Fix golang-ci linter errors (#10128)

* Fix golang-ci linter errors

Signed-off-by: z1cheng <imchench@gmail.com>

* Fix gofmt errors

Signed-off-by: z1cheng <imchench@gmail.com>

* Add nolint comment to defaults.Backend in Configuration

Signed-off-by: z1cheng <imchench@gmail.com>

* Add #nosec comment to rand.New func

Signed-off-by: z1cheng <imchench@gmail.com>

* Fix errcheck warnings

Signed-off-by: z1cheng <imchench@gmail.com>

* Fix gofmt check

Signed-off-by: z1cheng <imchench@gmail.com>

* Fix unit tests and comments

Signed-off-by: z1cheng <imchench@gmail.com>

---------

Signed-off-by: z1cheng <imchench@gmail.com>

cmd/dataplane/main.go

@@ -18,13 +18,10 @@ package main
 
 import (
 	"fmt"
-	"math/rand" // #nosec
-	"net/http"
-	"os"
-	"time"
-
 	"github.com/prometheus/client_golang/prometheus"
 	"github.com/prometheus/client_golang/prometheus/collectors"
+	"net/http"
+	"os"
 
 	"k8s.io/klog/v2"
 
@@ -41,8 +38,6 @@ import (
 func main() {
 	klog.InitFlags(nil)
 
-	rand.Seed(time.Now().UnixNano())
-
 	fmt.Println(version.String())
 	var err error
 	showVersion, conf, err := ingressflags.ParseFlags()

cmd/nginx/main.go

@@ -19,7 +19,6 @@ package main
 import (
 	"context"
 	"fmt"
-	"math/rand" // #nosec
 	"net/http"
 	"os"
 	"path/filepath"
@@ -54,8 +53,6 @@ import (
 func main() {
 	klog.InitFlags(nil)
 
-	rand.Seed(time.Now().UnixNano())
-
 	fmt.Println(version.String())
 
 	showVersion, conf, err := ingressflags.ParseFlags()

cmd/plugin/commands/certs/certs.go

@@ -18,6 +18,7 @@ package certs
 
 import (
 	"fmt"
+	"os"
 
 	"github.com/spf13/cobra"
 
@@ -46,7 +47,10 @@ func CreateCommand(flags *genericclioptions.ConfigFlags) *cobra.Command {
 	}
 
 	cmd.Flags().String("host", "", "Get the cert for this hostname")
-	cobra.MarkFlagRequired(cmd.Flags(), "host")
+	if err := cobra.MarkFlagRequired(cmd.Flags(), "host"); err != nil {
+		util.PrintError(err)
+		os.Exit(1)
+	}
 	pod = util.AddPodFlag(cmd)
 	deployment = util.AddDeploymentFlag(cmd)
 	selector = util.AddSelectorFlag(cmd)

cmd/plugin/kubectl/kubectl.go

@@ -77,7 +77,9 @@ func execToWriter(args []string, writer io.Writer) error {
 		return err
 	}
 
-	go io.Copy(writer, op)
+	go func() {
+		io.Copy(writer, op) //nolint:errcheck
+	}()
 	err = cmd.Run()
 	if err != nil {
 		return err

images/fastcgi-helloserver/rootfs/main.go

@@ -26,5 +26,7 @@ func main() {
 	if err != nil {
 		panic(err)
 	}
-	fcgi.Serve(l, nil)
+	if err := fcgi.Serve(l, nil); err != nil {
+		panic(err)
+	}
 }

images/kube-webhook-certgen/rootfs/pkg/k8s/k8s_test.go

@@ -3,8 +3,8 @@ package k8s
 import (
 	"bytes"
 	"context"
+	"crypto/rand"
 	"errors"
-	"math/rand"
 	"testing"
 	"time"
 

internal/admission/controller/main_test.go

@@ -67,7 +67,7 @@ func TestHandleAdmission(t *testing.T) {
 		Checker: failTestChecker{t: t},
 	}
 
-	result, err := adm.HandleAdmission(&admissionv1.AdmissionReview{
+	_, err := adm.HandleAdmission(&admissionv1.AdmissionReview{
 		Request: &admissionv1.AdmissionRequest{
 			Kind: v1.GroupVersionKind{Group: "", Version: "v1", Kind: "Pod"},
 		},
@@ -76,12 +76,12 @@ func TestHandleAdmission(t *testing.T) {
 		t.Fatalf("with a non ingress resource, the check should not pass")
 	}
 
-	result, err = adm.HandleAdmission(nil)
+	_, err = adm.HandleAdmission(nil)
 	if err == nil {
 		t.Fatalf("with a nil AdmissionReview request, the check should not pass")
 	}
 
-	result, err = adm.HandleAdmission(&admissionv1.AdmissionReview{
+	result, err := adm.HandleAdmission(&admissionv1.AdmissionReview{
 		Request: &admissionv1.AdmissionRequest{
 			Kind: v1.GroupVersionKind{Group: networking.GroupName, Version: "v1", Kind: "Ingress"},
 			Object: runtime.RawExtension{
@@ -114,7 +114,9 @@ func TestHandleAdmission(t *testing.T) {
 		err: fmt.Errorf("this is a test error"),
 	}
 
