Fix IngressClass logic for newer releases (#7341)

* Fix IngressClass logic for newer releases

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Change e2e tests for the new IngressClass presence

* Fix chart and admission tests

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Fix helm chart test

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Fix reviews

* Remove ingressclass code from admission

test/e2e/settings/ingress_class.go

@@ -18,7 +18,6 @@ package settings
 
 import (
 	"context"
-	"fmt"
 	"net/http"
 	"strings"
 	"sync"
@@ -26,13 +25,11 @@ import (
 	"github.com/onsi/ginkgo"
 	"github.com/stretchr/testify/assert"
 	appsv1 "k8s.io/api/apps/v1"
-	networking "k8s.io/api/networking/v1"
-	rbacv1 "k8s.io/api/rbac/v1"
+	networkingv1 "k8s.io/api/networking/v1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
-	"k8s.io/ingress-nginx/internal/ingress/annotations/class"
-	"k8s.io/ingress-nginx/internal/k8s"
+	"k8s.io/ingress-nginx/internal/ingress/controller/ingressclass"
 	"k8s.io/ingress-nginx/test/e2e/framework"
 )
 
@@ -41,39 +38,20 @@ var _ = framework.IngressNginxDescribe("[Flag] ingress-class", func() {
 
 	var doOnce sync.Once
 
-	testIngressClassName := "test-new-ingress-class"
+	otherIngressClassName := "test-new-ingress-class"
+	otherController := "k8s.io/other-class"
 
 	ginkgo.BeforeEach(func() {
 		f.NewEchoDeploymentWithReplicas(1)
 
 		doOnce.Do(func() {
-			f.KubeClientSet.RbacV1().ClusterRoles().Create(context.TODO(), &rbacv1.ClusterRole{
-				ObjectMeta: metav1.ObjectMeta{Name: "ingress-nginx-class"},
-				Rules: []rbacv1.PolicyRule{{
-					APIGroups: []string{"networking.k8s.io"},
-					Resources: []string{"ingressclasses"},
-					Verbs:     []string{"get", "list", "watch"},
-				}},
-			}, metav1.CreateOptions{})
-
-			f.KubeClientSet.RbacV1().ClusterRoleBindings().Create(context.TODO(), &rbacv1.ClusterRoleBinding{
-				ObjectMeta: metav1.ObjectMeta{
-					Name: "ingress-nginx-class",
-				},
-				RoleRef: rbacv1.RoleRef{
-					APIGroup: "rbac.authorization.k8s.io",
-					Kind:     "ClusterRole",
-					Name:     "ingress-nginx-class",
-				},
-			}, metav1.CreateOptions{})
-
 			_, err := f.KubeClientSet.NetworkingV1().IngressClasses().
-				Create(context.TODO(), &networking.IngressClass{
+				Create(context.TODO(), &networkingv1.IngressClass{
 					ObjectMeta: metav1.ObjectMeta{
-						Name: testIngressClassName,
+						Name: otherIngressClassName,
 					},
-					Spec: networking.IngressClassSpec{
-						Controller: k8s.IngressNGINXController,
+					Spec: networkingv1.IngressClassSpec{
+						Controller: otherController,
 					},
 				}, metav1.CreateOptions{})
 
@@ -83,17 +61,23 @@ var _ = framework.IngressNginxDescribe("[Flag] ingress-class", func() {
 		})
 	})
 
-	ginkgo.Context("Without a specific ingress-class", func() {
-		ginkgo.It("should ignore Ingress with class", func() {
+	ginkgo.Context("With default ingress class config", func() {
+		ginkgo.It("should ignore Ingress with a different class annotation", func() {
 			invalidHost := "foo"
 			annotations := map[string]string{
-				class.IngressKey: "testclass",
+				ingressclass.IngressKey: "testclass",
 			}
 			ing := framework.NewSingleIngress(invalidHost, "/", invalidHost, f.Namespace, framework.EchoService, 80, annotations)
+			// We should drop the ingressClassName here as we just want to rely on the annotation in this test
+			ing.Spec.IngressClassName = nil
 			f.EnsureIngress(ing)
 
