Skip to content

Commit a17cebf

Browse files
M00nF1shM00nF1sh
authored
enhance handling for InvalidIngressClass case (#2750)
1 parent fb7d7e9 commit a17cebf

File tree

2 files changed

+329
-116
lines changed

2 files changed

+329
-116
lines changed

pkg/ingress/group_loader.go

Lines changed: 43 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -84,16 +84,16 @@ func (m *defaultGroupLoader) Load(ctx context.Context, groupID GroupID) (Group,
8484

8585
var members []ClassifiedIngress
8686
var inactiveMembers []*networking.Ingress
87-
finalizer := buildGroupFinalizer(groupID)
8887
for index := range ingList.Items {
8988
ing := &ingList.Items[index]
90-
classifiedIngress, isGroupMember, err := m.isGroupMember(ctx, groupID, ing)
89+
membershipType, classifiedIng, err := m.checkGroupMembershipType(ctx, groupID, ing)
9190
if err != nil {
92-
return Group{}, errors.Wrapf(err, "ingress: %v", k8s.NamespacedName(ing))
91+
return Group{}, errors.Wrapf(err, "Ingress: %v", k8s.NamespacedName(ing))
9392
}
94-
if isGroupMember {
95-
members = append(members, classifiedIngress)
96-
} else if m.containsGroupFinalizer(groupID, finalizer, ing) {
93+
switch membershipType {
94+
case groupMembershipTypeActiveMember:
95+
members = append(members, classifiedIng)
96+
case groupMembershipTypeInactiveMember:
9797
inactiveMembers = append(inactiveMembers, ing)
9898
}
9999
}
@@ -128,22 +128,47 @@ func (m *defaultGroupLoader) LoadGroupIDsPendingFinalization(_ context.Context,
128128
return groupIDs
129129
}
130130

131-
// isGroupMember checks whether specified Ingress is member of specific IngressGroup.
132-
// If it's group member, a valid ClassifiedIngress will be returned as well.
133-
// NOTE: this function should only error out when it's not certain whether the specified ingress is group member. (e.g. due to APIServer failures).
134-
func (m *defaultGroupLoader) isGroupMember(ctx context.Context, groupID GroupID, ing *networking.Ingress) (ClassifiedIngress, bool, error) {
135-
classifiedIngress, ingGroupID, err := m.loadGroupIDIfAnyHelper(ctx, ing)
131+
type groupMembershipType int
132+
133+
const (
134+
groupMembershipTypeNone = iota
135+
groupMembershipTypeActiveMember
136+
groupMembershipTypeInactiveMember
137+
)
138+
139+
// checkGroupMembership checks whether specified Ingress is members of specific IngressGroup.
140+
// If it's active group member, a valid ClassifiedIngress will be returned as well.
141+
func (m *defaultGroupLoader) checkGroupMembershipType(ctx context.Context, groupID GroupID, ing *networking.Ingress) (groupMembershipType, ClassifiedIngress, error) {
142+
groupFinalizer := buildGroupFinalizer(groupID)
143+
hasGroupFinalizer := m.containsGroupFinalizer(groupID, groupFinalizer, ing)
144+
classifiedIng, ingGroupID, err := m.loadGroupIDIfAnyHelper(ctx, ing)
136145
if err != nil {
137-
if errors.Is(err, ErrInvalidIngressClass) || errors.Is(err, errInvalidIngressGroup) {
138-
return ClassifiedIngress{}, false, nil
146+
// tolerate ErrInvalidIngressClass for Ingresses that hasn't belongs to the group yet.
147+
// for Ingresses that was belongs to the group, we error out to avoid remove the Ingress from IngressGroup since the IngressClass might be accidentally modified.
148+
// see https://github.com/kubernetes-sigs/aws-load-balancer-controller/issues/2731
149+
if errors.Is(err, ErrInvalidIngressClass) {
150+
if hasGroupFinalizer {
151+
return groupMembershipTypeNone, ClassifiedIngress{}, errors.Wrapf(err, "Ingress has invalid IngressClass configuration")
152+
}
153+
return groupMembershipTypeNone, ClassifiedIngress{}, nil
154+
}
155+
156+
// tolerate errInvalidIngressGroup error since an Ingress with a wrong IngressGroup name means to leave the IngressGroup anyway.
157+
if errors.Is(err, errInvalidIngressGroup) {
158+
if hasGroupFinalizer {
159+
return groupMembershipTypeInactiveMember, ClassifiedIngress{}, nil
160+
}
161+
return groupMembershipTypeNone, ClassifiedIngress{}, nil
139162
}
140-
return ClassifiedIngress{}, false, err
163+
return groupMembershipTypeNone, ClassifiedIngress{}, err
141164
}
142-
if ingGroupID == nil {
143-
return ClassifiedIngress{}, false, nil
165+
166+
if ingGroupID != nil && *ingGroupID == groupID {
167+
return groupMembershipTypeActiveMember, classifiedIng, nil
168+
} else if hasGroupFinalizer {
169+
return groupMembershipTypeInactiveMember, ClassifiedIngress{}, nil
144170
}
145-
groupIDMatches := groupID == *ingGroupID
146-
return classifiedIngress, groupIDMatches, nil
171+
return groupMembershipTypeNone, ClassifiedIngress{}, nil
147172
}
148173

149174
// loadGroupIDIfAnyHelper loads the groupID for Ingress if Ingress belong to any IngressGroup, along with the ClassifiedIngress object.

0 commit comments

Comments
 (0)