-	adm.HandleAdmission(review)
+	if _, err := adm.HandleAdmission(review); err != nil {
+		t.Errorf("unexpected error: %v", err)
+	}
 	if review.Response.Allowed {
 		t.Fatalf("when the checker returns an error, the request should not be allowed")
 	}
@@ -124,7 +126,9 @@ func TestHandleAdmission(t *testing.T) {
 		err: nil,
 	}
 
-	adm.HandleAdmission(review)
+	if _, err := adm.HandleAdmission(review); err != nil {
+		t.Errorf("unexpected error: %v", err)
+	}
 	if !review.Response.Allowed {
 		t.Fatalf("when the checker returns no error, the request should be allowed")
 	}

internal/admission/controller/server.go

@@ -31,7 +31,9 @@ var (
 )
 
 func init() {
-	admissionv1.AddToScheme(scheme)
+	if err := admissionv1.AddToScheme(scheme); err != nil {
+		klog.ErrorS(err, "Failed to add scheme")
+	}
 }
 
 // AdmissionController checks if an object

internal/ingress/controller/checker_test.go

@@ -76,7 +76,10 @@ func TestNginxCheck(t *testing.T) {
 			})
 
 			// create pid file
-			os.MkdirAll("/tmp/nginx", file.ReadWriteByUser)
+			if err := os.MkdirAll("/tmp/nginx", file.ReadWriteByUser); err != nil {
+				t.Errorf("unexpected error creating pid file: %v", err)
+			}
+
 			pidFile, err := os.Create(nginx.PID)
 			if err != nil {
 				t.Fatalf("unexpected error: %v", err)
@@ -90,14 +93,23 @@ func TestNginxCheck(t *testing.T) {
 
 			// start dummy process to use the PID
 			cmd := exec.Command("sleep", "3600")
-			cmd.Start()
+			if err := cmd.Start(); err != nil {
+				t.Errorf("unexpected error: %v", err)
+			}
 			pid := cmd.Process.Pid
-			defer cmd.Process.Kill()
+			defer func() {
+				if err := cmd.Process.Kill(); err != nil {
+					t.Errorf("unexpected error killing the process: %v", err)
+				}
+			}()
 			go func() {
-				cmd.Wait()
+				cmd.Wait() //nolint:errcheck
 			}()
 
-			pidFile.Write([]byte(fmt.Sprintf("%v", pid)))
+			if _, err := pidFile.Write([]byte(fmt.Sprintf("%v", pid))); err != nil {
+				t.Errorf("unexpected error writing the pid file: %v", err)
+			}
+
 			pidFile.Close()
 
 			healthz.InstallPathHandler(mux, tt.healthzPath, n)
@@ -109,7 +121,7 @@ func TestNginxCheck(t *testing.T) {
 			})
 
 			// pollute pid file
-			pidFile.Write([]byte("999999"))
+			pidFile.Write([]byte("999999")) //nolint:errcheck
 			pidFile.Close()
 
 			t.Run("bad pid", func(t *testing.T) {

internal/ingress/controller/config/config.go

@@ -91,7 +91,7 @@ const (
 
 // Configuration represents the content of nginx.conf file
 type Configuration struct {
-	defaults.Backend `json:",squash"`
+	defaults.Backend `json:",squash"` //nolint:staticcheck
 
 	// AllowSnippetAnnotations enable users to add their own snippets via ingress annotation.
 	// If disabled, only snippets added via ConfigMap are added to ingress.

internal/ingress/controller/controller_test.go

@@ -158,7 +158,7 @@ func (fakeTemplate) Write(conf ngx_config.TemplateConfig) ([]byte, error) {
 
 func TestCheckIngress(t *testing.T) {
 	defer func() {
-		filepath.Walk(os.TempDir(), func(path string, info os.FileInfo, err error) error {
+		err := filepath.Walk(os.TempDir(), func(path string, info os.FileInfo, err error) error {
 			if info.IsDir() && os.TempDir() != path {
 				return filepath.SkipDir
 			}
@@ -167,6 +167,9 @@ func TestCheckIngress(t *testing.T) {
 			}
 			return nil
 		})
+		if err != nil {
+			t.Errorf("unexpected error: %v", err)
+		}
 	}()
 
 	err := file.CreateRequiredDirectories()
@@ -176,9 +179,13 @@ func TestCheckIngress(t *testing.T) {
 
