Migrate ingress class from annotation to spec (#10)

bgpat · web-flow · commit bc307fb63fd9 · 2024-04-01T14:31:51.000+09:00
* Migrate ingress class from annotation to spec

* go get k8s.io/utils/ptr
diff --git a/README.md b/README.md
@@ -45,9 +45,6 @@ metadata:
   name: supersecret
   namespace: supersecret
   annotations:
-    # must be use ingress-nginx.
-    kubernetes.io/ingress.class: nginx
-
     # https://auth.example.com/<PROVIDER>/<APP_NAME>/.....
     nginx.ingress.kubernetes.io/auth-signin: https://auth.example.com/github/supersecret/start?rd=https://$host$request_uri$is_args$args
     nginx.ingress.kubernetes.io/auth-url: https://auth.example.com/github/supersecret/auth
@@ -59,6 +56,8 @@ metadata:
     oauth2-proxy-manager.k8s.io/github-org: "example-corp"
     oauth2-proxy-manager.k8s.io/github-teams: "administrator"
 spec:
+  # must be use ingress-nginx.
+  ingressClassName: ingress-nginx
   rules:
   - host: "supersecret.example.com" # hosts must be provide
     http:
diff --git a/go.mod b/go.mod
@@ -8,6 +8,7 @@ require (
 	k8s.io/api v0.26.1
 	k8s.io/apimachinery v0.26.1
 	k8s.io/client-go v0.26.1
+	k8s.io/utils v0.0.0-20240310230437-4693a0247e57
 )
 
 require (
@@ -49,7 +50,6 @@ require (
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	k8s.io/klog/v2 v2.80.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 // indirect
-	k8s.io/utils v0.0.0-20221107191617-1a15be271d1d // indirect
 	sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
 	sigs.k8s.io/yaml v1.3.0 // indirect
diff --git a/go.sum b/go.sum
@@ -510,8 +510,8 @@ k8s.io/klog/v2 v2.80.1 h1:atnLQ121W371wYYFawwYx1aEY2eUfs4l3J72wtgAwV4=
 k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
 k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 h1:+70TFaan3hfJzs+7VK2o+OGxg8HsuBr/5f6tVAjDu6E=
 k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280/go.mod h1:+Axhij7bCpeqhklhUTe3xmOn6bWxolyZEeyaFpjGtl4=
-k8s.io/utils v0.0.0-20221107191617-1a15be271d1d h1:0Smp/HP1OH4Rvhe+4B8nWGERtlqAGSftbSbbmm45oFs=
-k8s.io/utils v0.0.0-20221107191617-1a15be271d1d/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+k8s.io/utils v0.0.0-20240310230437-4693a0247e57 h1:gbqbevonBh57eILzModw6mrkbwM0gQBEuevE/AaBsHY=
+k8s.io/utils v0.0.0-20240310230437-4693a0247e57/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
diff --git a/service/controller.go b/service/controller.go
@@ -14,6 +14,7 @@ import (
 	"k8s.io/apimachinery/pkg/util/intstr"
 	"k8s.io/client-go/kubernetes"
 	_ "k8s.io/client-go/plugin/pkg/client/auth/gcp"
+	"k8s.io/utils/ptr"
 
 	"github.com/sirupsen/logrus"
 	"github.com/wantedly/oauth2-proxy-manager/models"
@@ -140,11 +141,9 @@ func (c *Controller) applyIngress(ctx context.Context, settings *models.ServiceS
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      "oauth2-proxy",
 			Namespace: "oauth2-proxy",
-			Annotations: map[string]string{
-				"kubernetes.io/ingress.class": "nginx",
-			},
 		},
 		Spec: networkingv1.IngressSpec{
+			IngressClassName: ptr.To("nginx"),
 			Rules: []networkingv1.IngressRule{
 				networkingv1.IngressRule{
 					Host: c.Env.Domain,
@@ -172,7 +171,7 @@ func (c *Controller) applyIngress(ctx context.Context, settings *models.ServiceS
 	}
 
 	if len(c.Ingress.IngressClass) != 0 {
-		ingress.Annotations["kubernetes.io/ingress.class"] = c.Ingress.IngressClass
+		ingress.Spec.IngressClassName = &c.Ingress.IngressClass
 	}
 
 	if len(c.Ingress.TLSHosts) != 0 && len(c.Ingress.TLSSecretName) != 0 {
diff --git a/service/observer.go b/service/observer.go
@@ -41,9 +41,14 @@ func (ob *Observer) Run(ctx context.Context) {
 		AddFunc: func(obj interface{}) {
 			key, err := cache.MetaNamespaceKeyFunc(obj)
 			if err == nil {
-				meta := obj.(*networkingv1.Ingress).ObjectMeta
+				ing := obj.(*networkingv1.Ingress)
+				meta := ing.ObjectMeta
 				logrus.Infof("[Informer] Added Ingress %s", key)
 