 			validHost := "bar"
-			ing = framework.NewSingleIngress(validHost, "/", validHost, f.Namespace, framework.EchoService, 80, nil)
+			annotationClass := map[string]string{
+				ingressclass.IngressKey: ingressclass.DefaultAnnotationValue,
+			}
+			ing = framework.NewSingleIngress(validHost, "/", validHost, f.Namespace, framework.EchoService, 80, annotationClass)
+			ing.Spec.IngressClassName = nil
 			f.EnsureIngress(ing)
 
 			f.WaitForNginxConfiguration(func(cfg string) bool {
@@ -113,14 +97,300 @@ var _ = framework.IngressNginxDescribe("[Flag] ingress-class", func() {
 				Expect().
 				Status(http.StatusOK)
 		})
+
+		ginkgo.It("should ignore Ingress with different controller class", func() {
+			invalidHost := "foo-1"
+			ing := framework.NewSingleIngress(invalidHost, "/", invalidHost, f.Namespace, framework.EchoService, 80, nil)
+			ing.Spec.IngressClassName = &otherIngressClassName
+			f.EnsureIngress(ing)
+
+			validHost := "bar-1"
+			ing = framework.NewSingleIngress(validHost, "/", validHost, f.Namespace, framework.EchoService, 80, nil)
+			f.EnsureIngress(ing)
+
+			f.WaitForNginxConfiguration(func(cfg string) bool {
+				return !strings.Contains(cfg, "server_name foo-1") &&
+					strings.Contains(cfg, "server_name bar-1")
+			})
+
+			f.HTTPTestClient().
+				GET("/").
+				WithHeader("Host", invalidHost).
+				Expect().
+				Status(http.StatusNotFound)
+
+			f.HTTPTestClient().
+				GET("/").
+				WithHeader("Host", validHost).
+				Expect().
+				Status(http.StatusOK)
+		})
+
+		ginkgo.It("should accept both Ingresses with default IngressClassName and IngressClass annotation", func() {
+			validHostAnnotation := "foo-ok"
+			annotationClass := map[string]string{
+				ingressclass.IngressKey: ingressclass.DefaultAnnotationValue,
+			}
+			ing := framework.NewSingleIngress(validHostAnnotation, "/", validHostAnnotation, f.Namespace, framework.EchoService, 80, annotationClass)
+			// We need to drop the Class here as we just want the annotation
+			ing.Spec.IngressClassName = nil
+			f.EnsureIngress(ing)
+
+			validHostClass := "bar-ok"
+			ing = framework.NewSingleIngress(validHostClass, "/", validHostClass, f.Namespace, framework.EchoService, 80, nil)
+			f.EnsureIngress(ing)
+
+			f.WaitForNginxConfiguration(func(cfg string) bool {
+				return strings.Contains(cfg, "server_name foo-ok") &&
+					strings.Contains(cfg, "server_name bar-ok")
+			})
+
+			f.HTTPTestClient().
+				GET("/").
+				WithHeader("Host", validHostAnnotation).
+				Expect().
+				Status(http.StatusOK)
+
+			f.HTTPTestClient().
+				GET("/").
+				WithHeader("Host", validHostClass).
+				Expect().
+				Status(http.StatusOK)
+		})
+
+		ginkgo.It("should ignore Ingress without IngressClass configuration", func() {
+			invalidHost := "foo-invalid"
+			ing := framework.NewSingleIngress(invalidHost, "/", invalidHost, f.Namespace, framework.EchoService, 80, nil)
+			ing.Spec.IngressClassName = nil
+			f.EnsureIngress(ing)
+
+			validHostClass := "bar-valid"
+			ing = framework.NewSingleIngress(validHostClass, "/", validHostClass, f.Namespace, framework.EchoService, 80, nil)
+			f.EnsureIngress(ing)
+
+			f.WaitForNginxConfiguration(func(cfg string) bool {
+				return !strings.Contains(cfg, "server_name foo-invalid") &&
+					strings.Contains(cfg, "server_name bar-valid")
+			})
+
+			f.HTTPTestClient().
+				GET("/").
+				WithHeader("Host", invalidHost).
+				Expect().
+				Status(http.StatusNotFound)
+
+			f.HTTPTestClient().
+				GET("/").
+				WithHeader("Host", validHostClass).
+				Expect().
+				Status(http.StatusOK)
+		})
+
+		ginkgo.It("should delete Ingress when class is removed", func() {