 	// Ensure no panic with wrong arguments
 	var nginx *NGINXController
-	nginx.CheckIngress(nil)
+	if err := nginx.CheckIngress(nil); err != nil {
+		t.Errorf("unexpected error: %v", err)
+	}
 	nginx = newNGINXController(t)
-	nginx.CheckIngress(nil)
+	if err := nginx.CheckIngress(nil); err != nil {
+		t.Errorf("unexpected error: %v", err)
+	}
 	nginx.metricCollector = metric.DummyCollector{}
 
 	nginx.t = fakeTemplate{}

internal/ingress/controller/nginx.go

@@ -249,7 +249,6 @@ type NGINXController struct {
 	store store.Storer
 
 	metricCollector metric.Collector
-	admissionCollector metric.Collector
 
 	validationWebhookServer *http.Server
 
@@ -799,45 +798,6 @@ func (n *NGINXController) setupSSLProxy() {
 	}()
 }
 
-// Helper function to clear Certificates from the ingress configuration since they should be ignored when
-// checking if the new configuration changes can be applied dynamically if dynamic certificates is on
-func clearCertificates(config *ingress.Configuration) {
-	var clearedServers []*ingress.Server
-	for _, server := range config.Servers {
-		copyOfServer := *server
-		copyOfServer.SSLCert = nil
-		clearedServers = append(clearedServers, &copyOfServer)
-	}
-	config.Servers = clearedServers
-}
-
-// Helper function to clear endpoints from the ingress configuration since they should be ignored when
-// checking if the new configuration changes can be applied dynamically.
-func clearL4serviceEndpoints(config *ingress.Configuration) {
-	var clearedTCPL4Services []ingress.L4Service
-	var clearedUDPL4Services []ingress.L4Service
-	for _, service := range config.TCPEndpoints {
-		copyofService := ingress.L4Service{
-			Port:      service.Port,
-			Backend:   service.Backend,
-			Endpoints: []ingress.Endpoint{},
-			Service:   nil,
-		}
-		clearedTCPL4Services = append(clearedTCPL4Services, copyofService)
-	}
-	for _, service := range config.UDPEndpoints {
-		copyofService := ingress.L4Service{
-			Port:      service.Port,
-			Backend:   service.Backend,
-			Endpoints: []ingress.Endpoint{},
-			Service:   nil,
-		}
-		clearedUDPL4Services = append(clearedUDPL4Services, copyofService)
-	}
-	config.TCPEndpoints = clearedTCPL4Services
-	config.UDPEndpoints = clearedUDPL4Services
-}
-
 // configureDynamically encodes new Backends in JSON format and POSTs the
 // payload to an internal HTTP endpoint handled by Lua.
 func (n *NGINXController) configureDynamically(pcfg *ingress.Configuration) error {

internal/ingress/controller/store/endpointslice_test.go

@@ -59,7 +59,9 @@ func TestEndpointSliceLister(t *testing.T) {
 				},
 			},
 		}
-		el.Add(endpointSlice)
+		if err := el.Add(endpointSlice); err != nil {
+			t.Errorf("unexpected error %v", err)
+		}
 		endpointSlice = &discoveryv1.EndpointSlice{
 			ObjectMeta: metav1.ObjectMeta{
 				Namespace: "namespace",
@@ -69,7 +71,9 @@ func TestEndpointSliceLister(t *testing.T) {
 				},
 			},
 		}
-		el.Add(endpointSlice)
+		if err := el.Add(endpointSlice); err != nil {
+			t.Errorf("unexpected error %v", err)
+		}
 		endpointSlice = &discoveryv1.EndpointSlice{
 			ObjectMeta: metav1.ObjectMeta{
 				Namespace: "namespace",
@@ -79,7 +83,9 @@ func TestEndpointSliceLister(t *testing.T) {
 				},
 			},
 		}
-		el.Add(endpointSlice)
+		if err := el.Add(endpointSlice); err != nil {
+			t.Errorf("unexpected error %v", err)
+		}
 		eps, err := el.MatchByKey(key)
 
 		if err != nil {
@@ -108,7 +114,9 @@ func TestEndpointSliceLister(t *testing.T) {
 				},
 			},
 		}
-		el.Add(endpointSlice)
+		if err := el.Add(endpointSlice); err != nil {
+			t.Errorf("unexpected error %v", err)
+		}
 		endpointSlice2 := &discoveryv1.EndpointSlice{
 			ObjectMeta: metav1.ObjectMeta{
 				Namespace: ns2,
@@ -118,7 +126,9 @@ func TestEndpointSliceLister(t *testing.T) {
 				},
 			},
 		}
-		el.Add(endpointSlice2)
+		if err := el.Add(endpointSlice2); err != nil {
+			t.Errorf("unexpected error %v", err)
+		}
 		eps, err := el.MatchByKey(key)
 		if err != nil {
 			t.Errorf("unexpeted error %v", err)

internal/ingress/controller/store/store.go

@@ -404,7 +404,10 @@ func New(
 			return
 		}
 
-		store.listers.IngressWithAnnotation.Delete(ing)
+		if err := store.listers.IngressWithAnnotation.Delete(ing); err != nil {
+			klog.ErrorS(err, "Error while deleting ingress from store", "ingress", klog.KObj(ing))
+			return
+		}
 
 		key := k8s.MetaNamespaceKey(ing)
 		store.secretIngressMap.Delete(key)
@@ -793,14 +796,26 @@ func New(
 		},
 	}
 
