Skip to content

Commit

Permalink
Print warning only instead of error if no permission on ingressclass (#…
Browse files Browse the repository at this point in the history
…7578)

* skip ingressclass check if ingressclass is not enabled

* reformat with gofmt
  • Loading branch information
yong-jie-gong authored Oct 10, 2021
1 parent 710d0db commit 6499393
Show file tree
Hide file tree
Showing 3 changed files with 27 additions and 10 deletions.
5 changes: 4 additions & 1 deletion cmd/nginx/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -110,8 +110,11 @@ func main() {
_, err = kubeClient.NetworkingV1().IngressClasses().List(context.TODO(), metav1.ListOptions{})
if err != nil {
if !errors.IsNotFound(err) {
if errors.IsUnauthorized(err) || !errors.IsForbidden(err) {
if errors.IsUnauthorized(err) {
klog.Fatalf("Error searching IngressClass: Please verify your RBAC and allow Ingress Controller to list and get Ingress Classes: %v", err)
} else if errors.IsForbidden(err) {
klog.Warningf("No permissions to list and get Ingress Classes: %v, IngressClass feature will be disabled", err)
conf.IngressClassConfiguration.IgnoreIngressClass = true
}
}
}
Expand Down
4 changes: 3 additions & 1 deletion internal/ingress/controller/ingressclass/ingressclass.go
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,9 @@ type IngressClassConfiguration struct {
// WatchWithoutClass defines if Controller should watch to Ingress Objects that does
// not contain an IngressClass configuration
WatchWithoutClass bool

// IgnoreIngressClass defines if Controller should ignore the IngressClass Object if no permissions are
// granted on IngressClass
IgnoreIngressClass bool
//IngressClassByName defines if the Controller should watch for Ingress Classes by
// .metadata.name together with .spec.Controller
IngressClassByName bool
Expand Down
28 changes: 20 additions & 8 deletions internal/ingress/controller/store/store.go
Original file line number Diff line number Diff line change
Expand Up @@ -151,21 +151,25 @@ func (e NotExistsError) Error() string {
func (i *Informer) Run(stopCh chan struct{}) {
go i.Secret.Run(stopCh)
go i.Endpoint.Run(stopCh)
go i.IngressClass.Run(stopCh)
if i.IngressClass != nil {
go i.IngressClass.Run(stopCh)
}
go i.Service.Run(stopCh)
go i.ConfigMap.Run(stopCh)

// wait for all involved caches to be synced before processing items
// from the queue
if !cache.WaitForCacheSync(stopCh,
i.Endpoint.HasSynced,
i.IngressClass.HasSynced,
i.Service.HasSynced,
i.Secret.HasSynced,
i.ConfigMap.HasSynced,
) {
runtime.HandleError(fmt.Errorf("timed out waiting for caches to sync"))
}
if i.IngressClass != nil && !cache.WaitForCacheSync(stopCh, i.IngressClass.HasSynced) {
runtime.HandleError(fmt.Errorf("timed out waiting for ingress classcaches to sync"))
}

// in big clusters, deltas can keep arriving even after HasSynced
// functions have returned 'true'
Expand Down Expand Up @@ -300,8 +304,10 @@ func New(
store.informers.Ingress = infFactory.Networking().V1().Ingresses().Informer()
store.listers.Ingress.Store = store.informers.Ingress.GetStore()

store.informers.IngressClass = infFactory.Networking().V1().IngressClasses().Informer()
store.listers.IngressClass.Store = cache.NewStore(cache.MetaNamespaceKeyFunc)
if !icConfig.IgnoreIngressClass {
store.informers.IngressClass = infFactory.Networking().V1().IngressClasses().Informer()
store.listers.IngressClass.Store = cache.NewStore(cache.MetaNamespaceKeyFunc)
}

store.informers.Endpoint = infFactory.Core().V1().Endpoints().Informer()
store.listers.Endpoint.Store = store.informers.Endpoint.GetStore()
Expand Down Expand Up @@ -385,8 +391,12 @@ func New(
oldIng, _ := toIngress(old)
curIng, _ := toIngress(cur)

_, errOld := store.GetIngressClass(oldIng, icConfig)
classCur, errCur := store.GetIngressClass(curIng, icConfig)
var errOld, errCur error
var classCur string
if !icConfig.IgnoreIngressClass {
_, errOld = store.GetIngressClass(oldIng, icConfig)
classCur, errCur = store.GetIngressClass(curIng, icConfig)
}
if errOld != nil && errCur == nil {
if hasCatchAllIngressRule(curIng.Spec) && disableCatchAll {
klog.InfoS("ignoring update for catch-all ingress because of --disable-catch-all", "ingress", klog.KObj(curIng))
Expand Down Expand Up @@ -699,7 +709,9 @@ func New(
}

store.informers.Ingress.AddEventHandler(ingEventHandler)
store.informers.IngressClass.AddEventHandler(ingressClassEventHandler)
if !icConfig.IgnoreIngressClass {
store.informers.IngressClass.AddEventHandler(ingressClassEventHandler)
}
store.informers.Endpoint.AddEventHandler(epEventHandler)
store.informers.Secret.AddEventHandler(secrEventHandler)
store.informers.ConfigMap.AddEventHandler(cmEventHandler)
Expand Down Expand Up @@ -852,7 +864,7 @@ func (s *k8sStore) GetService(key string) (*corev1.Service, error) {

func (s *k8sStore) GetIngressClass(ing *networkingv1.Ingress, icConfig *ingressclass.IngressClassConfiguration) (string, error) {
// First we try ingressClassName
if ing.Spec.IngressClassName != nil {
if !icConfig.IgnoreIngressClass && ing.Spec.IngressClassName != nil {
iclass, err := s.listers.IngressClass.ByKey(*ing.Spec.IngressClassName)
if err != nil {
return "", err
Expand Down

0 comments on commit 6499393

Please sign in to comment.