Skip to content

Commit

Permalink
Merge pull request #2267 from neogopher/backport/v0.19/pr-2259
Browse files Browse the repository at this point in the history
[v0.19] feat: exclude Rancher managed annotations while syncing ingress (#2259)
  • Loading branch information
FabianKramm authored Nov 13, 2024
2 parents 17ec273 + 0f13860 commit 418ded4
Show file tree
Hide file tree
Showing 3 changed files with 83 additions and 3 deletions.
4 changes: 3 additions & 1 deletion pkg/controllers/resources/ingresses/syncer.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ package ingresses
import (
"strings"

"github.com/loft-sh/vcluster/pkg/controllers/resources/services"
synccontext "github.com/loft-sh/vcluster/pkg/controllers/syncer/context"
"github.com/loft-sh/vcluster/pkg/controllers/syncer/translator"
syncertypes "github.com/loft-sh/vcluster/pkg/types"
Expand All @@ -14,8 +15,9 @@ import (
)

func NewSyncer(ctx *synccontext.RegisterContext) (syncertypes.Object, error) {
excludedAnnotations := []string{services.RancherPublicEndpointsAnnotation}
return &ingressSyncer{
NamespacedTranslator: translator.NewNamespacedTranslator(ctx, "ingress", &networkingv1.Ingress{}),
NamespacedTranslator: translator.NewNamespacedTranslator(ctx, "ingress", &networkingv1.Ingress{}, excludedAnnotations...),
}, nil
}

Expand Down
75 changes: 75 additions & 0 deletions pkg/controllers/resources/ingresses/syncer_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -430,6 +430,81 @@ func TestSync(t *testing.T) {
err = syncCtx.PhysicalClient.Get(syncCtx.Context, types.NamespacedName{Name: createdIngress.Name, Namespace: createdIngress.Namespace}, pIngress)
assert.NilError(t, err)

_, err = syncer.(*ingressSyncer).Sync(syncCtx, pIngress, vIngress)
assert.NilError(t, err)
},
},
{
Name: "Exclude Rancher managed annotations from syncing",
InitialVirtualState: []runtime.Object{
&networkingv1.Ingress{
ObjectMeta: metav1.ObjectMeta{
Name: baseIngress.Name,
Namespace: baseIngress.Namespace,
Labels: baseIngress.Labels,
Annotations: map[string]string{
"nginx.ingress.kubernetes.io/auth-secret": "my-secret",
"nginx.ingress.kubernetes.io/auth-tls-secret": baseIngress.Namespace + "/my-secret",
"field.cattle.io/publicEndpoints": `[{"addresses":["192.168.0.10"],"port":80,"protocol":"HTTP","serviceName":"default:nginx","ingressName":"default:test-ingress","hostname":"my-ingress-endpoint.com","path":"/","allNodes":false}]`,
},
},
},
},
InitialPhysicalState: []runtime.Object{
&networkingv1.Ingress{
ObjectMeta: metav1.ObjectMeta{
Name: createdIngress.Name,
Namespace: createdIngress.Namespace,
Labels: createdIngress.Labels,
},
},
},
ExpectedVirtualState: map[schema.GroupVersionKind][]runtime.Object{
networkingv1.SchemeGroupVersion.WithKind("Ingress"): {
&networkingv1.Ingress{
ObjectMeta: metav1.ObjectMeta{
Name: baseIngress.Name,
Namespace: baseIngress.Namespace,
Labels: baseIngress.Labels,
Annotations: map[string]string{
"nginx.ingress.kubernetes.io/auth-secret": "my-secret",
"nginx.ingress.kubernetes.io/auth-tls-secret": baseIngress.Namespace + "/my-secret",
"field.cattle.io/publicEndpoints": `[{"addresses":["192.168.0.10"],"port":80,"protocol":"HTTP","serviceName":"default:nginx","ingressName":"default:test-ingress","hostname":"my-ingress-endpoint.com","path":"/","allNodes":false}]`,
},
},
},
},
},
ExpectedPhysicalState: map[schema.GroupVersionKind][]runtime.Object{
networkingv1.SchemeGroupVersion.WithKind("Ingress"): {
&networkingv1.Ingress{
ObjectMeta: metav1.ObjectMeta{
Name: createdIngress.Name,
Namespace: createdIngress.Namespace,
Labels: createdIngress.Labels,
Annotations: map[string]string{
"nginx.ingress.kubernetes.io/auth-secret": translate.Default.PhysicalName("my-secret", baseIngress.Namespace),
"nginx.ingress.kubernetes.io/auth-tls-secret": createdIngress.Namespace + "/" + translate.Default.PhysicalName("my-secret", baseIngress.Namespace),
"vcluster.loft.sh/managed-annotations": "nginx.ingress.kubernetes.io/auth-secret\nnginx.ingress.kubernetes.io/auth-tls-secret",
"vcluster.loft.sh/object-name": baseIngress.Name,
"vcluster.loft.sh/object-namespace": baseIngress.Namespace,
translate.UIDAnnotation: "",
},
},
},
},
},
Sync: func(registerContext *synccontext.RegisterContext) {
syncCtx, syncer := generictesting.FakeStartSyncer(t, registerContext, NewSyncer)

vIngress := &networkingv1.Ingress{}
err := syncCtx.VirtualClient.Get(syncCtx.Context, types.NamespacedName{Name: baseIngress.Name, Namespace: baseIngress.Namespace}, vIngress)
assert.NilError(t, err)

pIngress := &networkingv1.Ingress{}
err = syncCtx.PhysicalClient.Get(syncCtx.Context, types.NamespacedName{Name: createdIngress.Name, Namespace: createdIngress.Namespace}, pIngress)
assert.NilError(t, err)

_, err = syncer.(*ingressSyncer).Sync(syncCtx, pIngress, vIngress)
assert.NilError(t, err)
},
Expand Down
7 changes: 5 additions & 2 deletions pkg/controllers/resources/services/syncer.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,14 +19,17 @@ import (
"sigs.k8s.io/controller-runtime/pkg/client"
)

var ServiceBlockDeletion = "vcluster.loft.sh/block-deletion"
var (
ServiceBlockDeletion = "vcluster.loft.sh/block-deletion"
RancherPublicEndpointsAnnotation = "field.cattle.io/publicEndpoints"
)

func New(ctx *synccontext.RegisterContext) (syncertypes.Object, error) {
return &serviceSyncer{
// exclude "field.cattle.io/publicEndpoints" annotation used by Rancher,
// because if it is also installed in the host cluster, it will be
// overriding it, which would cause endless updates back and forth.
NamespacedTranslator: translator.NewNamespacedTranslator(ctx, "service", &corev1.Service{}, "field.cattle.io/publicEndpoints"),
NamespacedTranslator: translator.NewNamespacedTranslator(ctx, "service", &corev1.Service{}, RancherPublicEndpointsAnnotation),

serviceName: ctx.Options.ServiceName,
}, nil
Expand Down

0 comments on commit 418ded4

Please sign in to comment.