DevFW-CICD/ingress-nginx-helm
12
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

reject annotations with default prefix in the case of an override

Browse source
This commit is contained in:
Matthew Silverman 2020-09-09 16:01:49 -04:00
parent f30a32a6e3
commit 9612180f6e
4 changed files with 28 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
cmd/nginx/flags.go
View file

@ -126,7 +126,7 @@ Requires the update-status parameter.`)
enableSSLPassthrough = flags.Bool("enable-ssl-passthrough", false,
`Enable SSL Passthrough.`)
annotationsPrefix = flags.String("annotations-prefix", "nginx.ingress.kubernetes.io",
annotationsPrefix = flags.String("annotations-prefix", parser.DefaultAnnotationsPrefix,
`Prefix of the Ingress annotations specific to the NGINX controller.`)
enableSSLChainCompletion = flags.Bool("enable-ssl-chain-completion", false,

7
internal/ingress/annotations/parser/main.go
View file

@ -28,9 +28,12 @@ import (
"k8s.io/ingress-nginx/internal/ingress/errors"
)
// DefaultAnnotationsPrefix defines the common prefix used in the nginx ingress controller
const DefaultAnnotationsPrefix = "nginx.ingress.kubernetes.io"
var (
// AnnotationsPrefix defines the common prefix used in the nginx ingress controller
AnnotationsPrefix = "nginx.ingress.kubernetes.io"
// AnnotationsPrefix is the mutable attribute that the controller explicitly refers to
AnnotationsPrefix = DefaultAnnotationsPrefix
)
// IngressAnnotation has a method to parse annotations located in Ingress

9
internal/ingress/controller/controller.go
View file

@ -35,6 +35,7 @@ import (
"k8s.io/ingress-nginx/internal/ingress/annotations"
"k8s.io/ingress-nginx/internal/ingress/annotations/class"
"k8s.io/ingress-nginx/internal/ingress/annotations/log"
"k8s.io/ingress-nginx/internal/ingress/annotations/parser"
"k8s.io/ingress-nginx/internal/ingress/annotations/proxy"
ngx_config "k8s.io/ingress-nginx/internal/ingress/controller/config"
"k8s.io/ingress-nginx/internal/k8s"
@ -216,6 +217,14 @@ func (n *NGINXController) CheckIngress(ing *networking.Ingress) error {
return nil
}
if parser.AnnotationsPrefix != parser.DefaultAnnotationsPrefix {
for key := range ing.ObjectMeta.GetAnnotations() {
if strings.HasPrefix(key, fmt.Sprintf("%s/", parser.DefaultAnnotationsPrefix)) {
return fmt.Errorf("This deployment has a custom annotation prefix defined. Use '%s' instead of '%s'", parser.AnnotationsPrefix, parser.DefaultAnnotationsPrefix)
}
}
}
filter := func(toCheck *ingress.Ingress) bool {
return toCheck.ObjectMeta.Namespace == ing.ObjectMeta.Namespace &&
toCheck.ObjectMeta.Name == ing.ObjectMeta.Name

13
internal/ingress/controller/controller_test.go
View file

@ -42,6 +42,7 @@ import (
"k8s.io/ingress-nginx/internal/ingress"
"k8s.io/ingress-nginx/internal/ingress/annotations"
"k8s.io/ingress-nginx/internal/ingress/annotations/canary"
"k8s.io/ingress-nginx/internal/ingress/annotations/parser"
"k8s.io/ingress-nginx/internal/ingress/annotations/proxyssl"
"k8s.io/ingress-nginx/internal/ingress/controller/config"
ngx_config "k8s.io/ingress-nginx/internal/ingress/controller/config"
@ -243,6 +244,18 @@ func TestCheckIngress(t *testing.T) {
}
})
t.Run("When the default annotation prefix is used despite an override", func(t *testing.T) {
parser.AnnotationsPrefix = "ingress.kubernetes.io"
ing.ObjectMeta.Annotations["nginx.ingress.kubernetes.io/backend-protocol"] = "GRPC"
nginx.command = testNginxTestCommand{
t: t,
err: nil,
}
if nginx.CheckIngress(ing) == nil {
t.Errorf("with a custom annotation prefix, ingresses using the default should be rejected")
}
})
t.Run("When the ingress is in a different namespace than the watched one", func(t *testing.T) {
nginx.command = testNginxTestCommand{
t: t,