-	store.informers.Ingress.AddEventHandler(ingEventHandler)
-	if !icConfig.IgnoreIngressClass {
-		store.informers.IngressClass.AddEventHandler(ingressClassEventHandler)
+	if _, err := store.informers.Ingress.AddEventHandler(ingEventHandler); err != nil {
+		klog.Errorf("Error adding ingress event handler: %v", err)
+	}
+	if !icConfig.IgnoreIngressClass {
+		if _, err := store.informers.IngressClass.AddEventHandler(ingressClassEventHandler); err != nil {
+			klog.Errorf("Error adding ingress class event handler: %v", err)
+		}
+	}
+	if _, err := store.informers.EndpointSlice.AddEventHandler(epsEventHandler); err != nil {
+		klog.Errorf("Error adding endpoint slice event handler: %v", err)
+	}
+	if _, err := store.informers.Secret.AddEventHandler(secrEventHandler); err != nil {
+		klog.Errorf("Error adding secret event handler: %v", err)
+	}
+	if _, err := store.informers.ConfigMap.AddEventHandler(cmEventHandler); err != nil {
+		klog.Errorf("Error adding configmap event handler: %v", err)
+	}
+	if _, err := store.informers.Service.AddEventHandler(serviceHandler); err != nil {
+		klog.Errorf("Error adding service event handler: %v", err)
 	}
-	store.informers.EndpointSlice.AddEventHandler(epsEventHandler)
-	store.informers.Secret.AddEventHandler(secrEventHandler)
-	store.informers.ConfigMap.AddEventHandler(cmEventHandler)
-	store.informers.Service.AddEventHandler(serviceHandler)
 
 	// do not wait for informers to read the configmap configuration
 	ns, name, _ := k8s.ParseNameNS(configmap)

internal/ingress/controller/store/store_test.go

@@ -92,7 +92,7 @@ func TestStore(t *testing.T) {
 
 	emptySelector, _ := labels.Parse("")
 
-	defer te.Stop()
+	defer te.Stop() //nolint:errcheck
 
 	clientSet, err := kubernetes.NewForConfig(cfg)
 	if err != nil {
@@ -1377,14 +1377,18 @@ func TestUpdateSecretIngressMap(t *testing.T) {
 			Namespace: "testns",
 		},
 	}
-	s.listers.Ingress.Add(ingTpl)
+	if err := s.listers.Ingress.Add(ingTpl); err != nil {
+		t.Errorf("error adding the Ingress template: %v", err)
+	}
 
 	t.Run("with TLS secret", func(t *testing.T) {
 		ing := ingTpl.DeepCopy()
 		ing.Spec = networking.IngressSpec{
 			TLS: []networking.IngressTLS{{SecretName: "tls"}},
 		}
-		s.listers.Ingress.Update(ing)
+		if err := s.listers.Ingress.Update(ing); err != nil {
+			t.Errorf("error updating the Ingress: %v", err)
+		}
 		s.updateSecretIngressMap(ing)
 
 		if l := s.secretIngressMap.Len(); !(l == 1 && s.secretIngressMap.Has("testns/tls")) {
@@ -1397,7 +1401,9 @@ func TestUpdateSecretIngressMap(t *testing.T) {
 		ing.ObjectMeta.SetAnnotations(map[string]string{
 			parser.GetAnnotationWithPrefix("auth-secret"): "auth",
 		})
-		s.listers.Ingress.Update(ing)
+		if err := s.listers.Ingress.Update(ing); err != nil {
+			t.Errorf("error updating the Ingress: %v", err)
+		}
 		s.updateSecretIngressMap(ing)
 
 		if l := s.secretIngressMap.Len(); !(l == 1 && s.secretIngressMap.Has("testns/auth")) {
@@ -1410,7 +1416,9 @@ func TestUpdateSecretIngressMap(t *testing.T) {
 		ing.ObjectMeta.SetAnnotations(map[string]string{
 			parser.GetAnnotationWithPrefix("auth-secret"): "otherns/auth",
 		})
-		s.listers.Ingress.Update(ing)
+		if err := s.listers.Ingress.Update(ing); err != nil {
+			t.Errorf("error updating the Ingress: %v", err)
+		}
 		s.updateSecretIngressMap(ing)
 
 		if l := s.secretIngressMap.Len(); !(l == 1 && s.secretIngressMap.Has("otherns/auth")) {
@@ -1423,7 +1431,9 @@ func TestUpdateSecretIngressMap(t *testing.T) {
 		ing.ObjectMeta.SetAnnotations(map[string]string{
 			parser.GetAnnotationWithPrefix("auth-secret"): "ns/name/garbage",
 		})
-		s.listers.Ingress.Update(ing)
+		if err := s.listers.Ingress.Update(ing); err != nil {
+			t.Errorf("error updating the Ingress: %v", err)
+		}
 		s.updateSecretIngressMap(ing)
 
