diff --git a/internal/ingress/annotations/parser/main.go b/internal/ingress/annotations/parser/main.go index 9ad8dde64..844e39ba4 100644 --- a/internal/ingress/annotations/parser/main.go +++ b/internal/ingress/annotations/parser/main.go @@ -22,6 +22,7 @@ import ( "strings" networking "k8s.io/api/networking/v1beta1" + "k8s.io/apimachinery/pkg/util/sets" "k8s.io/ingress-nginx/internal/ingress/errors" ) @@ -130,3 +131,24 @@ func normalizeString(input string) string { return strings.Join(trimmedContent, "\n") } + +var configmapAnnotations = sets.NewString( + "auth-proxy-set-header", + "fastcgi-params-configmap", +) + +// AnnotationsReferencesConfigmap checks if at least one annotation in the Ingress rule +// references a configmap. +func AnnotationsReferencesConfigmap(ing *networking.Ingress) bool { + if ing == nil || len(ing.GetAnnotations()) == 0 { + return false + } + + for name := range ing.GetAnnotations() { + if configmapAnnotations.Has(name) { + return true + } + } + + return false +} diff --git a/internal/ingress/controller/store/store.go b/internal/ingress/controller/store/store.go index e8ba0b9fd..7b9233c59 100644 --- a/internal/ingress/controller/store/store.go +++ b/internal/ingress/controller/store/store.go @@ -525,48 +525,69 @@ func New( }, } + // TODO: add e2e test to verify that changes to one or more configmap trigger an update + changeTriggerUpdate := func(name string) bool { + return name == configmap || name == tcp || name == udp + } + cmEventHandler := cache.ResourceEventHandlerFuncs{ AddFunc: func(obj interface{}) { cm := obj.(*corev1.ConfigMap) key := k8s.MetaNamespaceKey(cm) // updates to configuration configmaps can trigger an update - if key == configmap || key == tcp || key == udp { + if changeTriggerUpdate(key) { recorder.Eventf(cm, corev1.EventTypeNormal, "CREATE", fmt.Sprintf("ConfigMap %v", key)) + if key == configmap { store.setConfig(cm) } - updateCh.In() <- Event{ - Type: ConfigurationEvent, - Obj: obj, - } + } + + updateCh.In() <- Event{ + Type: ConfigurationEvent, + Obj: obj, } }, UpdateFunc: func(old, cur interface{}) { - if !reflect.DeepEqual(old, cur) { - cm := cur.(*corev1.ConfigMap) - key := k8s.MetaNamespaceKey(cm) - // updates to configuration configmaps can trigger an update - if key == configmap || key == tcp || key == udp { + if reflect.DeepEqual(old, cur) { + return + } + + // used to limit the number of events + triggerUpdate := false + + cm := cur.(*corev1.ConfigMap) + key := k8s.MetaNamespaceKey(cm) + // updates to configuration configmaps can trigger an update + if changeTriggerUpdate(key) { + recorder.Eventf(cm, corev1.EventTypeNormal, "UPDATE", fmt.Sprintf("ConfigMap %v", key)) + triggerUpdate = true + } + + if key == configmap { + store.setConfig(cm) + } + + ings := store.listers.IngressWithAnnotation.List() + for _, ingKey := range ings { + key := k8s.MetaNamespaceKey(ingKey) + ing, err := store.getIngress(key) + if err != nil { + klog.Errorf("could not find Ingress %v in local store: %v", key, err) + continue + } + + if parser.AnnotationsReferencesConfigmap(ing) { recorder.Eventf(cm, corev1.EventTypeNormal, "UPDATE", fmt.Sprintf("ConfigMap %v", key)) - if key == configmap { - store.setConfig(cm) - } + store.syncIngress(ing) + triggerUpdate = true + } + } - ings := store.listers.IngressWithAnnotation.List() - for _, ingKey := range ings { - key := k8s.MetaNamespaceKey(ingKey) - ing, err := store.getIngress(key) - if err != nil { - klog.Errorf("could not find Ingress %v in local store: %v", key, err) - continue - } - store.syncIngress(ing) - } - - updateCh.In() <- Event{ - Type: ConfigurationEvent, - Obj: cur, - } + if triggerUpdate { + updateCh.In() <- Event{ + Type: ConfigurationEvent, + Obj: cur, } } }, @@ -683,6 +704,7 @@ func (s *k8sStore) updateSecretIngressMap(ing *networkingv1beta1.Ingress) { "auth-secret", "auth-tls-secret", "proxy-ssl-secret", + "secure-verify-ca-secret", } for _, ann := range secretAnnotations { secrKey, err := objectRefAnnotationNsKey(ann, ing)