Remove annotations grpc-backend and secure-backend already deprecated

internal/ingress/controller/controller.go

@@ -348,7 +348,6 @@ func (n *NGINXController) getBackendServers(ingresses []*extensions.Ingress) ([]
 						loc.UsePortInRedirects = anns.UsePortInRedirects
 						loc.Connection = anns.Connection
 						loc.Logs = anns.Logs
-						loc.GRPC = anns.GRPC
 						loc.LuaRestyWAF = anns.LuaRestyWAF
 						loc.InfluxDB = anns.InfluxDB
 						loc.DefaultBackend = anns.DefaultBackend
@@ -389,7 +388,6 @@ func (n *NGINXController) getBackendServers(ingresses []*extensions.Ingress) ([]
 						UsePortInRedirects:   anns.UsePortInRedirects,
 						Connection:           anns.Connection,
 						Logs:                 anns.Logs,
-						GRPC:                 anns.GRPC,
 						LuaRestyWAF:          anns.LuaRestyWAF,
 						InfluxDB:             anns.InfluxDB,
 						DefaultBackend:       anns.DefaultBackend,
@@ -523,9 +521,6 @@ func (n *NGINXController) createUpstreams(data []*extensions.Ingress, du *ingres
 
 			glog.V(3).Infof("Creating upstream %q", defBackend)
 			upstreams[defBackend] = newUpstream(defBackend)
-			if !upstreams[defBackend].Secure {
-				upstreams[defBackend].Secure = anns.SecureUpstream.Secure
-			}
 			if upstreams[defBackend].SecureCACert.Secret == "" {
 				upstreams[defBackend].SecureCACert = anns.SecureUpstream.CACert
 			}
@@ -577,10 +572,6 @@ func (n *NGINXController) createUpstreams(data []*extensions.Ingress, du *ingres
 				upstreams[name] = newUpstream(name)
 				upstreams[name].Port = path.Backend.ServicePort
 
-				if !upstreams[name].Secure {
-					upstreams[name].Secure = anns.SecureUpstream.Secure
-				}
-
 				if upstreams[name].SecureCACert.Secret == "" {
 					upstreams[name].SecureCACert = anns.SecureUpstream.CACert
 				}
@@ -835,7 +826,6 @@ func (n *NGINXController) createServers(data []*extensions.Ingress,
 					defLoc.UpstreamVhost = anns.UpstreamVhost
 					defLoc.Whitelist = anns.Whitelist
 					defLoc.Denied = anns.Denied
-					defLoc.GRPC = anns.GRPC
 					defLoc.LuaRestyWAF = anns.LuaRestyWAF
 					defLoc.InfluxDB = anns.InfluxDB
 				} else {

internal/ingress/controller/nginx.go

@@ -763,7 +763,6 @@ func configureDynamically(pcfg *ingress.Configuration, port int, isDynamicCertif
 		luaBackend := &ingress.Backend{
 			Name:            backend.Name,
 			Port:            backend.Port,
-			Secure:          backend.Secure,
 			SSLPassthrough:  backend.SSLPassthrough,
 			SessionAffinity: backend.SessionAffinity,
 			UpstreamHashBy:  backend.UpstreamHashBy,

internal/ingress/controller/template/template.go

@@ -456,12 +456,6 @@ func buildProxyPass(host string, b interface{}, loc interface{}, dynamicConfigur
 		proxyPass = "ajp_pass"
 	}
 
-	// TODO: Remove after the deprecation of grpc-backend annotation
-	if location.GRPC {
-		proxyPass = "grpc_pass"
-		proto = "grpc://"
-	}
-
 	upstreamName := "upstream_balancer"
 
 	if !dynamicConfigurationEnabled {
@@ -470,11 +464,10 @@ func buildProxyPass(host string, b interface{}, loc interface{}, dynamicConfigur
 
 	for _, backend := range backends {
 		if backend.Name == location.Backend {
-			if backend.Secure || backend.SSLPassthrough {
-				// TODO: Remove after the deprecation of secure-backend annotation
+			if backend.SSLPassthrough {
 				proto = "https://"
-				// TODO: Remove after the deprecation of grpc-backend annotation
-				if location.GRPC {
+
+				if location.BackendProtocol == "GRPCS" {
 					proto = "grpcs://"
 				}
 			}
@@ -974,7 +967,7 @@ func proxySetHeader(loc interface{}) string {
 		return "proxy_set_header"
 	}
 
-	if location.GRPC || location.BackendProtocol == "GRPC" || location.BackendProtocol == "GRPCS" {
+	if location.BackendProtocol == "GRPC" || location.BackendProtocol == "GRPCS" {
 		return "grpc_set_header"
 	}
 

