Fix IngressClass logic for newer releases (#7341)

* Fix IngressClass logic for newer releases Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com> * Change e2e tests for the new IngressClass presence * Fix chart and admission tests Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com> * Fix helm chart test Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com> * Fix reviews * Remove ingressclass code from admission
2021-07-28 18:58:46 -03:00 · 2021-07-28 18:58:46 -03:00 · cef147a24d
commit cef147a24d
parent 0d57e87819
68 changed files with 1450 additions and 637 deletions
--- a/test/e2e/framework/framework.go
+++ b/test/e2e/framework/framework.go
@ -68,7 +68,8 @@ type Framework struct {
 	KubeConfig             *restclient.Config
 	APIExtensionsClientSet apiextcs.Interface

-	Namespace string
+	Namespace    string
+	IngressClass string

 	pod *corev1.Pod
 }
@ -108,6 +109,9 @@ func (f *Framework) BeforeEach() {
 	f.Namespace, err = CreateKubeNamespace(f.BaseName, f.KubeClientSet)
 	assert.Nil(ginkgo.GinkgoT(), err, "creating namespace")

+	f.IngressClass, err = CreateIngressClass(f.Namespace, f.KubeClientSet)
+	assert.Nil(ginkgo.GinkgoT(), err, "creating IngressClass")
+
 	err = f.newIngressController(f.Namespace, f.BaseName)
 	assert.Nil(ginkgo.GinkgoT(), err, "deploying the ingress controller")

@ -127,6 +131,14 @@ func (f *Framework) AfterEach() {
 		}()
 	}(f.KubeClientSet, f.Namespace)

+	defer func(kubeClient kubernetes.Interface, ingressclass string) {
+		go func() {
+			defer ginkgo.GinkgoRecover()
+			err := deleteIngressClass(kubeClient, ingressclass)
+			assert.Nil(ginkgo.GinkgoT(), err, "deleting IngressClass")
+		}()
+	}(f.KubeClientSet, f.IngressClass)
+
 	if !ginkgo.CurrentGinkgoTestDescription().Failed {
 		return
 	}
@ -580,6 +592,7 @@ func NewSingleIngress(name, path, host, ns, service string, port int, annotation
 func NewSingleIngressWithMultiplePaths(name string, paths []string, host, ns, service string, port int, annotations map[string]string) *networking.Ingress {
 	pathtype := networking.PathTypePrefix
 	spec := networking.IngressSpec{
+		IngressClassName: GetIngressClassName(ns),
 		Rules: []networking.IngressRule{
 			{
 				Host: host,
@ -611,6 +624,7 @@ func NewSingleIngressWithMultiplePaths(name string, paths []string, host, ns, se
 func newSingleIngressWithRules(name, path, host, ns, service string, port int, annotations map[string]string, tlsHosts []string) *networking.Ingress {
 	pathtype := networking.PathTypePrefix
 	spec := networking.IngressSpec{
+		IngressClassName: GetIngressClassName(ns),
 		Rules: []networking.IngressRule{
 			{
 				IngressRuleValue: networking.IngressRuleValue{
@ -656,6 +670,7 @@ func newSingleIngressWithRules(name, path, host, ns, service string, port int, a
 func NewSingleIngressWithBackendAndRules(name, path, host, ns, defaultService string, defaultPort int, service string, port int, annotations map[string]string) *networking.Ingress {
 	pathtype := networking.PathTypePrefix
 	spec := networking.IngressSpec{
+		IngressClassName: GetIngressClassName(ns),
 		DefaultBackend: &networking.IngressBackend{
 			Service: &networking.IngressServiceBackend{
 				Name: defaultService,
@ -695,6 +710,7 @@ func NewSingleIngressWithBackendAndRules(name, path, host, ns, defaultService st
 // NewSingleCatchAllIngress creates a simple ingress with a catch-all backend
 func NewSingleCatchAllIngress(name, ns, service string, port int, annotations map[string]string) *networking.Ingress {
 	spec := networking.IngressSpec{
+		IngressClassName: GetIngressClassName(ns),
 		DefaultBackend: &networking.IngressBackend{
 			Service: &networking.IngressServiceBackend{
 				Name: service,
--- a/test/e2e/framework/util.go
+++ b/test/e2e/framework/util.go
@ -24,6 +24,8 @@ import (

