Skip to content

Commit

Permalink
ingress+cname: use ownerReferences to Ingress object to autoremove cn…
Browse files Browse the repository at this point in the history
…ames when router is removed
  • Loading branch information
wpjunior committed Oct 23, 2024
1 parent 9d8fc9a commit d5fb8b0
Show file tree
Hide file tree
Showing 2 changed files with 85 additions and 15 deletions.
36 changes: 21 additions & 15 deletions kubernetes/ingress.go
Original file line number Diff line number Diff line change
Expand Up @@ -204,6 +204,20 @@ func (k *IngressService) Ensure(ctx context.Context, id router.InstanceID, o rou
ingress.Annotations[AnnotationsCNames] = strings.Join(o.CNames, ",")
}

if isNew {
_, err = ingressClient.Create(ctx, ingress, metav1.CreateOptions{})
if err != nil {
setSpanError(span, err)
return err
}
} else if ingressHasChanges(span, existingIngress, ingress) {
err = k.mergeIngresses(ctx, ingress, existingIngress, id, ingressClient, span)
if err != nil {
setSpanError(span, err)
return err
}
}

var existingCNames []string
if existingIngress != nil {
existingCNames = strings.Split(existingIngress.Annotations[AnnotationsCNames], ",")
Expand All @@ -214,6 +228,7 @@ func (k *IngressService) Ensure(ctx context.Context, id router.InstanceID, o rou
err = k.ensureCNameBackend(ctx, ensureCNameBackendOpts{
namespace: ns,
id: id,
parent: ingress,
cname: cname,
team: o.Team,
certIssuer: o.CertIssuers[cname],
Expand Down Expand Up @@ -245,17 +260,7 @@ func (k *IngressService) Ensure(ctx context.Context, id router.InstanceID, o rou
return err
}
}
if isNew {
_, err = ingressClient.Create(ctx, ingress, metav1.CreateOptions{})
if err != nil {
setSpanError(span, err)
}
return err
}

if ingressHasChanges(span, existingIngress, ingress) {
return k.mergeIngresses(ctx, ingress, existingIngress, id, ingressClient, span)
}
return nil
}

Expand Down Expand Up @@ -329,6 +334,7 @@ type ensureCNameBackendOpts struct {
cname string
team string
certIssuer string
parent *networkingV1.Ingress
service *v1.Service
routerOpts router.Opts
tags []string
Expand Down Expand Up @@ -360,7 +366,6 @@ func (k *IngressService) ensureCNameBackend(ctx context.Context, opts ensureCNam
return nil
}
}

ingress := &networkingV1.Ingress{
ObjectMeta: metav1.ObjectMeta{
Name: k.ingressCName(opts.id, opts.cname),
Expand All @@ -370,11 +375,12 @@ func (k *IngressService) ensureCNameBackend(ctx context.Context, opts ensureCNam
appBaseServiceNameLabel: opts.service.Name,
labelCNameIngress: "true",
},

OwnerReferences: []metav1.OwnerReference{
*metav1.NewControllerRef(opts.service, schema.GroupVersionKind{
Group: v1.SchemeGroupVersion.Group,
Version: v1.SchemeGroupVersion.Version,
Kind: "Service",
*metav1.NewControllerRef(opts.parent, schema.GroupVersionKind{
Group: networkingV1.SchemeGroupVersion.Group,
Version: networkingV1.SchemeGroupVersion.Version,
Kind: "Ingress",
}),
},
},
Expand Down
64 changes: 64 additions & 0 deletions kubernetes/ingress_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ import (
faketsuru "github.com/tsuru/tsuru/provision/kubernetes/pkg/client/clientset/versioned/fake"
v1 "k8s.io/api/core/v1"
networkingV1 "k8s.io/api/networking/v1"
"k8s.io/utils/ptr"

certmanagerv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1"
certmanagerv1clientset "github.com/cert-manager/cert-manager/pkg/client/clientset/versioned"
Expand Down Expand Up @@ -411,6 +412,15 @@ func TestIngressEnsureWithCNames(t *testing.T) {

expectedIngress.Name = "kubernetes-router-cname-test.io"
expectedIngress.Labels["router.tsuru.io/is-cname-ingress"] = "true"
expectedIngress.OwnerReferences = []metav1.OwnerReference{
{
APIVersion: "networking.k8s.io/v1",
Kind: "Ingress",
Name: "kubernetes-router-test-ingress",
Controller: ptr.To(true),
BlockOwnerDeletion: ptr.To(true),
},
}
delete(expectedIngress.Annotations, "router.tsuru.io/cnames")
delete(expectedIngress.Annotations, "cert-manager.io/cluster-issuer") // cert-manager.io/cluster-issuer is not allowed on cname ingress when acme is disabled

