Fix IngressClass logic for newer releases (#7341)

* Fix IngressClass logic for newer releases

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Change e2e tests for the new IngressClass presence

* Fix chart and admission tests

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Fix helm chart test

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Fix reviews

* Remove ingressclass code from admission

cmd/nginx/flags.go

@@ -24,10 +24,10 @@ import (
 
 	"github.com/spf13/pflag"
 	apiv1 "k8s.io/api/core/v1"
-	"k8s.io/ingress-nginx/internal/ingress/annotations/class"
 	"k8s.io/ingress-nginx/internal/ingress/annotations/parser"
 	"k8s.io/ingress-nginx/internal/ingress/controller"
 	ngx_config "k8s.io/ingress-nginx/internal/ingress/controller/config"
+	"k8s.io/ingress-nginx/internal/ingress/controller/ingressclass"
 	"k8s.io/ingress-nginx/internal/ingress/status"
 	ing_net "k8s.io/ingress-nginx/internal/net"
 	"k8s.io/ingress-nginx/internal/nginx"
@@ -55,10 +55,18 @@ only when the flag --apiserver-host is specified.`)
 Takes the form "namespace/name". The controller configures NGINX to forward
 requests to the first port of this Service.`)
 
-		ingressClass = flags.String("ingress-class", "",
-			`Name of the ingress class this controller satisfies.
-The class of an Ingress object is set using the field IngressClassName in Kubernetes clusters version v1.18.0 or higher or the annotation "kubernetes.io/ingress.class" (deprecated).
-If this parameter is not set, or set to the default value of "nginx", it will handle ingresses with either an empty or "nginx" class name.`)
+		ingressClassAnnotation = flags.String("ingress-class", ingressclass.DefaultAnnotationValue,
+			`[IN DEPRECATION] Name of the ingress class this controller satisfies.
+The class of an Ingress object is set using the annotation "kubernetes.io/ingress.class" (deprecated).
+The parameter --controller-class has precedence over this.`)
+
+		ingressClassController = flags.String("controller-class", ingressclass.DefaultControllerName,
+			`Ingress Class Controller value this Ingress satisfies.
+The class of an Ingress object is set using the field IngressClassName in Kubernetes clusters version v1.19.0 or higher. The .spec.controller value of the IngressClass 
+referenced in an Ingress Object should be the same value specified here to make this object be watched.`)
+
+		watchWithoutClass = flags.Bool("watch-ingress-without-class", false,
+			`Define if Ingress Controller should also watch for Ingresses without an IngressClass or the annotation specified`)
 
 		configMap = flags.String("configmap", "",
 			`Name of the ConfigMap containing custom global configurations for the controller.`)
@@ -207,18 +215,6 @@ https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-g
 		status.UpdateInterval = *statusUpdateInterval
 	}
 
-	if *ingressClass != "" {
-		klog.InfoS("Watching for Ingress", "class", *ingressClass)
-
-		if *ingressClass != class.DefaultClass {
-			klog.Warningf("Only Ingresses with class %q will be processed by this Ingress controller", *ingressClass)
-		} else {
-			klog.Warning("Ingresses with an empty class will also be processed by this Ingress controller")
-		}
-
-		class.IngressClass = *ingressClass
-	}
-
 	parser.AnnotationsPrefix = *annotationsPrefix
 
 	// check port collisions
@@ -297,6 +293,11 @@ https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-g
 			HTTPS:    *httpsPort,
 			SSLProxy: *sslProxyPort,
 		},
+		IngressClassConfiguration: &ingressclass.IngressClassConfiguration{
+			Controller:        *ingressClassController,
+			AnnotationValue:   *ingressClassAnnotation,
+			WatchWithoutClass: *watchWithoutClass,
+		},
 		DisableCatchAll:           *disableCatchAll,
 		ValidationWebhook:         *validationWebhook,
 		ValidationWebhookCertPath: *validationWebhookCert,

cmd/nginx/main.go

@@ -43,7 +43,6 @@ import (
 	"k8s.io/klog/v2"
 
 	"k8s.io/ingress-nginx/internal/file"
-	"k8s.io/ingress-nginx/internal/ingress/annotations/class"
 	"k8s.io/ingress-nginx/internal/ingress/controller"
 	"k8s.io/ingress-nginx/internal/ingress/metric"
 	"k8s.io/ingress-nginx/internal/k8s"
@@ -108,25 +107,13 @@ func main() {
 		klog.Fatalf("ingress-nginx requires Kubernetes v1.19.0 or higher")
 	}
 
-	k8s.IngressClass, err = kubeClient.NetworkingV1().IngressClasses().
-		Get(context.TODO(), class.IngressClass, metav1.GetOptions{})
+	_, err = kubeClient.NetworkingV1().IngressClasses().List(context.TODO(), metav1.ListOptions{})
 	if err != nil {
 		if !errors.IsNotFound(err) {
-			if !errors.IsUnauthorized(err) && !errors.IsForbidden(err) {
-				klog.Fatalf("Error searching IngressClass: %v", err)
+			if errors.IsUnauthorized(err) || !errors.IsForbidden(err) {
+				klog.Fatalf("Error searching IngressClass: Please verify your RBAC and allow Ingress Controller to list and get Ingress Classes: %v", err)
 			}
-			klog.ErrorS(err, "Searching IngressClass", "class", class.IngressClass)
 		}
-
-		klog.Warningf("No IngressClass resource with name %v found. Only annotation will be used.", class.IngressClass)
-		// TODO: remove once this is fixed in client-go
-		k8s.IngressClass = nil
-
-	}
-
-	if k8s.IngressClass != nil && k8s.IngressClass.Spec.Controller != k8s.IngressNGINXController {
-		klog.Errorf(`Invalid IngressClass (Spec.Controller) value "%v". Should be "%v"`, k8s.IngressClass.Spec.Controller, k8s.IngressNGINXController)
-		klog.Fatalf("IngressClass with name %v is not valid for ingress-nginx (invalid Spec.Controller)", class.IngressClass)
 	}
 
 	conf.Client = kubeClient
@@ -146,7 +133,7 @@ func main() {
 
 	mc := metric.NewDummyCollector()
 	if conf.EnableMetrics {
-		mc, err = metric.NewCollector(conf.MetricsPerHost, reg)
+		mc, err = metric.NewCollector(conf.MetricsPerHost, reg, conf.IngressClassConfiguration.Controller)
 		if err != nil {
 			klog.Fatalf("Error creating prometheus collector:  %v", err)
 		}