Implement support for HTTPS Redirects

[spencerhance]

Adds support for using HTTPS Redirects with L7 ELB via a Redirects Config in FrontendConfig
Also includes a new status annotation for the additional UrlMap that needs to be synced

e2e tests will be added in a follow up

[k8s-ci-robot]

Hi @spencerhance. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[rramkumar1]

/ok-to-test

[rramkumar1]

LGTM, would like one more pair of eyes on it though.

[spencerhance]

@freehan can you also take a look?

/assign @freehan

[freehan]

How about only supporting GC for the v2 naming scheme.

One more thing, there is one corner case: If someone enabled the HTTP redirect and disable later. Will the RedirectURLMap get trimmed? From the code, I do not think so, right?

Maybe handle this as part of the ensureRedirectUrlMap code?

[freehan]

I strongly recommend NOT to support this feature in V1 Namer.

[freehan]

Return an error event. Asking user to recreate ingress and it will come with new naming scheme.

[spencerhance]

Done

[freehan]

// RedirectUrlMap returns the name of the URL Map and if the namer supports naming redirectUrlMap
RedirectUrlMap() (string, bool)

[spencerhance]

Done

[spencerhance]

@freehan

One more thing, there is one corner case: If someone enabled the HTTP redirect and disable later. Will the RedirectURLMap get trimmed? From the code, I do not think so, right?

Good point, I added in code to delete it when disabled

[freehan]

Might worth avoiding this GET call every time an irrelevant ingress was synced.

One idea is to check if the the ingress status annotation has the redirectUrlMap

[spencerhance]

Done

[freehan]

add a comment here to say "do not expect to have a RedirectUrlMap"

[spencerhance]

Done

[freehan]

probably no need for the else block

[spencerhance]

Done

[freehan]

/lgtm
/approve

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: freehan, spencerhance

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [freehan]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderaven]

Good to know this has been merged finally! I'm new to this, when is the expected timeline for this to be available in GKE? And is there any documentation that comes along with it?

[peterldowns]

Yes, would really love to use this, when will it be available in GKE?

[artvichi]

Is this going to be live at some point in this century ?

[spencerhance]

Hi folks, please follow the discussion at #1075

We are doing everything we can to launch this ASAP

[rhzs]

Why didn't this code written as follow with less branches?

umName := l.um.Name
if flags.F.EnableFrontendConfig {
  // TODO(shance): check for empty name?
    if l.redirectUm != nil && l.runtimeInfo.FrontendConfig.Spec.RedirectToHttps != nil && l.runtimeInfo.FrontendConfig.Spec.RedirectToHttps.Enabled {
      umName = l.redirectUm.Name
    }
}