 		if l := s.secretIngressMap.Len(); l != 0 {
@@ -1457,7 +1467,9 @@ func TestListIngresses(t *testing.T) {
 			},
 		},
 	}
-	s.listers.IngressWithAnnotation.Add(ingressToIgnore)
+	if err := s.listers.IngressWithAnnotation.Add(ingressToIgnore); err != nil {
+		t.Errorf("error adding the Ingress: %v", err)
+	}
 
 	ingressWithoutPath := &ingress.Ingress{
 		Ingress: networking.Ingress{
@@ -1492,8 +1504,9 @@ func TestListIngresses(t *testing.T) {
 			},
 		},
 	}
-	s.listers.IngressWithAnnotation.Add(ingressWithoutPath)
-
+	if err := s.listers.IngressWithAnnotation.Add(ingressWithoutPath); err != nil {
+		t.Errorf("error adding the Ingress: %v", err)
+	}
 	ingressWithNginxClassAnnotation := &ingress.Ingress{
 		Ingress: networking.Ingress{
 			ObjectMeta: metav1.ObjectMeta{
@@ -1531,8 +1544,9 @@ func TestListIngresses(t *testing.T) {
 			},
 		},
 	}
-	s.listers.IngressWithAnnotation.Add(ingressWithNginxClassAnnotation)
-
+	if err := s.listers.IngressWithAnnotation.Add(ingressWithNginxClassAnnotation); err != nil {
+		t.Errorf("error adding the Ingress: %v", err)
+	}
 	ingresses := s.ListIngresses()
 
 	if s := len(ingresses); s != 3 {

internal/ingress/controller/template/template.go

@@ -18,13 +18,14 @@ package template
 
 import (
 	"bytes"
+	"crypto/rand"
 	"crypto/sha1" // #nosec
 	"encoding/base64"
 	"encoding/hex"
 	"encoding/json"
 	"fmt"
 	"io"
-	"math/rand" // #nosec
+	"math/big"
 	"net"
 	"net/url"
 	"os"
@@ -34,7 +35,6 @@ import (
 	"strconv"
 	"strings"
 	text_template "text/template"
-	"time"
 
 	networkingv1 "k8s.io/api/networking/v1"
 	"k8s.io/apimachinery/pkg/util/sets"
@@ -1184,14 +1184,15 @@ func buildAuthSignURLLocation(location, authSignURL string) string {
 
 var letters = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ")
 
-func init() {
-	rand.Seed(time.Now().UnixNano())
-}
-
 func randomString() string {
 	b := make([]rune, 32)
 	for i := range b {
-		b[i] = letters[rand.Intn(len(letters))] // #nosec
+		idx, err := rand.Int(rand.Reader, big.NewInt(int64(len(letters))))
+		if err != nil {
+			klog.Errorf("unexpected error generating random index: %v", err)
+			return ""
+		}
+		b[i] = letters[idx.Int64()]
 	}
 
 	return string(b)

internal/ingress/controller/template/template_test.go

@@ -767,7 +767,9 @@ func BenchmarkTemplateWithData(b *testing.B) {
 	}
 
 	for i := 0; i < b.N; i++ {
-		ngxTpl.Write(dat)
+		if _, err := ngxTpl.Write(dat); err != nil {
+			b.Errorf("unexpected error writing template: %v", err)
+		}
 	}
 }
 

internal/ingress/metric/collectors/process_test.go

@@ -48,7 +48,7 @@ func TestProcessCollector(t *testing.T) {
 
 			done := make(chan struct{})
 			go func() {
-				cmd.Wait()
+				cmd.Wait() //nolint:errcheck
 				status := cmd.ProcessState.Sys().(syscall.WaitStatus)
 				if status.Signaled() {
 					t.Logf("Signal: %v", status.Signal())
@@ -69,7 +69,7 @@ func TestProcessCollector(t *testing.T) {
 			defer func() {
 				cm.Stop()
 
-				cmd.Process.Kill()
+				cmd.Process.Kill() //nolint:errcheck
 				<-done
 				close(done)
 			}()

internal/ingress/metric/collectors/socket_test.go

@@ -58,7 +58,9 @@ func TestNewUDPLogListener(t *testing.T) {
 	}()
 
 	conn, _ := net.Dial("unix", tmpFile)
-	conn.Write([]byte("message"))
+	if _, err := conn.Write([]byte("message")); err != nil {
+		t.Errorf("unexpected error writing to unix socket: %v", err)
+	}
 	conn.Close()
 
 	time.Sleep(1 * time.Millisecond)

internal/ingress/status/status.go

@@ -95,10 +95,13 @@ func (s statusSync) Run(stopCh chan struct{}) {
 
 	// when this instance is the leader we need to enqueue
 	// an item to trigger the update of the Ingress status.
-	wait.PollUntil(time.Duration(UpdateInterval)*time.Second, func() (bool, error) {
+	err := wait.PollUntil(time.Duration(UpdateInterval)*time.Second, func() (bool, error) {
 		s.syncQueue.EnqueueTask(task.GetDummyObject("sync status"))
 		return false, nil
 	}, stopCh)
+	if err != nil {
+		klog.ErrorS(err, "error running poll")
+	}
 }
 