Expand Down Expand Up @@ -442,6 +452,15 @@ func TestIngressEnsureWithCNames(t *testing.T) {
require.NoError(t, err)

expectedIngress.Name = "kubernetes-router-cname-www.test.io"
expectedIngress.OwnerReferences = []metav1.OwnerReference{
{
APIVersion: "networking.k8s.io/v1",
Kind: "Ingress",
Name: "kubernetes-router-test-ingress",
Controller: ptr.To(true),
BlockOwnerDeletion: ptr.To(true),
},
}
expectedIngress.Spec.Rules[0] = networkingV1.IngressRule{
Host: "www.test.io",
IngressRuleValue: networkingV1.IngressRuleValue{
Expand Down Expand Up @@ -613,6 +632,15 @@ func TestIngressEnsureRemoveCertAnnotations(t *testing.T) {

expectedIngress := defaultIngress("test", "default")
expectedIngress.ObjectMeta.Name = "kubernetes-router-cname-test.io"
expectedIngress.ObjectMeta.OwnerReferences = []metav1.OwnerReference{
{
APIVersion: "networking.k8s.io/v1",
Kind: "Ingress",
Name: "kubernetes-router-test-ingress",
Controller: ptr.To(true),
BlockOwnerDeletion: ptr.To(true),
},
}
expectedIngress.Labels["controller"] = "my-controller"
expectedIngress.Labels["XPTO"] = "true"
expectedIngress.Labels["tsuru.io/app-name"] = "test"
Expand Down Expand Up @@ -657,6 +685,15 @@ func TestIngressEnsureRemoveCertAnnotations(t *testing.T) {

expectedIngress = defaultIngress("test", "default")
expectedIngress.ObjectMeta.Name = "kubernetes-router-cname-test.io"
expectedIngress.ObjectMeta.OwnerReferences = []metav1.OwnerReference{
{
APIVersion: "networking.k8s.io/v1",
Kind: "Ingress",
Name: "kubernetes-router-test-ingress",
Controller: ptr.To(true),
BlockOwnerDeletion: ptr.To(true),
},
}
expectedIngress.Labels["controller"] = "my-controller"
expectedIngress.Labels["XPTO"] = "true"
expectedIngress.Labels["tsuru.io/app-name"] = "test"
Expand Down Expand Up @@ -706,6 +743,15 @@ func TestIngressEnsureHTTPOnly(t *testing.T) {

expectedIngress := defaultIngress("test", "default")
expectedIngress.ObjectMeta.Name = "kubernetes-router-cname-test.io"
expectedIngress.ObjectMeta.OwnerReferences = []metav1.OwnerReference{
{
APIVersion: "networking.k8s.io/v1",
Kind: "Ingress",
Name: "kubernetes-router-test-ingress",
Controller: ptr.To(true),
BlockOwnerDeletion: ptr.To(true),
},
}
expectedIngress.Labels["controller"] = "my-controller"
expectedIngress.Labels["XPTO"] = "true"
expectedIngress.Labels["tsuru.io/app-name"] = "test"
Expand Down Expand Up @@ -1652,6 +1698,15 @@ func TestEnsureWithTLSAndCName(t *testing.T) {
expectedIngress = defaultIngress("test", "default")
expectedIngress.Spec.Rules[0].Host = "test.io"
expectedIngress.Name = "kubernetes-router-cname-test.io"
expectedIngress.OwnerReferences = []metav1.OwnerReference{
{
APIVersion: "networking.k8s.io/v1",
Kind: "Ingress",
Name: "kubernetes-router-test-ingress",
Controller: ptr.To(true),
BlockOwnerDeletion: ptr.To(true),
},
}
expectedIngress.Labels["router.tsuru.io/is-cname-ingress"] = "true"
expectedIngress.Labels["tsuru.io/app-name"] = "test"
expectedIngress.Labels["tsuru.io/app-team"] = "default"
Expand Down Expand Up @@ -1700,6 +1755,15 @@ func TestEnsureWithTLSAndCNameAndAcmeCName(t *testing.T) {
expectedIngress = defaultIngress("test", "default")
expectedIngress.Spec.Rules[0].Host = "test.io"
expectedIngress.Name = "kubernetes-router-cname-test.io"
expectedIngress.OwnerReferences = []metav1.OwnerReference{
{
APIVersion: "networking.k8s.io/v1",
Kind: "Ingress",
Name: "kubernetes-router-test-ingress",
Controller: ptr.To(true),
BlockOwnerDeletion: ptr.To(true),
},
}
expectedIngress.Labels["tsuru.io/app-name"] = "test"
expectedIngress.Labels["tsuru.io/app-team"] = "default"
expectedIngress.Labels["router.tsuru.io/is-cname-ingress"] = "true"
Expand Down

0 comments on commit d5fb8b0

Please sign in to comment.