From 3646a951290c99bbc48dc7db6b1cf81660bd4f3c Mon Sep 17 00:00:00 2001 From: Inbaraj S Date: Tue, 16 Jan 2024 11:02:48 +0530 Subject: [PATCH 1/4] Update GettingStarted.md (#37) --- GettingStarted.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/GettingStarted.md b/GettingStarted.md index ebbc5c7d..b2d2a687 100644 --- a/GettingStarted.md +++ b/GettingStarted.md @@ -105,7 +105,7 @@ If the deployment is done via manifest templates update deployment container arg ``` #### Workload Identity -For workload identity, we have to use [Enhanced Clusters](https://confluence.oci.oraclecorp.com/display/OKE/Enhanced+Clusters), and follow the public documentation to setup policies - [Doc](https://docs.oracle.com/en-us/iaas/Content/ContEng/Tasks/contenggrantingworkloadaccesstoresources.htm) +For workload identity, we have to use [Enhanced Clusters](https://docs.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengcreatingenhancedclusters.htm), and follow the public documentation to setup policies - [Doc](https://docs.oracle.com/en-us/iaas/Content/ContEng/Tasks/contenggrantingworkloadaccesstoresources.htm) We have added the support to enable this via the authType flag as follows: ``` From 575e0d0f8b6ba023ce226b41f63ce96b871de64f Mon Sep 17 00:00:00 2001 From: Inbaraj S Date: Wed, 24 Jan 2024 10:17:28 +0530 Subject: [PATCH 2/4] Update GettingStarted.md (#38) --- GettingStarted.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/GettingStarted.md b/GettingStarted.md index b2d2a687..894bdb78 100644 --- a/GettingStarted.md +++ b/GettingStarted.md @@ -46,8 +46,9 @@ This section describes steps to deploy and test OCI-Native-Ingress-Controller. ### Prerequisites Kubernetes Cluster with Native Pod Networking setup. Currently supported kubernetes versions are: -- v1.25.4 -- v1.26.2 +- 1.26 +- 1.27 +- 1.28 We set up the cluster with native pod networking and update the security rules. The documentation for NPN : [Doc Ref](https://docs.oracle.com/en-us/iaas/Content/ContEng/Concepts/contengpodnetworking_topic-OCI_CNI_plugin.htm). From d9394c2dc9ed523cc9cba42530a4f3b8656a5501 Mon Sep 17 00:00:00 2001 From: Inbaraj S Date: Wed, 31 Jan 2024 16:46:10 +0530 Subject: [PATCH 3/4] Multi arch support (#39) --- .github/workflows/release.yaml | 29 ++++++++++++++++++----------- Dockerfile | 4 ++-- Makefile | 4 ++-- 3 files changed, 22 insertions(+), 15 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index a66bb27c..ea88d689 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -20,21 +20,28 @@ jobs: IMAGE_REGISTRY: ghcr.io/oracle steps: - name: Checkout - uses: actions/checkout@v3.3.0 + uses: actions/checkout@v4 - name: Set up QEMU - uses: docker/setup-qemu-action@v2 + uses: docker/setup-qemu-action@v3 with: - platforms: amd64 + platforms: linux/amd64,linux/arm64 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@v3 - - name: Log into GitHub Container Registry - run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${GITHUB_ACTOR,,} --password-stdin - - - name: Build Image - run: REGISTRY="${{ env.IMAGE_REGISTRY }}" VERSION="${{ github.ref_name }}" make image + - name: Login to Docker + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} - - name: Push Image - run: REGISTRY="${{ env.IMAGE_REGISTRY }}" VERSION="${{ github.ref_name }}" make push \ No newline at end of file + - name: Build and push + uses: docker/build-push-action@v5 + with: + context: . + platforms: linux/amd64,linux/arm64 + push: true + provenance: false + tags: ghcr.io/oracle/oci-native-ingress-controller:${{ github.ref_name }} \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index defb7a95..c1c7e2fd 100644 --- a/Dockerfile +++ b/Dockerfile @@ -18,7 +18,7 @@ COPY . ./ # the docker BUILDPLATFORM arg will be linux/arm64 when for Apple x86 it will be linux/amd64. Therefore, # by leaving it empty we can ensure that the container and binary shipped on it will have the same platform. #RUN CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -a -o manager main.go -RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -mod vendor -a -o dist/onic ./main.go +RUN CGO_ENABLED=0 GOOS=linux GOARCH=${TARGETARCH} GO111MODULE=on go build -mod vendor -a -o dist/onic ./main.go # For Open source FROM oraclelinux:7-slim @@ -34,4 +34,4 @@ COPY THIRD_PARTY_LICENSES.txt . # Copy the manager binary COPY --from=builder /workspace/dist/onic . -ENTRYPOINT ["/usr/local/bin/oci-native-ingress-controller/onic"] +ENTRYPOINT ["/usr/local/bin/oci-native-ingress-controller/onic"] \ No newline at end of file diff --git a/Makefile b/Makefile index a702e6e1..fcad8fdd 100644 --- a/Makefile +++ b/Makefile @@ -59,10 +59,10 @@ version: # Currently only supports amd build: ./main.go - CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -mod vendor -a -o dist/onic ./main.go + CGO_ENABLED=0 GOOS=$(GOOS) GOARCH=$(GOARCH) GO111MODULE=on go build -mod vendor -a -o dist/onic ./main.go image: - docker build -t ${IMAGE_PATH} -f Dockerfile . + docker build --build-arg goos=$(GOOS) --build-arg goarch=$(GOARCH) -t ${IMAGE_PATH} -f Dockerfile . push: docker push ${IMAGE_PATH} From 913ccdd5e98dac18dcc6d53da516eba1bdfc668e Mon Sep 17 00:00:00 2001 From: Michael Tweten Date: Tue, 6 Feb 2024 00:11:28 -0600 Subject: [PATCH 4/4] bugfix: ingress state build failure when ingress class non-existent (#33) * Avoid ingress state build failure when ingresses reference non-existent ingress classes Signed-off-by: Michael Tweten * Test case file update - Update test-ingress-state_withnamedclasses.yaml --------- Signed-off-by: Michael Tweten Co-authored-by: Inbaraj S --- pkg/state/ingressstate.go | 8 +- pkg/state/ingressstate_test.go | 20 +++ .../test-ingress-state_withnamedclasses.yaml | 123 ++++++++++++++++++ 3 files changed, 146 insertions(+), 5 deletions(-) create mode 100644 pkg/state/test-ingress-state_withnamedclasses.yaml diff --git a/pkg/state/ingressstate.go b/pkg/state/ingressstate.go index e049dbef..ea67f69b 100644 --- a/pkg/state/ingressstate.go +++ b/pkg/state/ingressstate.go @@ -90,11 +90,9 @@ func (s *StateStore) BuildState(ingressClass *networkingv1.IngressClass) error { var ingressGroup []*networkingv1.Ingress for _, ing := range ingressList { - ingIc, err := util.GetIngressClass(ing, s.IngressClassLister) - if err != nil { - return errors.Wrap(err, "error getting ingress class") - } - if ingIc != nil && ingressClass.Name == ingIc.Name && !util.IsIngressDeleting(ing) { + if ((ing.Spec.IngressClassName == nil && ingressClass.Annotations[util.IngressClassIsDefault] == "true") || + (ing.Spec.IngressClassName != nil && ingressClass.Name == *ing.Spec.IngressClassName)) && + !util.IsIngressDeleting(ing) { ingressGroup = append(ingressGroup, ing) } } diff --git a/pkg/state/ingressstate_test.go b/pkg/state/ingressstate_test.go index 88d0a87b..92efa31a 100644 --- a/pkg/state/ingressstate_test.go +++ b/pkg/state/ingressstate_test.go @@ -34,6 +34,7 @@ const ( ListenerProtocolConfigValidationsFilePath = "validate-listener-protocol-config.yaml" TestIngressStateFilePath = "test-ingress-state.yaml" TestIngressStateWithPortNameFilePath = "test-ingress-state_withportname.yaml" + TestIngressStateWithNamedClassesFilePath = "test-ingress-state_withnamedclasses.yaml" ) func setUp(ctx context.Context, ingressClassList *networkingv1.IngressClassList, ingressList *networkingv1.IngressList, testService *v1.ServiceList) (networkinglisters.IngressClassLister, networkinglisters.IngressLister, corelisters.ServiceLister) { @@ -226,6 +227,25 @@ func TestIngressStateWithPortName(t *testing.T) { assertCases(stateStore) } +func TestIngressStateWithNamedClasses(t *testing.T) { + RegisterTestingT(t) + ctx, cancel := context.WithCancel(context.Background()) + defer cancel() + + ingressClassList := testutil.GetIngressClassList() + + ingressList := testutil.ReadResourceAsIngressList(TestIngressStateWithNamedClassesFilePath) + + testService := testutil.GetServiceListResourceWithPortName("default", "tls-test", 80, "tls-port") + ingressClassLister, ingressLister, serviceLister := setUp(ctx, ingressClassList, ingressList, testService) + + stateStore := NewStateStore(ingressClassLister, ingressLister, serviceLister, nil) + err := stateStore.BuildState(&ingressClassList.Items[0]) + Expect(err).NotTo(HaveOccurred()) + + assertCases(stateStore) +} + func assertCases(stateStore *StateStore) { ingressName := "ingress-state" allBs := stateStore.GetAllBackendSetForIngressClass() diff --git a/pkg/state/test-ingress-state_withnamedclasses.yaml b/pkg/state/test-ingress-state_withnamedclasses.yaml new file mode 100644 index 00000000..f45ea3d4 --- /dev/null +++ b/pkg/state/test-ingress-state_withnamedclasses.yaml @@ -0,0 +1,123 @@ +# +# OCI Native Ingress Controller +# +# Copyright (c) 2023 Oracle America, Inc. and its affiliates. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/ +# +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: ingress-state + namespace: default +spec: + ingressClassName: default-ingress-class + tls: + - hosts: + - foo.bar.com + secretName: secret_name + rules: + - host: "foo.bar.com" + http: + paths: + - pathType: Prefix + path: "/PrefixEcho1" + backend: + service: + name: tls-test + port: + number: 80 + - host: "foo.bar.com" + http: + paths: + - pathType: Prefix + path: "/ExactEcho1" + backend: + service: + name: tls-test + port: + number: 70 +--- + +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: ingress-state-excluded + namespace: default +spec: + ingressClassName: missing-ingress-class + tls: + - hosts: + - foo.bar.com + secretName: secret_name + rules: + - host: "foo.bar.com" + http: + paths: + - pathType: Prefix + path: "/PrefixEcho1/aa" + backend: + service: + name: tls-test + port: + number: 80 + - host: "foo.bar.com" + http: + paths: + - pathType: Prefix + path: "/ExactEcho1" + backend: + service: + name: tls-test + port: + number: 90 + - http: + paths: + - pathType: Prefix + path: "/PrefixEcho1" + backend: + service: + name: tls-test + port: + number: 100 +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: ingress-state-new + namespace: default +spec: + ingressClassName: default-ingress-class + tls: + - hosts: + - foo.bar.com + secretName: secret_name + rules: + - host: "foo.bar.com" + http: + paths: + - pathType: Prefix + path: "/PrefixEcho1/aa" + backend: + service: + name: tls-test + port: + number: 80 + - host: "foo.bar.com" + http: + paths: + - pathType: Prefix + path: "/ExactEcho1" + backend: + service: + name: tls-test + port: + number: 90 + - http: + paths: + - pathType: Prefix + path: "/PrefixEcho1" + backend: + service: + name: tls-test + port: + number: 100