+				if !shouldPerform(ing) {
+					return
+				}
+
 				settings, err := parseAnnotations(meta)
 				if err == nil {
 					ob.Controller.Apply(ctx, settings)
@@ -55,9 +60,14 @@ func (ob *Observer) Run(ctx context.Context) {
 			key, err := cache.MetaNamespaceKeyFunc(new)
 
 			if err == nil {
-				meta := new.(*networkingv1.Ingress).ObjectMeta
+				ing := new.(*networkingv1.Ingress)
+				meta := ing.ObjectMeta
 				logrus.Infof("[Informer] Update Ingress %s", key)
 
+				if !shouldPerform(ing) {
+					return
+				}
+
 				settings, err := parseAnnotations(meta)
 				if err == nil {
 					ob.Controller.Apply(ctx, settings)
@@ -68,9 +78,14 @@ func (ob *Observer) Run(ctx context.Context) {
 		DeleteFunc: func(obj interface{}) {
 			key, err := cache.DeletionHandlingMetaNamespaceKeyFunc(obj)
 			if err == nil {
-				meta := obj.(*networkingv1.Ingress).ObjectMeta
+				ing := obj.(*networkingv1.Ingress)
+				meta := ing.ObjectMeta
 				logrus.Infof("[Informer] Delete Ingress: %s", key)
 
+				if !shouldPerform(ing) {
+					return
+				}
+
 				settings, err := parseAnnotations(meta)
 				if err == nil {
 					logrus.WithField("settings", settings).Info("Dummy: Delete Deployment / ConfigMap / Service / Secret / Ingress")
@@ -88,15 +103,25 @@ func (ob *Observer) Run(ctx context.Context) {
 	select {}
 }
 
-func parseAnnotations(meta metav1.ObjectMeta) (*models.ServiceSettings, error) {
-	// Check Annotations ---
-	if _, ok := meta.Annotations["kubernetes.io/ingress.class"]; !ok {
-		return nil, errors.New("ingress.class not found. skip.")
-	} else if meta.Annotations["kubernetes.io/ingress.class"] != "nginx" && meta.Annotations["kubernetes.io/ingress.class"] != "ingress-nginx" {
-		// or ingress.class is "nginx" or "ingress-nginx" ?
-		return nil, errors.New("ingress.class is not nginx or ingress-nginx. skip.")
+func shouldPerform(ing *networkingv1.Ingress) bool {
+	if ing == nil {
+		logrus.Info("ingress is nil. skip.")
+		return false
+	}
+	if ing.Spec.IngressClassName == nil {
+		logrus.Info("ingress class is not found. skip.")
+		return false
+	}
+	name := *ing.Spec.IngressClassName
+	if name != "nginx" && name != "ingress-nginx" {
+		logrus.Infof("ingress class is not `nginx` or `ingress-nginx` but %q. skip.", name)
+		return false
 	}
+	return true
+}
 
+func parseAnnotations(meta metav1.ObjectMeta) (*models.ServiceSettings, error) {
+	// Check Annotations ---
 	if _, ok := meta.Annotations["nginx.ingress.kubernetes.io/auth-url"]; !ok {
 		return nil, errors.New("auth-url not found. skip.")
 	}
@@ -123,7 +148,6 @@ func parseAnnotations(meta metav1.ObjectMeta) (*models.ServiceSettings, error) {
 	}
 
 	logrus.WithFields(logrus.Fields{
-		"ingress.class":    meta.Annotations["kubernetes.io/ingress.class"],
 		"auth-url":         meta.Annotations["nginx.ingress.kubernetes.io/auth-url"],
 		"auth-signin":      meta.Annotations["nginx.ingress.kubernetes.io/auth-signin"],
 		"github-org":       meta.Annotations["oauth2-proxy-manager.k8s.io/github-org"],
diff --git a/showcase/ingress-observer/main.go b/showcase/ingress-observer/main.go
@@ -63,9 +63,14 @@ func main() {
 		AddFunc: func(obj interface{}) {
 			key, err := cache.MetaNamespaceKeyFunc(obj)
 			if err == nil {
-				meta := obj.(*networkingv1.Ingress).ObjectMeta
+				ing := obj.(*networkingv1.Ingress)
+				meta := ing.ObjectMeta
 				logrus.Infof("[Informer] Added Ingress %s", key)
 