+			hostAnnotation := "foo-annotation"
+
+			annotations := map[string]string{
+				ingressclass.IngressKey: ingressclass.DefaultAnnotationValue,
+			}
+			ing := framework.NewSingleIngress(hostAnnotation, "/", hostAnnotation, f.Namespace, framework.EchoService, 80, annotations)
+			ing.Spec.IngressClassName = nil
+			f.EnsureIngress(ing)
+
+			hostClass := "foo-class"
+			ing = framework.NewSingleIngress(hostClass, "/", hostClass, f.Namespace, framework.EchoService, 80, nil)
+			f.EnsureIngress(ing)
+
+			f.WaitForNginxConfiguration(func(cfg string) bool {
+				return strings.Contains(cfg, "server_name foo-annotation") &&
+					strings.Contains(cfg, "server_name foo-class")
+			})
+
+			f.HTTPTestClient().
+				GET("/").
+				WithHeader("Host", hostAnnotation).
+				Expect().
+				Status(http.StatusOK)
+
+			f.HTTPTestClient().
+				GET("/").
+				WithHeader("Host", hostClass).
+				Expect().
+				Status(http.StatusOK)
+
+			ing, err := f.KubeClientSet.NetworkingV1().Ingresses(f.Namespace).Get(context.TODO(), hostAnnotation, metav1.GetOptions{})
+			assert.Nil(ginkgo.GinkgoT(), err)
+
+			delete(ing.Annotations, ingressclass.IngressKey)
+			_, err = f.KubeClientSet.NetworkingV1().Ingresses(ing.Namespace).Update(context.TODO(), ing, metav1.UpdateOptions{})
+			assert.Nil(ginkgo.GinkgoT(), err)
+
+			ingWithClass, err := f.KubeClientSet.NetworkingV1().Ingresses(f.Namespace).Get(context.TODO(), hostClass, metav1.GetOptions{})
+			assert.Nil(ginkgo.GinkgoT(), err)
+
+			ingWithClass.Spec.IngressClassName = nil
+			_, err = f.KubeClientSet.NetworkingV1().Ingresses(ingWithClass.Namespace).Update(context.TODO(), ingWithClass, metav1.UpdateOptions{})
+			assert.Nil(ginkgo.GinkgoT(), err)
+
+			framework.Sleep()
+
+			f.WaitForNginxConfiguration(func(cfg string) bool {
+				return !strings.Contains(cfg, "server_name foo-annotation") &&
+					!strings.Contains(cfg, "server_name foo-class")
+			})
+
+			f.HTTPTestClient().
+				GET("/").
+				WithHeader("Host", hostAnnotation).
+				Expect().
+				Status(http.StatusNotFound)
+
+			f.HTTPTestClient().
+				GET("/").
+				WithHeader("Host", hostClass).
+				Expect().
+				Status(http.StatusNotFound)
+		})
+
+		ginkgo.It("should serve Ingress when class is added", func() {
+			hostNoAnnotation := "foo-no-annotation"
+
+			ing := framework.NewSingleIngress(hostNoAnnotation, "/", hostNoAnnotation, f.Namespace, framework.EchoService, 80, nil)
+			ing.Spec.IngressClassName = nil
+			f.EnsureIngress(ing)
+
+			hostNoClass := "foo-no-class"
+			ing = framework.NewSingleIngress(hostNoClass, "/", hostNoClass, f.Namespace, framework.EchoService, 80, nil)
+			ing.Spec.IngressClassName = nil
+			f.EnsureIngress(ing)
+
+			f.WaitForNginxConfiguration(func(cfg string) bool {
+				return !strings.Contains(cfg, "server_name foo-no-nnotation") &&
+					!strings.Contains(cfg, "server_name foo-no-class")
+			})
+
+			f.HTTPTestClient().
+				GET("/").
+				WithHeader("Host", hostNoAnnotation).
+				Expect().
+				Status(http.StatusNotFound)
+
+			f.HTTPTestClient().
+				GET("/").
+				WithHeader("Host", hostNoClass).
+				Expect().
+				Status(http.StatusNotFound)
+
+			ing, err := f.KubeClientSet.NetworkingV1().Ingresses(f.Namespace).Get(context.TODO(), hostNoAnnotation, metav1.GetOptions{})
+			assert.Nil(ginkgo.GinkgoT(), err)
+
+			annotation := map[string]string{
+				ingressclass.IngressKey: ingressclass.DefaultAnnotationValue,
+			}
+			ing.Annotations = annotation
+			_, err = f.KubeClientSet.NetworkingV1().Ingresses(ing.Namespace).Update(context.TODO(), ing, metav1.UpdateOptions{})
+			assert.Nil(ginkgo.GinkgoT(), err)