 	"github.com/onsi/ginkgo"
 	corev1 "k8s.io/api/core/v1"
+	networkingv1 "k8s.io/api/networking/v1"
+	rbacv1 "k8s.io/api/rbac/v1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/uuid"
@ -31,6 +33,8 @@ import (
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/tools/clientcmd"
 	"k8s.io/client-go/tools/clientcmd/api"
+
+	"k8s.io/ingress-nginx/internal/k8s"
 )

 const (
@ -117,6 +121,93 @@ func deleteKubeNamespace(c kubernetes.Interface, namespace string) error {
 	})
 }

+// CreateIngressClass creates a new IngressClass related to a test/namespace and also
+// the required ClusterRole/ClusterRoleBinding
+func CreateIngressClass(namespace string, c kubernetes.Interface) (string, error) {
+	icname := fmt.Sprintf("ic-%s", namespace)
+	var err error
+
+	ic, err := c.NetworkingV1().IngressClasses().
+		Create(context.TODO(), &networkingv1.IngressClass{
+			ObjectMeta: metav1.ObjectMeta{
+				Name: icname,
+			},
+			Spec: networkingv1.IngressClassSpec{
+				Controller: k8s.IngressNGINXController,
+			},
+		}, metav1.CreateOptions{})
+	if err != nil {
+		return "", fmt.Errorf("Unexpected error creating IngressClass %s: %v", icname, err)
+	}
+
+	_, err = c.RbacV1().ClusterRoles().Create(context.TODO(), &rbacv1.ClusterRole{
+		ObjectMeta: metav1.ObjectMeta{Name: icname},
+		Rules: []rbacv1.PolicyRule{{
+			APIGroups: []string{"networking.k8s.io"},
+			Resources: []string{"ingressclasses"},
+			Verbs:     []string{"get", "list", "watch"},
+		}},
+	}, metav1.CreateOptions{})
+	if err != nil {
+		return "", fmt.Errorf("Unexpected error creating IngressClass ClusterRole %s: %v", icname, err)
+	}
+
+	_, err = c.RbacV1().ClusterRoleBindings().Create(context.TODO(), &rbacv1.ClusterRoleBinding{
+		ObjectMeta: metav1.ObjectMeta{
+			Name: icname,
+		},
+		RoleRef: rbacv1.RoleRef{
+			APIGroup: "rbac.authorization.k8s.io",
+			Kind:     "ClusterRole",
+			Name:     icname,
+		},
+		Subjects: []rbacv1.Subject{
+			{
+				APIGroup:  "",
+				Kind:      "ServiceAccount",
+				Namespace: namespace,
+				Name:      "nginx-ingress",
+			},
+		},
+	}, metav1.CreateOptions{})
+	if err != nil {
+		return "", fmt.Errorf("Unexpected error creating IngressClass ClusterRoleBinding %s: %v", icname, err)
+	}
+	return ic.Name, nil
+}
+
+//deleteIngressClass deletes an IngressClass and its related ClusterRole* objects
+func deleteIngressClass(c kubernetes.Interface, ingressclass string) error {
+	var err error
+	grace := int64(0)
+	pb := metav1.DeletePropagationBackground
+	deleteOptions := metav1.DeleteOptions{
+		GracePeriodSeconds: &grace,
+		PropagationPolicy:  &pb,
+	}
+	err = c.NetworkingV1().IngressClasses().Delete(context.TODO(), ingressclass, deleteOptions)
+	if err != nil {
+		return fmt.Errorf("Unexpected error deleting IngressClass %s: %v", ingressclass, err)
+	}
+
+	err = c.RbacV1().ClusterRoleBindings().Delete(context.TODO(), ingressclass, deleteOptions)
+	if err != nil {
+		return fmt.Errorf("Unexpected error deleting IngressClass ClusterRoleBinding %s: %v", ingressclass, err)
+	}
+	err = c.RbacV1().ClusterRoles().Delete(context.TODO(), ingressclass, deleteOptions)
+	if err != nil {
+		return fmt.Errorf("Unexpected error deleting IngressClass ClusterRole %s: %v", ingressclass, err)
+	}
+
+	return nil
+}
+
+//GetIngressClassName returns the default IngressClassName given a namespace
+func GetIngressClassName(namespace string) *string {
+	icname := fmt.Sprintf("ic-%s", namespace)
+	return &icname
+}
+
 // WaitForKubeNamespaceNotExist waits until a namespaces is not present in the cluster
 func WaitForKubeNamespaceNotExist(c kubernetes.Interface, namespace string) error {
 	return wait.Poll(Poll, DefaultTimeout, namespaceNotExist(c, namespace))