+				if !shouldPerform(ing) {
+					return
+				}
+
 				settings, err := parseAnnotations(meta)
 				if err == nil {
 					logrus.WithField("settings", settings).Info("Dummy: Update Deployment / ConfigMap / Service / Secret / Ingress")
@@ -76,9 +81,14 @@ func main() {
 			key, err := cache.MetaNamespaceKeyFunc(new)
 
 			if err == nil {
-				meta := new.(*networkingv1.Ingress).ObjectMeta
+				ing := new.(*networkingv1.Ingress)
+				meta := ing.ObjectMeta
 				logrus.Infof("[Informer] Update Ingress %s", key)
 
+				if !shouldPerform(ing) {
+					return
+				}
+
 				settings, err := parseAnnotations(meta)
 				if err == nil {
 					logrus.WithField("settings", settings).Info("Dummy: Update Deployment / ConfigMap / Service / Secret / Ingress")
@@ -88,9 +98,14 @@ func main() {
 		DeleteFunc: func(obj interface{}) {
 			key, err := cache.DeletionHandlingMetaNamespaceKeyFunc(obj)
 			if err == nil {
-				meta := obj.(*networkingv1.Ingress).ObjectMeta
+				ing := obj.(*networkingv1.Ingress)
+				meta := ing.ObjectMeta
 				logrus.Infof("[Informer] Delete Ingress: %s", key)
 
+				if !shouldPerform(ing) {
+					return
+				}
+
 				settings, err := parseAnnotations(meta)
 				if err == nil {
 					logrus.WithField("settings", settings).Info("Dummy: Update Deployment / ConfigMap / Service / Secret / Ingress")
@@ -108,15 +123,25 @@ func main() {
 	select {}
 }
 
-func parseAnnotations(meta metav1.ObjectMeta) (*models.ServiceSettings, error) {
-	// Check Annotations ---
-	if _, ok := meta.Annotations["kubernetes.io/ingress.class"]; !ok {
-		return nil, errors.New("ingress.class not found. skip.")
-	} else if meta.Annotations["kubernetes.io/ingress.class"] != "nginx" {
-		// or ingress.class is "nginx" ?
-		return nil, errors.New("ingress.class is not nginx. skip.")
+func shouldPerform(ing *networkingv1.Ingress) bool {
+	if ing == nil {
+		logrus.Info("ingress is nil. skip.")
+		return false
+	}
+	if ing.Spec.IngressClassName == nil {
+		logrus.Info("ingress class is not found. skip.")
+		return false
+	}
+	name := *ing.Spec.IngressClassName
+	if name != "nginx" && name != "ingress-nginx" {
+		logrus.Infof("ingress class is not `nginx` or `ingress-nginx` but %q. skip.", name)
+		return false
 	}
+	return true
+}
 
+func parseAnnotations(meta metav1.ObjectMeta) (*models.ServiceSettings, error) {
+	// Check Annotations ---
 	if _, ok := meta.Annotations["nginx.ingress.kubernetes.io/auth-url"]; !ok {
 		return nil, errors.New("auth-url not found. skip.")
 	}
@@ -134,11 +159,10 @@ func parseAnnotations(meta metav1.ObjectMeta) (*models.ServiceSettings, error) {
 	}
 
 	logrus.WithFields(logrus.Fields{
-		"ingress.class": meta.Annotations["kubernetes.io/ingress.class"],
-		"auth-url":      meta.Annotations["nginx.ingress.kubernetes.io/auth-url"],
-		"auth-signin":   meta.Annotations["nginx.ingress.kubernetes.io/auth-signin"],
-		"github-org":    meta.Annotations["oauth2-proxy-manager.lunasys.dev/github-org"],
-		"github-teams":  meta.Annotations["oauth2-proxy-manager.lunasys.dev/github-teams"],
+		"auth-url":     meta.Annotations["nginx.ingress.kubernetes.io/auth-url"],
+		"auth-signin":  meta.Annotations["nginx.ingress.kubernetes.io/auth-signin"],
+		"github-org":   meta.Annotations["oauth2-proxy-manager.lunasys.dev/github-org"],
+		"github-teams": meta.Annotations["oauth2-proxy-manager.lunasys.dev/github-teams"],
 	}).Debug("[ParseAnnotations]")
 
 	settings := &models.ServiceSettings{
