diff --git a/cmd/nginx/flags.go b/cmd/nginx/flags.go index 7e6db6533..c12dc7399 100644 --- a/cmd/nginx/flags.go +++ b/cmd/nginx/flags.go @@ -174,6 +174,8 @@ Takes the form ":port". If not provided, no admission controller is starte `The path of the validating webhook certificate PEM.`) validationWebhookKey = flags.String("validating-webhook-key", "", `The path of the validating webhook key PEM.`) + disableFullValidationTest = flags.Bool("disable-full-test", false, + `Disable full test of all merged ingresses at the admission stage and tests the template of the ingress being created or updated (full test of all ingresses is enabled by default)`) statusPort = flags.Int("status-port", 10246, `Port to use for the lua HTTP endpoint configuration.`) streamPort = flags.Int("stream-port", 10247, "Port to use for the lua TCP/UDP endpoint configuration.") @@ -280,6 +282,7 @@ https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-g ConfigMapName: *configMap, TCPConfigMapName: *tcpConfigMapName, UDPConfigMapName: *udpConfigMapName, + DisableFullValidationTest: *disableFullValidationTest, DefaultSSLCertificate: *defSSLCertificate, PublishService: *publishSvc, PublishStatusAddress: *publishStatusAddress, diff --git a/docs/user-guide/cli-arguments.md b/docs/user-guide/cli-arguments.md index 9c9ce0a9b..ef1c0feb2 100644 --- a/docs/user-guide/cli-arguments.md +++ b/docs/user-guide/cli-arguments.md @@ -16,6 +16,7 @@ They are set in the container spec of the `nginx-ingress-controller` Deployment | `--default-server-port` | Port to use for exposing the default server (catch-all). (default 8181) | | `--default-ssl-certificate` | Secret containing a SSL certificate to be used by the default HTTPS server (catch-all). Takes the form "namespace/name". | | `--disable-catch-all` | Disable support for catch-all Ingresses | +| `--disable-full-test` | Disable full test of all merged ingresses at the admission stage and tests the template of the ingress being created or updated (full test of all ingresses is enabled by default) | | `--election-id` | Election id to use for Ingress status updates. (default "ingress-controller-leader") | | `--enable-metrics` | Enables the collection of NGINX metrics (default true) | | `--enable-ssl-chain-completion` | Autocomplete SSL certificate chains with missing intermediate CA certificates. Certificates uploaded to Kubernetes must have the "Authority Information Access" X.509 v3 extension for this to succeed. | diff --git a/internal/ingress/controller/controller.go b/internal/ingress/controller/controller.go index 1fd22079b..38357d491 100644 --- a/internal/ingress/controller/controller.go +++ b/internal/ingress/controller/controller.go @@ -106,6 +106,7 @@ type Configuration struct { ValidationWebhook string ValidationWebhookCertPath string ValidationWebhookKeyPath string + DisableFullValidationTest bool GlobalExternalAuth *ngx_config.GlobalExternalAuth MaxmindEditionFiles *[]string @@ -274,6 +275,10 @@ func (n *NGINXController) CheckIngress(ing *networking.Ingress) error { return err } + if n.cfg.DisableFullValidationTest { + _, _, pcfg = n.getConfiguration(ings[len(ings)-1:]) + } + content, err := n.generateTemplate(cfg, *pcfg) if err != nil { n.metricCollector.IncCheckErrorCount(ing.ObjectMeta.Namespace, ing.Name)