internal/ingress/controller/template/template_test.go

@@ -63,7 +63,8 @@ var (
 			false,
 			false,
 			true,
-			false},
+			false,
+		},
 		"when secure backend and stickeness enabled": {
 			"/",
 			"/",
@@ -75,7 +76,8 @@ var (
 			false,
 			false,
 			true,
-			false},
+			false,
+		},
 		"when secure backend and dynamic config enabled": {
 			"/",
 			"/",
@@ -99,7 +101,8 @@ var (
 			false,
 			true,
 			true,
-			false},
+			false,
+		},
 		"invalid redirect / to / with dynamic config enabled": {
 			"/",
 			"/",
@@ -111,7 +114,8 @@ var (
 			false,
 			true,
 			false,
-			false},
+			false,
+		},
 		"invalid redirect / to /": {
 			"/",
 			"/",
@@ -123,7 +127,8 @@ var (
 			false,
 			false,
 			false,
-			false},
+			false,
+		},
 		"redirect / to /jenkins": {
 			"/",
 			"/jenkins",
@@ -139,7 +144,8 @@ proxy_pass http://upstream-name;
 			false,
 			false,
 			false,
-			true},
+			true,
+		},
 		"redirect /something to /": {
 			"/something",
 			"/",
@@ -155,7 +161,8 @@ proxy_pass http://upstream-name;
 			false,
 			false,
 			false,
-			true},
+			true,
+		},
 		"redirect /end-with-slash/ to /not-root": {
 			"/end-with-slash/",
 			"/not-root",
@@ -171,7 +178,8 @@ proxy_pass http://upstream-name;
 			false,
 			false,
 			false,
-			true},
+			true,
+		},
 		"redirect /something-complex to /not-root": {
 			"/something-complex",
 			"/not-root",
@@ -187,7 +195,8 @@ proxy_pass http://upstream-name;
 			false,
 			false,
 			false,
-			true},
+			true,
+		},
 		"redirect / to /jenkins and rewrite": {
 			"/",
 			"/jenkins",
@@ -206,7 +215,8 @@ subs_filter '(<(?:H|h)(?:E|e)(?:A|a)(?:D|d)(?:[^">]|"[^"]*")*>)' '$1<base href="
 			false,
 			false,
 			false,
-			true},
+			true,
+		},
 		"redirect /something to / and rewrite": {
 			"/something",
 			"/",
@@ -225,7 +235,8 @@ subs_filter '(<(?:H|h)(?:E|e)(?:A|a)(?:D|d)(?:[^">]|"[^"]*")*>)' '$1<base href="
 			false,
 			false,
 			false,
-			true},
+			true,
+		},
 		"redirect /end-with-slash/ to /not-root and rewrite": {
 			"/end-with-slash/",
 			"/not-root",
@@ -244,7 +255,8 @@ subs_filter '(<(?:H|h)(?:E|e)(?:A|a)(?:D|d)(?:[^">]|"[^"]*")*>)' '$1<base href="
 			false,
 			false,
 			false,
-			true},
+			true,
+		},
 		"redirect /something-complex to /not-root and rewrite": {
 			"/something-complex",
 			"/not-root",
@@ -263,7 +275,8 @@ subs_filter '(<(?:H|h)(?:E|e)(?:A|a)(?:D|d)(?:[^">]|"[^"]*")*>)' '$1<base href="
 			false,
 			false,
 			false,
-			true},
+			true,
+		},
 		"redirect /something to / and rewrite with specific scheme": {
 			"/something",
 			"/",
@@ -282,7 +295,8 @@ subs_filter '(<(?:H|h)(?:E|e)(?:A|a)(?:D|d)(?:[^">]|"[^"]*")*>)' '$1<base href="
 			false,
 			false,
 			false,
-			true},
+			true,
+		},
 		"redirect / to /something with sticky enabled": {
 			"/",
 			"/something",
@@ -298,7 +312,8 @@ proxy_pass http://sticky-upstream-name;
 			false,
 			false,
 			false,
-			true},
+			true,
+		},
 		"redirect / to /something with sticky and dynamic config enabled": {
 			"/",
 			"/something",
@@ -314,7 +329,8 @@ proxy_pass http://upstream_balancer;
 			false,
 			true,
 			false,
-			true},
+			true,
+		},
 		"add the X-Forwarded-Prefix header": {
 			"/there",
 			"/something",
@@ -331,7 +347,8 @@ proxy_pass http://sticky-upstream-name;
 			true,
 			false,
 			false,
-			true},
+			true,
+		},
 		"use ~* location modifier when ingress does not use rewrite/regex target but at least one other ingress does": {
 			"/something",
 			"/something",
@@ -343,7 +360,8 @@ proxy_pass http://sticky-upstream-name;
 			false,
 			false,
 			false,
-			true},
+			true,
+		},
 	}
 )
 
@@ -432,9 +450,12 @@ func TestBuildProxyPass(t *testing.T) {
 			XForwardedPrefix: tc.XForwardedPrefix,
 		}
 
+		if tc.SecureBackend {
+			loc.BackendProtocol = "HTTPS"
+		}
+
 		backend := &ingress.Backend{
-			Name:   defaultBackend,
-			Secure: tc.SecureBackend,
+			Name: defaultBackend,
 		}
 
 		if tc.Sticky {
@@ -804,9 +825,12 @@ func TestBuildUpstreamName(t *testing.T) {
 			XForwardedPrefix: tc.XForwardedPrefix,
 		}
 
+		if tc.SecureBackend {
+			loc.BackendProtocol = "HTTPS"
+		}
+
 		backend := &ingress.Backend{
-			Name:   defaultBackend,
-			Secure: tc.SecureBackend,
+			Name: defaultBackend,
 		}
 
 		expected := defaultBackend