+
+			ingWithClass, err := f.KubeClientSet.NetworkingV1().Ingresses(f.Namespace).Get(context.TODO(), hostNoClass, metav1.GetOptions{})
+			assert.Nil(ginkgo.GinkgoT(), err)
+
+			ingWithClass.Spec.IngressClassName = framework.GetIngressClassName(f.Namespace)
+			_, err = f.KubeClientSet.NetworkingV1().Ingresses(ingWithClass.Namespace).Update(context.TODO(), ingWithClass, metav1.UpdateOptions{})
+			assert.Nil(ginkgo.GinkgoT(), err)
+
+			framework.Sleep()
+
+			f.WaitForNginxConfiguration(func(cfg string) bool {
+				return strings.Contains(cfg, "server_name foo-no-annotation") &&
+					strings.Contains(cfg, "server_name foo-no-class")
+			})
+
+			f.HTTPTestClient().
+				GET("/").
+				WithHeader("Host", hostNoAnnotation).
+				Expect().
+				Status(http.StatusOK)
+
+			f.HTTPTestClient().
+				GET("/").
+				WithHeader("Host", hostNoClass).
+				Expect().
+				Status(http.StatusOK)
+		})
+
+		ginkgo.It("should serve Ingress when class is updated between annotation and ingressClassName", func() {
+			hostAnnotation2class := "foo-annotation2class"
+			annotationClass := map[string]string{
+				ingressclass.IngressKey: ingressclass.DefaultAnnotationValue,
+			}
+			ing := framework.NewSingleIngress(hostAnnotation2class, "/", hostAnnotation2class, f.Namespace, framework.EchoService, 80, annotationClass)
+			ing.Spec.IngressClassName = nil
+			f.EnsureIngress(ing)
+
+			hostClass2Annotation := "foo-class2annotation"
+			ing = framework.NewSingleIngress(hostClass2Annotation, "/", hostClass2Annotation, f.Namespace, framework.EchoService, 80, nil)
+			f.EnsureIngress(ing)
+
+			f.WaitForNginxConfiguration(func(cfg string) bool {
+				return strings.Contains(cfg, "server_name foo-annotation2class") &&
+					strings.Contains(cfg, "server_name foo-class2annotation")
+			})
+
+			f.HTTPTestClient().
+				GET("/").
+				WithHeader("Host", hostAnnotation2class).
+				Expect().
+				Status(http.StatusOK)
+
+			f.HTTPTestClient().
+				GET("/").
+				WithHeader("Host", hostClass2Annotation).
+				Expect().
+				Status(http.StatusOK)
+
+			ingAnnotation2Class, err := f.KubeClientSet.NetworkingV1().Ingresses(f.Namespace).Get(context.TODO(), hostAnnotation2class, metav1.GetOptions{})
+			assert.Nil(ginkgo.GinkgoT(), err)
+
+			delete(ingAnnotation2Class.Annotations, ingressclass.IngressKey)
+			ingAnnotation2Class.Spec.IngressClassName = framework.GetIngressClassName(ingAnnotation2Class.Namespace)
+			_, err = f.KubeClientSet.NetworkingV1().Ingresses(ingAnnotation2Class.Namespace).Update(context.TODO(), ingAnnotation2Class, metav1.UpdateOptions{})
+			assert.Nil(ginkgo.GinkgoT(), err)
+
+			ingClass2Annotation, err := f.KubeClientSet.NetworkingV1().Ingresses(f.Namespace).Get(context.TODO(), hostClass2Annotation, metav1.GetOptions{})
+			assert.Nil(ginkgo.GinkgoT(), err)
+
+			ingClass2Annotation.Spec.IngressClassName = nil
+			ingClass2Annotation.Annotations = annotationClass
+			_, err = f.KubeClientSet.NetworkingV1().Ingresses(ingClass2Annotation.Namespace).Update(context.TODO(), ingClass2Annotation, metav1.UpdateOptions{})
+			assert.Nil(ginkgo.GinkgoT(), err)
+
+			framework.Sleep()
+
+			f.WaitForNginxConfiguration(func(cfg string) bool {
+				return strings.Contains(cfg, "server_name foo-annotation2class") &&
+					strings.Contains(cfg, "server_name foo-class2annotation")
+			})
+
+			f.HTTPTestClient().
+				GET("/").
+				WithHeader("Host", hostAnnotation2class).
+				Expect().
+				Status(http.StatusOK)
+
+			f.HTTPTestClient().
+				GET("/").
+				WithHeader("Host", hostClass2Annotation).
+				Expect().
+				Status(http.StatusOK)
+		})
+
 	})
 
