Fix namespace scope not working as expected #9712
Conversation
…ng, any incoming Ingress will be caught by ingress-controller and written into nginx configuration file even ingress class of the Ingress object doesn't match the IngressClass watched by current ingress-controller. new logic will try get the IngressClass value on incoming Ingress Object. if IngressClass doesn't match the current IngressController, this ingress will be ignored Signed-off-by: Gong Yongjie <[email protected]>
k8s-ci-robot
added
needs-triage
|
This issue is currently awaiting triage. If Ingress contributors determines this is a relevant issue, they will accept it by applying the The Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
needs-ok-to-test
|
Hi @yong-jie-gong. Thanks for your PR. I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
needs-priority
size/S
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: yong-jie-gong The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
@yong-jie-gong Please create a issue and add the information in the issue as per new issue template. Then please write a complete and fully detailed step-by-step instruction for someone to copy/paste from your instructions, and reproduce the problem. Your short description of this PR is actually misleading and confusing. Its even false as per my tests because I can install 2 controllers as per this https://kubernetes.github.io/ingress-nginx/user-guide/k8s-122-migration/#how-can-i-easily-install-multiple-instances-of-the-ingress-nginx-controller-in-the-same-cluster , and then I can create 2 ingresses resources, with each ingress resource being processed by different controller(s). So if my test is wrong, then it will help everyone to know exactly what the problem is and the issue I am requesting you to create will contains details of that issue. You are basically suggesting that installing multiple instances of the controller in the same cluster and then creating ingress resources to use different controllers is not possible with the current release of the controller. This is a core basic functionality of the controller and much work has been done to keep it working, so a lot of small tiny granular details are needed on what problem this PR is solving. |
|
The other problem you are hinting is related to the flags and configuration of the controller, like default controller and watch etc etc. On top of that you are describing something about get/list permission of the controller pod and that is also a documented and clearly understood behaviour as per the manifest published by this project. So complete detailed step by step instruction to reproduce this problem is also needed, so someone can reproduce the problem, by copy pasting from your instructions. |
k8s-ci-robot
added
the
do-not-merge/hold
|
And if you change this behavior, please add test cases to cover this |
|
This is stale, but we won't close it automatically, just bare in mind the maintainers may be busy with other tasks and will reach your issue ASAP. If you have any question or request to prioritize this, please reach |
github-actions
bot
added
the
lifecycle/frozen
|
The This bot removes
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /remove-lifecycle frozen |
k8s-ci-robot
removed
the
lifecycle/frozen
k8s-ci-robot
added
the
needs-rebase
|
PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
@yong-jie-gong can you rebase @tao12345666333 can you take a look after they rebase |
with current logic, if IngressController pod don't have get/list permission on cluster level object
IngressClass, any incoming Ingress will be caught by ingress-controller and written into nginx configuration file even ingress class of the Ingress object doesn't match the IngressClass watched by current ingress-controller.new logic will try get the IngressClass value on incoming Ingress Object. if IngressClass doesn't match the current IngressController, this ingress will be ignored
What this PR does / why we need it:
Types of changes
Which issue/s this PR fixes
fixes 9662How Has This Been Tested?
Checklist:
Does my pull request need a release note?
Any user-visible or operator-visible change qualifies for a release note. This could be a:
No release notes are required for changes to the following:
For more tips on writing good release notes, check out the Release Notes Handbook