Merge pull request #1969 from M00nF1sh/lb_attrs

k8s-ci-robot · web-flow · commit 25b648f53604 · 2021-05-03T10:28:10.000-07:00
enforce LB attributes according to IngressClassParams
diff --git a/config/webhook/manifests.v1beta1.yaml b/config/webhook/manifests.v1beta1.yaml
@@ -74,6 +74,7 @@ webhooks:
         namespace: system
         path: /validate-networking-v1beta1-ingress
     failurePolicy: Fail
+    matchPolicy: Equivalent
     name: vingress.elbv2.k8s.aws
     rules:
       - apiGroups:
diff --git a/pkg/ingress/model_build_load_balancer.go b/pkg/ingress/model_build_load_balancer.go
@@ -117,6 +117,11 @@ func (t *defaultModelBuildTask) buildLoadBalancerName(_ context.Context, scheme
 func (t *defaultModelBuildTask) buildLoadBalancerScheme(_ context.Context) (elbv2model.LoadBalancerScheme, error) {
 	explicitSchemes := sets.String{}
 	for _, member := range t.ingGroup.Members {
+		if member.IngClassConfig.IngClassParams != nil && member.IngClassConfig.IngClassParams.Spec.Scheme != nil {
+			scheme := string(*member.IngClassConfig.IngClassParams.Spec.Scheme)
+			explicitSchemes.Insert(scheme)
+			continue
+		}
 		rawSchema := ""
 		if exists := t.annotationParser.ParseStringAnnotation(annotations.IngressSuffixScheme, &rawSchema, member.Ing.Annotations); !exists {
 			continue
@@ -144,6 +149,11 @@ func (t *defaultModelBuildTask) buildLoadBalancerScheme(_ context.Context) (elbv
 func (t *defaultModelBuildTask) buildLoadBalancerIPAddressType(_ context.Context) (elbv2model.IPAddressType, error) {
 	explicitIPAddressTypes := sets.NewString()
 	for _, member := range t.ingGroup.Members {
+		if member.IngClassConfig.IngClassParams != nil && member.IngClassConfig.IngClassParams.Spec.IPAddressType != nil {
+			ipAddressType := string(*member.IngClassConfig.IngClassParams.Spec.IPAddressType)
+			explicitIPAddressTypes.Insert(ipAddressType)
+			continue
+		}
 		rawIPAddressType := ""
 		if exists := t.annotationParser.ParseStringAnnotation(annotations.IngressSuffixIPAddressType, &rawIPAddressType, member.Ing.Annotations); !exists {
 			continue
diff --git a/webhooks/networking/ingress_validator.go b/webhooks/networking/ingress_validator.go
@@ -144,7 +144,7 @@ func (v *ingressValidator) checkIngressClassUsage(ctx context.Context, ing *netw
 	return nil
 }
 
-// +kubebuilder:webhook:path=/validate-networking-v1beta1-ingress,mutating=false,failurePolicy=fail,groups=networking.k8s.io,resources=ingresses,verbs=create;update,versions=v1beta1,name=vingress.elbv2.k8s.aws,sideEffects=None,webhookVersions=v1beta1
+// +kubebuilder:webhook:path=/validate-networking-v1beta1-ingress,mutating=false,failurePolicy=fail,groups=networking.k8s.io,resources=ingresses,verbs=create;update,versions=v1beta1,name=vingress.elbv2.k8s.aws,sideEffects=None,webhookVersions=v1beta1,matchPolicy=Equivalent
 
 func (v *ingressValidator) SetupWithManager(mgr ctrl.Manager) {
 	mgr.GetWebhookServer().Register(apiPathValidateNetworkingIngress, webhook.ValidatingWebhookForValidator(v))

Original file line number	Diff line number	Diff line change
`@@ -144,7 +144,7 @@ func (v ingressValidator) checkIngressClassUsage(ctx context.Context, ing netw`
`144`	`144`	`return nil`
`145`	`145`	`}`
`146`	`146`
`147`		`-// +kubebuilder:webhook:path=/validate-networking-v1beta1-ingress,mutating=false,failurePolicy=fail,groups=networking.k8s.io,resources=ingresses,verbs=create;update,versions=v1beta1,name=vingress.elbv2.k8s.aws,sideEffects=None,webhookVersions=v1beta1`
	`147`	`+// +kubebuilder:webhook:path=/validate-networking-v1beta1-ingress,mutating=false,failurePolicy=fail,groups=networking.k8s.io,resources=ingresses,verbs=create;update,versions=v1beta1,name=vingress.elbv2.k8s.aws,sideEffects=None,webhookVersions=v1beta1,matchPolicy=Equivalent`
`148`	`148`
`149`	`149`	`func (v *ingressValidator) SetupWithManager(mgr ctrl.Manager) {`
`150`	`150`	`mgr.GetWebhookServer().Register(apiPathValidateNetworkingIngress, webhook.ValidatingWebhookForValidator(v))`