-	ginkgo.Context("With a specific ingress-class", func() {
+	ginkgo.Context("With specific ingress-class flags", func() {
 		ginkgo.BeforeEach(func() {
 			err := f.UpdateIngressControllerDeployment(func(deployment *appsv1.Deployment) error {
 				args := []string{}
 				for _, v := range deployment.Spec.Template.Spec.Containers[0].Args {
-					if strings.Contains(v, "--ingress-class") {
+					if strings.Contains(v, "--ingress-class") && strings.Contains(v, "--controller-class") {
 						continue
 					}
 
@@ -128,6 +398,7 @@ var _ = framework.IngressNginxDescribe("[Flag] ingress-class", func() {
 				}
 
 				args = append(args, "--ingress-class=testclass")
+				args = append(args, "--controller-class=k8s.io/other-class")
 				deployment.Spec.Template.Spec.Containers[0].Args = args
 				_, err := f.KubeClientSet.AppsV1().Deployments(f.Namespace).Update(context.TODO(), deployment, metav1.UpdateOptions{})
 
@@ -136,25 +407,93 @@ var _ = framework.IngressNginxDescribe("[Flag] ingress-class", func() {
 			assert.Nil(ginkgo.GinkgoT(), err, "updating ingress controller deployment flags")
 		})
 
-		ginkgo.It("should ignore Ingress with no class", func() {
+		ginkgo.It("should ignore Ingress with no class and accept the correctly configured Ingresses", func() {
 			invalidHost := "bar"
 
 			ing := framework.NewSingleIngress(invalidHost, "/", invalidHost, f.Namespace, framework.EchoService, 80, nil)
+			ing.Spec.IngressClassName = nil
 			f.EnsureIngress(ing)
 
 			validHost := "foo"
 			annotations := map[string]string{
-				class.IngressKey: "testclass",
+				ingressclass.IngressKey: "testclass",
 			}
 			ing = framework.NewSingleIngress(validHost, "/", validHost, f.Namespace, framework.EchoService, 80, annotations)
+			// Delete the IngressClass as we want just the annotation here
+			ing.Spec.IngressClassName = nil
 			f.EnsureIngress(ing)
 
-			f.WaitForNginxServer(validHost, func(cfg string) bool {
-				return strings.Contains(cfg, "server_name foo")
-			})
+			validHostClass := "foobar123"
+			ing = framework.NewSingleIngress(validHostClass, "/", validHostClass, f.Namespace, framework.EchoService, 80, nil)
+			ing.Spec.IngressClassName = &otherIngressClassName
+			f.EnsureIngress(ing)
 