 // Shutdown stops the sync. In case the instance is the leader it will remove the current IP

internal/ingress/status/status_test.go

@@ -325,7 +325,9 @@ func TestStatusActions(t *testing.T) {
 	//  wait for the election
 	time.Sleep(100 * time.Millisecond)
 	// execute sync
-	fk.sync("just-test")
+	if err := fk.sync("just-test"); err != nil {
+		t.Errorf("unexpected error: %v", err)
+	}
 	// PublishService is empty, so the running address is: ["11.0.0.2"]
 	// after updated, the ingress's ip should only be "11.0.0.2"
 	newIPs := []networking.IngressLoadBalancerIngress{{

internal/net/dns/dns_test.go

@@ -40,13 +40,16 @@ func TestGetDNSServers(t *testing.T) {
 	defer f.Close()
 	defer os.Remove(f.Name())
 
-	os.WriteFile(f.Name(), []byte(`
+	err = os.WriteFile(f.Name(), []byte(`
 	# comment
 	; comment
 	nameserver 2001:4860:4860::8844
 	nameserver 2001:4860:4860::8888
 	nameserver 8.8.8.8
 	`), file.ReadWriteByUser)
+	if err != nil {
+		t.Errorf("unexpected error: %v", err)
+	}
 
 	defResolvConf = f.Name()
 	s, err = GetSystemNameServers()

internal/net/ssl/ssl.go

@@ -228,7 +228,7 @@ func ConfigureCRL(name string, crl []byte, sslCert *ingress.SSLCert) error {
 		return fmt.Errorf("CRL file %v contains invalid data, and must be created only with PEM formatted certificates", name)
 	}
 
-	_, err := x509.ParseCRL(pemCRLBlock.Bytes)
+	_, err := x509.ParseRevocationList(pemCRLBlock.Bytes)
 	if err != nil {
 		return fmt.Errorf(err.Error())
 	}

internal/net/ssl/ssl_test.go

@@ -397,7 +397,9 @@ func newFakeCertificate(t *testing.T) ([]byte, string, string) {
 		t.Errorf("failed to write test key: %v", err)
 	}
 
-	certFile.Write(cert)
+	if _, err := certFile.Write(cert); err != nil {
+		t.Errorf("failed to write cert: %v", err)
+	}
 	defer certFile.Close()
 
 	keyFile, err := os.CreateTemp("", "key-")
@@ -405,7 +407,9 @@ func newFakeCertificate(t *testing.T) ([]byte, string, string) {
 		t.Errorf("failed to write test key: %v", err)
 	}
 
-	keyFile.Write(key)
+	if _, err := keyFile.Write(key); err != nil {
+		t.Errorf("failed to write key: %v", err)
+	}
 	defer keyFile.Close()
 
 	return cert, certFile.Name(), keyFile.Name()

pkg/flags/flags.go

@@ -228,14 +228,10 @@ https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-g
 	flags.IntVar(&nginx.MaxmindRetriesCount, "maxmind-retries-count", 1, "Number of attempts to download the GeoIP DB.")
 	flags.DurationVar(&nginx.MaxmindRetriesTimeout, "maxmind-retries-timeout", time.Second*0, "Maxmind downloading delay between 1st and 2nd attempt, 0s - do not retry to download if something went wrong.")
 
-	flag.Set("logtostderr", "true")
-
 	flags.AddGoFlagSet(flag.CommandLine)
-	flags.Parse(os.Args)
-
-	// Workaround for this issue:
-	// https://github.com/kubernetes/kubernetes/issues/17162
-	flag.CommandLine.Parse([]string{})
+	if err := flags.Parse(os.Args); err != nil {
+		return false, nil, err
+	}
 
 	pflag.VisitAll(func(flag *pflag.Flag) {
 		klog.V(2).InfoS("FLAG", flag.Name, flag.Value)

pkg/tcpproxy/tcp.go

@@ -119,7 +119,9 @@ func (p *TCPProxy) Handle(conn net.Conn) {
 
 func pipe(client, server net.Conn) {
 	doCopy := func(s, c net.Conn, cancel chan<- bool) {
-		io.Copy(s, c)
+		if _, err := io.Copy(s, c); err != nil {
+			klog.Errorf("Error copying data: %v", err)
+		}
 		cancel <- true
 	}
 

pkg/util/file/file_test.go

@@ -35,8 +35,12 @@ func TestSHA1(t *testing.T) {
 		if err != nil {
 			t.Fatal(err)
 		}
-		f.Write(test.content)
-		f.Sync()
+		if _, err := f.Write(test.content); err != nil {
+			t.Error(err)
+		}
+		if err := f.Sync(); err != nil {
+			t.Error(err)
+		}
 
