From c1172cab3cc11a744d9c8c53202745db5e9fd4c8 Mon Sep 17 00:00:00 2001 From: Ishan Khare Date: Thu, 21 Sep 2023 18:30:26 +0530 Subject: [PATCH] add redirectconfig to alb ingress annotation --- .../resources/ingresses/syncer_test.go | 43 ++++++++++--------- .../resources/ingresses/util/util.go | 20 +++++---- 2 files changed, 35 insertions(+), 28 deletions(-) diff --git a/pkg/controllers/resources/ingresses/syncer_test.go b/pkg/controllers/resources/ingresses/syncer_test.go index 3ed844a71..91e97507f 100644 --- a/pkg/controllers/resources/ingresses/syncer_test.go +++ b/pkg/controllers/resources/ingresses/syncer_test.go @@ -294,8 +294,8 @@ func TestSync(t *testing.T) { Namespace: baseIngress.Namespace, Labels: baseIngress.Labels, Annotations: map[string]string{ - "nginx.ingress.kubernetes.io/auth-secret": "my-secret", - "nginx.ingress.kubernetes.io/auth-tls-secret": baseIngress.Namespace+"/my-secret", + "nginx.ingress.kubernetes.io/auth-secret": "my-secret", + "nginx.ingress.kubernetes.io/auth-tls-secret": baseIngress.Namespace + "/my-secret", }, }, }, @@ -317,8 +317,8 @@ func TestSync(t *testing.T) { Namespace: baseIngress.Namespace, Labels: baseIngress.Labels, Annotations: map[string]string{ - "nginx.ingress.kubernetes.io/auth-secret": "my-secret", - "nginx.ingress.kubernetes.io/auth-tls-secret": baseIngress.Namespace+"/my-secret", + "nginx.ingress.kubernetes.io/auth-secret": "my-secret", + "nginx.ingress.kubernetes.io/auth-tls-secret": baseIngress.Namespace + "/my-secret", }, }, }, @@ -332,12 +332,12 @@ func TestSync(t *testing.T) { Namespace: createdIngress.Namespace, Labels: createdIngress.Labels, Annotations: map[string]string{ - "nginx.ingress.kubernetes.io/auth-secret": translate.Default.PhysicalName("my-secret", baseIngress.Namespace), - "nginx.ingress.kubernetes.io/auth-tls-secret": createdIngress.Namespace+"/"+translate.Default.PhysicalName("my-secret", baseIngress.Namespace), - "vcluster.loft.sh/managed-annotations": "nginx.ingress.kubernetes.io/auth-secret\nnginx.ingress.kubernetes.io/auth-tls-secret", - "vcluster.loft.sh/object-name": baseIngress.Name, - "vcluster.loft.sh/object-namespace": baseIngress.Namespace, - translate.UIDAnnotation: "", + "nginx.ingress.kubernetes.io/auth-secret": translate.Default.PhysicalName("my-secret", baseIngress.Namespace), + "nginx.ingress.kubernetes.io/auth-tls-secret": createdIngress.Namespace + "/" + translate.Default.PhysicalName("my-secret", baseIngress.Namespace), + "vcluster.loft.sh/managed-annotations": "nginx.ingress.kubernetes.io/auth-secret\nnginx.ingress.kubernetes.io/auth-tls-secret", + "vcluster.loft.sh/object-name": baseIngress.Name, + "vcluster.loft.sh/object-namespace": baseIngress.Namespace, + translate.UIDAnnotation: "", }, }, }, @@ -367,8 +367,9 @@ func TestSync(t *testing.T) { Namespace: baseIngress.Namespace, Labels: baseIngress.Labels, Annotations: map[string]string{ - "nginx.ingress.kubernetes.io/auth-secret": "my-secret", - "alb.ingress.kubernetes.io/actions.testservice": "{\"forwardConfig\":{\"targetGroups\":[{\"serviceName\":\"nginx-service\",\"servicePort\":\"80\",\"weight\":100}]}}", + "nginx.ingress.kubernetes.io/auth-secret": "my-secret", + "alb.ingress.kubernetes.io/actions.testservice": "{\"forwardConfig\":{\"targetGroups\":[{\"serviceName\":\"nginx-service\",\"servicePort\":\"80\",\"weight\":100}]}}", + "alb.ingress.kubernetes.io/actions.ssl-redirect": `{"type": "redirect", "redirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}`, }, }, }, @@ -390,8 +391,9 @@ func TestSync(t *testing.T) { Namespace: baseIngress.Namespace, Labels: baseIngress.Labels, Annotations: map[string]string{ - "alb.ingress.kubernetes.io/actions.testservice": "{\"forwardConfig\":{\"targetGroups\":[{\"serviceName\":\"nginx-service\",\"servicePort\":\"80\",\"weight\":100}]}}", - "nginx.ingress.kubernetes.io/auth-secret": "my-secret", + "alb.ingress.kubernetes.io/actions.testservice": "{\"forwardConfig\":{\"targetGroups\":[{\"serviceName\":\"nginx-service\",\"servicePort\":\"80\",\"weight\":100}]}}", + "alb.ingress.kubernetes.io/actions.ssl-redirect": `{"type": "redirect", "redirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}`, + "nginx.ingress.kubernetes.io/auth-secret": "my-secret", }, }, }, @@ -405,12 +407,13 @@ func TestSync(t *testing.T) { Namespace: createdIngress.Namespace, Labels: createdIngress.Labels, Annotations: map[string]string{ - "vcluster.loft.sh/managed-annotations": "alb.ingress.kubernetes.io/actions.testservice-x-test-x-suffix\nnginx.ingress.kubernetes.io/auth-secret", - "nginx.ingress.kubernetes.io/auth-secret": translate.Default.PhysicalName("my-secret", baseIngress.Namespace), - "vcluster.loft.sh/object-name": baseIngress.Name, - "vcluster.loft.sh/object-namespace": baseIngress.Namespace, - translate.UIDAnnotation: "", - "alb.ingress.kubernetes.io/actions.testservice-x-test-x-suffix": "{\"forwardConfig\":{\"targetGroups\":[{\"serviceName\":\"nginx-service-x-test-x-suffix\",\"servicePort\":\"80\",\"weight\":100}]}}", + "vcluster.loft.sh/managed-annotations": "alb.ingress.kubernetes.io/actions.ssl-redirect-x-test-x-suffix\nalb.ingress.kubernetes.io/actions.testservice-x-test-x-suffix\nnginx.ingress.kubernetes.io/auth-secret", + "nginx.ingress.kubernetes.io/auth-secret": translate.Default.PhysicalName("my-secret", baseIngress.Namespace), + "vcluster.loft.sh/object-name": baseIngress.Name, + "vcluster.loft.sh/object-namespace": baseIngress.Namespace, + translate.UIDAnnotation: "", + "alb.ingress.kubernetes.io/actions.testservice-x-test-x-suffix": "{\"forwardConfig\":{\"targetGroups\":[{\"serviceName\":\"nginx-service-x-test-x-suffix\",\"servicePort\":\"80\",\"weight\":100}]}}", + "alb.ingress.kubernetes.io/actions.ssl-redirect-x-test-x-suffix": `{"type":"redirect","forwardConfig":{},"redirectConfig":{"Port":"443","Protocol":"HTTPS","StatusCode":"HTTP_301"}}`, }, }, }, diff --git a/pkg/controllers/resources/ingresses/util/util.go b/pkg/controllers/resources/ingresses/util/util.go index f827246c9..ef9d11ace 100644 --- a/pkg/controllers/resources/ingresses/util/util.go +++ b/pkg/controllers/resources/ingresses/util/util.go @@ -2,10 +2,11 @@ package util import ( "encoding/json" + "strings" + "github.com/loft-sh/vcluster/pkg/util/translate" "k8s.io/klog/v2" "sigs.k8s.io/controller-runtime/pkg/client" - "strings" ) const AlbConditionAnnotation = "alb.ingress.kubernetes.io/conditions" @@ -21,15 +22,18 @@ func getActionOrConditionValue(annotation, actionOrCondition string) string { return "" } +// ref https://github.com/kubernetes-sigs/aws-load-balancer-controller/blob/main/pkg/ingress/config_types.go +type actionPayload struct { + Type string `json:"type,omitempty"` + ForwardConfig struct { + TargetGroups []map[string]interface{} `json:"targetGroups,omitempty"` + TargetGroupStickinessConfig map[string]interface{} `json:"targetGroupStickinessConfig,omitempty"` + } `json:"forwardConfig,omitempty"` + RedirectConfig map[string]interface{} `json:"redirectConfig,omitempty"` +} + func ProcessAlbAnnotations(namespace string, k string, v string) (string, string) { if strings.HasPrefix(k, AlbActionsAnnotation) { - type actionPayload struct { - Type string `json:"type,omitempty"` - ForwardConfig struct { - TargetGroups []map[string]interface{} `json:"targetGroups,omitempty"` - TargetGroupStickinessConfig map[string]interface{} `json:"targetGroupStickinessConfig,omitempty"` - } `json:"forwardConfig,omitempty"` - } // change k action := getActionOrConditionValue(k, ActionsSuffix) if !strings.Contains(k, "x-"+namespace+"-x") {