 			f.WaitForNginxConfiguration(func(cfg string) bool {
-				return !strings.Contains(cfg, "server_name bar")
+				return !strings.Contains(cfg, "server_name bar") &&
+					strings.Contains(cfg, "server_name foo") &&
+					strings.Contains(cfg, "server_name foobar123")
+			})
+
+			f.HTTPTestClient().
+				GET("/").
+				WithHeader("Host", validHost).
+				Expect().
+				Status(http.StatusOK)
+
+			f.HTTPTestClient().
+				GET("/").
+				WithHeader("Host", validHostClass).
+				Expect().
+				Status(http.StatusOK)
+
+			f.HTTPTestClient().
+				GET("/").
+				WithHeader("Host", invalidHost).
+				Expect().
+				Status(http.StatusNotFound)
+		})
+
+	})
+
+	ginkgo.Context("With watch-ingress-without-class flag", func() {
+		ginkgo.BeforeEach(func() {
+			err := f.UpdateIngressControllerDeployment(func(deployment *appsv1.Deployment) error {
+				args := []string{}
+				for _, v := range deployment.Spec.Template.Spec.Containers[0].Args {
+					if strings.Contains(v, "--watch-ingress-without-class") && strings.Contains(v, "--controller-class") {
+						continue
+					}
+
+					args = append(args, v)
+				}
+
+				args = append(args, "--watch-ingress-without-class")
+				deployment.Spec.Template.Spec.Containers[0].Args = args
+				_, err := f.KubeClientSet.AppsV1().Deployments(f.Namespace).Update(context.TODO(), deployment, metav1.UpdateOptions{})
+
+				return err
+			})
+			assert.Nil(ginkgo.GinkgoT(), err, "updating ingress controller deployment flags")
+		})
+
+		ginkgo.It("should watch Ingress with no class and ignore ingress with a different class", func() {
+			validHost := "bar"
+
+			ing := framework.NewSingleIngress(validHost, "/", validHost, f.Namespace, framework.EchoService, 80, nil)
+			ing.Spec.IngressClassName = nil
+			f.EnsureIngress(ing)
+
+			invalidHost := "foo"
+			annotations := map[string]string{
+				ingressclass.IngressKey: "testclass123",
+			}
+			ing = framework.NewSingleIngress(invalidHost, "/", invalidHost, f.Namespace, framework.EchoService, 80, annotations)
+			ing.Spec.IngressClassName = nil
+			f.EnsureIngress(ing)
+
+			f.WaitForNginxConfiguration(func(cfg string) bool {
+				return strings.Contains(cfg, "server_name bar") &&
+					!strings.Contains(cfg, "server_name foo")
 			})
 
 			f.HTTPTestClient().
@@ -170,165 +509,5 @@ var _ = framework.IngressNginxDescribe("[Flag] ingress-class", func() {
 				Status(http.StatusNotFound)
 		})
 