 		sha := SHA1(f.Name())
 		f.Close()

pkg/util/file/file_watcher_test.go

@@ -59,7 +59,9 @@ func TestFileWatcher(t *testing.T) {
 		t.Fatalf("expected no events before writing a file")
 	case <-timeoutChan:
 	}
-	os.WriteFile(f.Name(), []byte{}, ReadWriteByUser)
+	if err := os.WriteFile(f.Name(), []byte{}, ReadWriteByUser); err != nil {
+		t.Errorf("unexpected error: %v", err)
+	}
 	select {
 	case <-events:
 	case <-timeoutChan:

pkg/util/process/sigterm_test.go

@@ -42,9 +42,9 @@ func (f *FakeProcess) exiterFunc(code int) {
 	f.exitCode = code
 }
 
-func sendDelayedSignal(delay time.Duration) {
+func sendDelayedSignal(delay time.Duration) error {
 	time.Sleep(delay * time.Second)
-	syscall.Kill(syscall.Getpid(), syscall.SIGTERM)
+	return syscall.Kill(syscall.Getpid(), syscall.SIGTERM)
 }
 
 func TestHandleSigterm(t *testing.T) {
@@ -66,7 +66,12 @@ func TestHandleSigterm(t *testing.T) {
 	for _, tt := range tests {
 		process := &FakeProcess{shouldError: tt.shouldError}
 		t.Run(tt.name, func(t *testing.T) {
-			go sendDelayedSignal(2) // Send a signal after 2 seconds
+			go func() {
+				err := sendDelayedSignal(2) // Send a signal after 2 seconds
+				if err != nil {
+					t.Errorf("error sending delayed signal: %v", err)
+				}
+			}()
 			HandleSigterm(process, tt.delay, process.exiterFunc)
 		})
 		if tt.shouldError && process.exitCode != 1 {

test/e2e/annotations/affinitymode.go

@@ -125,7 +125,7 @@ var _ = framework.DescribeAnnotation("affinitymode", func() {
 		framework.Sleep()
 
 		// validate, there is no backend to serve the request
-		response = request.WithCookies(cookies).Expect().Status(http.StatusServiceUnavailable)
+		request.WithCookies(cookies).Expect().Status(http.StatusServiceUnavailable)
 
 		// create brand new backends
 		replicas = 2

test/e2e/endpointslices/topology.go

@@ -76,7 +76,9 @@ var _ = framework.IngressNginxDescribeSerial("[TopologyHints] topology aware rou
 		status, err := f.ExecIngressPod(curlCmd)
 		assert.Nil(ginkgo.GinkgoT(), err)
 		var backends []map[string]interface{}
-		json.Unmarshal([]byte(status), &backends)
+		if err := json.Unmarshal([]byte(status), &backends); err != nil {
+			assert.Nil(ginkgo.GinkgoT(), err)
+		}
 		gotBackends := 0
 		for _, bck := range backends {
 			if strings.Contains(bck["name"].(string), "topology") {

test/e2e/framework/deployment.go

@@ -56,15 +56,8 @@ type deploymentOptions struct {
 	name           string
 	namespace      string
 	image          string
-	port           int32
 	replicas       int
-	command        []string
-	args           []string
-	env            []corev1.EnvVar
-	volumeMounts   []corev1.VolumeMount
-	volumes        []corev1.Volume
 	svcAnnotations map[string]string
-	setProbe       bool
 }
 
 // WithDeploymentNamespace allows configuring the deployment's namespace

test/e2e/framework/httpexpect/chain.go

@@ -36,19 +36,3 @@ func (c *chain) fail(message string, args ...interface{}) {
 	c.failbit = true
 	c.reporter.Errorf(message, args...)
 }
-
-func (c *chain) reset() {
-	c.failbit = false
-}
-
-func (c *chain) assertFailed(r Reporter) {
-	if !c.failbit {
-		r.Errorf("expected chain is failed, but it's ok")
-	}
-}
-
-func (c *chain) assertOK(r Reporter) {
-	if c.failbit {
-		r.Errorf("expected chain is ok, but it's failed")
-	}
-}

test/e2e/security/request_smuggling.go

@@ -79,7 +79,9 @@ func smugglingRequest(host, addr string, port int) (string, error) {
 
 	defer conn.Close()
 
-	conn.SetDeadline(time.Now().Add(time.Second * 10))
+	if err := conn.SetDeadline(time.Now().Add(time.Second * 10)); err != nil {
+		return "", err
+	}
 
