/gce/controller/cluster_manager.go @@ -260,7 +260,7 @@ func NewClusterManager( // config and only invoke getGCEClient once, that will not do the right // thing because a nil check against an interface isn't true in golang. cloud = getGCEClient(nil) - glog.Infof("Created GCE client without a confi file") + glog.Infof("Created GCE client without a config file") } // Names are fundamental to the cluster, the uid allocator makes sure names don't collide. diff --git a/controllers/gce/controller/controller.go b/controllers/gce/controller/controller.go index 3b3524ddb..82143ac80 100644 --- a/controllers/gce/controller/controller.go +++ b/controllers/gce/controller/controller.go @@ -106,14 +106,29 @@ func NewLoadBalancerController(kubeClient *client.Client, clusterManager *Cluste pathHandlers := framework.ResourceEventHandlerFuncs{ AddFunc: func(obj interface{}) { addIng := obj.(*extensions.Ingress) + if !isGCEIngress(addIng) { + glog.Infof("Ignoring add for ingress %v based on annotation %v", addIng.Name, ingressClassKey) + return + } lbc.recorder.Eventf(addIng, api.EventTypeNormal, "ADD", fmt.Sprintf("%s/%s", addIng.Namespace, addIng.Name)) lbc.ingQueue.enqueue(obj) }, - DeleteFunc: lbc.ingQueue.enqueue, + DeleteFunc: func(obj interface{}) { + delIng := obj.(*extensions.Ingress) + if !isGCEIngress(delIng) { + glog.Infof("Ignoring delete for ingress %v based on annotation %v", delIng.Name, ingressClassKey) + return + } + glog.Infof("Delete notification received for Ingress %v/%v", delIng.Namespace, delIng.Name) + lbc.ingQueue.enqueue(obj) + }, UpdateFunc: func(old, cur interface{}) { + curIng := cur.(*extensions.Ingress) + if !isGCEIngress(curIng) { + return + } if !reflect.DeepEqual(old, cur) { - glog.V(3).Infof("Ingress %v changed, syncing", - cur.(*extensions.Ingress).Name) + glog.V(3).Infof("Ingress %v changed, syncing", curIng.Name) } lbc.ingQueue.enqueue(cur) }, @@ -202,6 +217,9 @@ func (lbc *LoadBalancerController) enqueueIngressForService(obj interface{}) { return } for _, ing := range ings { + if !isGCEIngress(&ing) { + continue + } lbc.ingQueue.enqueue(&ing) } } diff --git a/controllers/gce/controller/util_test.go b/controllers/gce/controller/util_test.go index dc6c76bf1..a6a7e7fac 100644 --- a/controllers/gce/controller/util_test.go +++ b/controllers/gce/controller/util_test.go @@ -135,7 +135,8 @@ func addPods(lbc *LoadBalancerController, nodePortToHealthCheck map[int64]string ReadinessProbe: &api.Probe{ Handler: api.Handler{ HTTPGet: &api.HTTPGetAction{ - Path: u, + Scheme: api.URISchemeHTTP, + Path: u, Port: intstr.IntOrString{ Type: intstr.Int, IntVal: 80, diff --git a/controllers/gce/controller/utils.go b/controllers/gce/controller/utils.go index 8360fa36a..1d9cdc092 100644 --- a/controllers/gce/controller/utils.go +++ b/controllers/gce/controller/utils.go @@ -38,9 +38,26 @@ import ( ) const ( - allowHTTPKey = "kubernetes.io/ingress.allow-http" + // allowHTTPKey tells the Ingress controller to allow/block HTTP access. + // If either unset or set to true, the controller will create a + // forwarding-rule for port 80, and any additional rules based on the TLS + // section of the Ingress. If set to false, the controller will only create + // rules for port 443 based on the TLS section. + allowHTTPKey = "kubernetes.io/ingress.allow-http" + + // staticIPNameKey tells the Ingress controller to use a specific GCE + // static ip for its forwarding rules. If specified, the Ingress controller + // assigns the static ip by this name to the forwarding rules of the given + // Ingress. The controller *does not* manage this ip, it is the users + // responsibility to create/delete it. staticIPNameKey = "kubernetes.io/ingress.global-static-ip-name" + // ingressClassKey picks a specific "class" for the Ingress. The controller + // only processes Ingresses with this annotation either unset, or set + // to either gceIngessClass or the empty string. + ingressClassKey = "kubernetes.io/ingress.class" + gceIngressClass = "gce" + // Label key to denote which GCE zone a Kubernetes node is in. zoneKey = "failure-domain.beta.kubernetes.io/zone" defaultZone = "" @@ -70,6 +87,21 @@ func (ing ingAnnotations) staticIPName() string { return val } +func (ing ingAnnotations) ingressClass() string { + val, ok := ing[ingressClassKey] + if !ok { + return "" + } + return val +} + +// isGCEIngress returns true if the given Ingress either doesn't specify the +// ingress.class annotation, or it's set to "gce". +func isGCEIngress(ing *extensions.Ingress) bool { + class := ingAnnotations(ing.ObjectMeta.Annotations).ingressClass() + return class == "" || class == gceIngressClass +} + // errorNodePortNotFound is an implementation of error. type errorNodePortNotFound struct { backend extensions.IngressBackend diff --git a/controllers/gce/firewalls/firewalls.go b/controllers/gce/firewalls/firewalls.go index 7411065f3..1c6c58b1d 100644 --- a/controllers/gce/firewalls/firewalls.go +++ b/controllers/gce/firewalls/firewalls.go @@ -76,7 +76,7 @@ func (fr *FirewallRules) Sync(nodePorts []int64, nodeNames []string) error { if requiredPorts.Equal(existingPorts) { return nil } - glog.V(3).Infof("Firewall rule already %v exists, updating nodeports %v", name, nodePorts) + glog.V(3).Infof("Firewall rule %v already exists, updating nodeports %v", name, nodePorts) return fr.cloud.UpdateFirewall(suffix, "GCE L7 firewall rule", fr.srcRange, nodePorts, nodeNames) } diff --git a/controllers/gce/instances/instances.go b/controllers/gce/instances/instances.go index b49a6df79..eeb8274bc 100644 --- a/controllers/gce/instances/instances.go +++ b/controllers/gce/instances/instances.go @@ -101,7 +101,7 @@ func (i *Instances) DeleteInstanceGroup(name string) error { return err } for _, zone := range zones { - glog.Infof("deleting instance group %v in zone %v", name, zone) + glog.Infof("Deleting instance group %v in zone %v", name, zone) if err := i.cloud.DeleteInstanceGroup(name, zone); err != nil { errs = append(errs, err) } diff --git a/controllers/gce/main.go b/controllers/gce/main.go index 5150c189b..fcdcbd28b 100644 --- a/controllers/gce/main.go +++ b/controllers/gce/main.go @@ -58,7 +58,7 @@ const ( alphaNumericChar = "0" // Current docker image version. Only used in debug logging. - imageVersion = "glbc:0.7.0" + imageVersion = "glbc:0.7.1" // Key used to persist UIDs to configmaps. uidConfigMapName = "ingress-uid"