 	_, err = fmt.Fprintf(conn, "GET /echo HTTP/1.1\r\nHost: %v\r\nContent-Length: 56\r\n\r\nGET /_hidden/index.html HTTP/1.1\r\nHost: notlocalhost\r\n\r\n", host)
 	if err != nil {

test/e2e/settings/proxy_protocol.go

@@ -63,8 +63,12 @@ var _ = framework.DescribeSetting("use-proxy-protocol", func() {
 		defer conn.Close()
 
 		header := "PROXY TCP4 192.168.0.1 192.168.0.11 56324 1234\r\n"
-		conn.Write([]byte(header))
-		conn.Write([]byte("GET / HTTP/1.1\r\nHost: proxy-protocol\r\n\r\n"))
+		if _, err := conn.Write([]byte(header)); err != nil {
+			assert.Nil(ginkgo.GinkgoT(), err, "unexpected error writing header")
+		}
+		if _, err := conn.Write([]byte("GET / HTTP/1.1\r\nHost: proxy-protocol\r\n\r\n")); err != nil {
+			assert.Nil(ginkgo.GinkgoT(), err, "unexpected error writing request")
+		}
 
 		data, err := io.ReadAll(conn)
 		assert.Nil(ginkgo.GinkgoT(), err, "unexpected error reading connection data")
@@ -96,8 +100,12 @@ var _ = framework.DescribeSetting("use-proxy-protocol", func() {
 		defer conn.Close()
 
 		header := "PROXY TCP4 192.168.0.1 192.168.0.11 56324 443\r\n"
-		conn.Write([]byte(header))
-		conn.Write([]byte("GET / HTTP/1.1\r\nHost: proxy-protocol\r\n\r\n"))
+		if _, err := conn.Write([]byte(header)); err != nil {
+			assert.Nil(ginkgo.GinkgoT(), err, "unexpected error writing header")
+		}
+		if _, err := conn.Write([]byte("GET / HTTP/1.1\r\nHost: proxy-protocol\r\n\r\n")); err != nil {
+			assert.Nil(ginkgo.GinkgoT(), err, "unexpected error writing request")
+		}
 
 		data, err := io.ReadAll(conn)
 		assert.Nil(ginkgo.GinkgoT(), err, "unexpected error reading connection data")
@@ -205,9 +213,12 @@ var _ = framework.DescribeSetting("use-proxy-protocol", func() {
 		defer conn.Close()
 
 		header := "PROXY TCP4 192.168.0.1 192.168.0.11 56324 8080\r\n"
-		conn.Write([]byte(header))
-		conn.Write([]byte("GET / HTTP/1.1\r\nHost: proxy-protocol\r\n\r\n"))
-
+		if _, err := conn.Write([]byte(header)); err != nil {
+			assert.Nil(ginkgo.GinkgoT(), err, "unexpected error writing header")
+		}
+		if _, err := conn.Write([]byte("GET / HTTP/1.1\r\nHost: proxy-protocol\r\n\r\n")); err != nil {
+			assert.Nil(ginkgo.GinkgoT(), err, "unexpected error writing request")
+		}
 		_, err = io.ReadAll(conn)
 		assert.Nil(ginkgo.GinkgoT(), err, "unexpected error reading connection data")
 

test/e2e/ssl/secret_update.go

@@ -73,7 +73,9 @@ var _ = framework.IngressNginxDescribe("[SSL] secret update", func() {
 
 		dummySecret.Data["some-key"] = []byte("some value")
 
-		f.KubeClientSet.CoreV1().Secrets(f.Namespace).Update(context.TODO(), dummySecret, metav1.UpdateOptions{})
+		if _, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace).Update(context.TODO(), dummySecret, metav1.UpdateOptions{}); err != nil {
+			assert.Nil(ginkgo.GinkgoT(), err, "updating secret")
+		}
 
 		assert.NotContains(ginkgo.GinkgoT(), log, fmt.Sprintf("starting syncing of secret %v/dummy", f.Namespace))
 		assert.NotContains(ginkgo.GinkgoT(), log, fmt.Sprintf("error obtaining PEM from secret %v/dummy", f.Namespace))

test/e2e/status/update.go

@@ -71,7 +71,7 @@ var _ = framework.IngressNginxDescribe("[Status] status update", func() {
 
 		f.NewEchoDeployment()
 
-		ing := f.EnsureIngress(framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, nil))
+		f.EnsureIngress(framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, nil))
 
 		f.WaitForNginxConfiguration(
 			func(cfg string) bool {
@@ -84,7 +84,7 @@ var _ = framework.IngressNginxDescribe("[Status] status update", func() {
 		err = cmd.Process.Kill()
 		assert.Nil(ginkgo.GinkgoT(), err, "unexpected error terminating kubectl proxy")
 
-		ing, err = f.KubeClientSet.NetworkingV1().Ingresses(f.Namespace).Get(context.TODO(), host, metav1.GetOptions{})
+		ing, err := f.KubeClientSet.NetworkingV1().Ingresses(f.Namespace).Get(context.TODO(), host, metav1.GetOptions{})
 		assert.Nil(ginkgo.GinkgoT(), err, "unexpected error getting %s/%v Ingress", f.Namespace, host)
 
 		ing.Status.LoadBalancer.Ingress = []v1.IngressLoadBalancerIngress{}