-		ginkgo.It("should delete Ingress when class is removed", func() {
-			host := "foo"
-			annotations := map[string]string{
-				class.IngressKey: "testclass",
-			}
-			ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, annotations)
-			f.EnsureIngress(ing)
-
-			f.WaitForNginxServer(host, func(cfg string) bool {
-				return strings.Contains(cfg, "server_name foo")
-			})
-
-			f.HTTPTestClient().
-				GET("/").
-				WithHeader("Host", host).
-				Expect().
-				Status(http.StatusOK)
-
-			ing, err := f.KubeClientSet.NetworkingV1().Ingresses(f.Namespace).Get(context.TODO(), host, metav1.GetOptions{})
-			assert.Nil(ginkgo.GinkgoT(), err)
-
-			delete(ing.Annotations, class.IngressKey)
-			_, err = f.KubeClientSet.NetworkingV1().Ingresses(ing.Namespace).Update(context.TODO(), ing, metav1.UpdateOptions{})
-			assert.Nil(ginkgo.GinkgoT(), err)
-
-			framework.Sleep()
-
-			f.WaitForNginxConfiguration(func(cfg string) bool {
-				return !strings.Contains(cfg, "server_name foo")
-			})
-
-			f.HTTPTestClient().
-				GET("/").
-				WithHeader("Host", host).
-				Expect().
-				Status(http.StatusNotFound)
-		})
-	})
-
-	ginkgo.It("check scenarios for IngressClass and ingress.class annotation", func() {
-
-		pod := f.GetIngressNGINXPod()
-
-		crb, err := f.KubeClientSet.RbacV1().ClusterRoleBindings().Get(context.Background(), "ingress-nginx-class", metav1.GetOptions{})
-		assert.Nil(ginkgo.GinkgoT(), err, "searching cluster role binding")
-
-		// add service of current namespace
-		crb.Subjects = append(crb.Subjects, rbacv1.Subject{
-			APIGroup:  "",
-			Kind:      "ServiceAccount",
-			Name:      pod.Spec.ServiceAccountName,
-			Namespace: f.Namespace,
-		})
-
-		_, err = f.KubeClientSet.RbacV1().ClusterRoleBindings().Update(context.Background(), crb, metav1.UpdateOptions{})
-		assert.Nil(ginkgo.GinkgoT(), err, "searching cluster role binding")
-
-		err = f.UpdateIngressControllerDeployment(func(deployment *appsv1.Deployment) error {
-			args := []string{}
-			for _, v := range deployment.Spec.Template.Spec.Containers[0].Args {
-				if strings.Contains(v, "--ingress-class") {
-					continue
-				}
-
-				args = append(args, v)
-			}
-
-			args = append(args, fmt.Sprintf("--ingress-class=%v", testIngressClassName))
-			deployment.Spec.Template.Spec.Containers[0].Args = args
-			_, err := f.KubeClientSet.AppsV1().Deployments(f.Namespace).Update(context.TODO(), deployment, metav1.UpdateOptions{})
-			return err
-		})
-		assert.Nil(ginkgo.GinkgoT(), err, "updating ingress controller deployment flags")
-
-		host := "ingress.class"
-
-		ginkgo.By("only having IngressClassName")
-		ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, nil)
-		ing.Spec.IngressClassName = &testIngressClassName
-		f.EnsureIngress(ing)
-
-		f.WaitForNginxConfiguration(func(cfg string) bool {
-			return strings.Contains(cfg, fmt.Sprintf("server_name %v", host))
-		})
-
-		f.HTTPTestClient().
-			GET("/").
-			WithHeader("Host", host).
-			Expect().
-			Status(http.StatusOK)
-
-		ginkgo.By("only having ingress.class annotation")
-		ing, err = f.KubeClientSet.NetworkingV1().Ingresses(f.Namespace).Get(context.TODO(), host, metav1.GetOptions{})
-		assert.Nil(ginkgo.GinkgoT(), err)
-
-		ing.Annotations = map[string]string{
-			class.IngressKey: testIngressClassName,
-		}
-		ing.Spec.IngressClassName = nil
-
-		_, err = f.KubeClientSet.NetworkingV1().Ingresses(f.Namespace).Update(context.TODO(), ing, metav1.UpdateOptions{})
-		assert.Nil(ginkgo.GinkgoT(), err)
-
-		f.WaitForNginxConfiguration(func(cfg string) bool {
-			return strings.Contains(cfg, fmt.Sprintf("server_name %v", host))
-		})
-
-		framework.Sleep()
-
-		f.HTTPTestClient().
-			GET("/").
-			WithHeader("Host", host).
-			Expect().
-			Status(http.StatusOK)
-
-		ginkgo.By("having an invalid ingress.class annotation and no IngressClassName")
-		ing, err = f.KubeClientSet.NetworkingV1().Ingresses(f.Namespace).Get(context.TODO(), host, metav1.GetOptions{})
-		assert.Nil(ginkgo.GinkgoT(), err)
-
-		ing.Annotations = map[string]string{
-			class.IngressKey: "invalid",
-		}
-		ing.Spec.IngressClassName = nil
-
-		_, err = f.KubeClientSet.NetworkingV1().Ingresses(f.Namespace).Update(context.TODO(), ing, metav1.UpdateOptions{})
-		assert.Nil(ginkgo.GinkgoT(), err)
-
-		framework.Sleep()
-
-		f.WaitForNginxConfiguration(func(cfg string) bool {
-			return !strings.Contains(cfg, fmt.Sprintf("server_name %v", host))
-		})
-
-		f.HTTPTestClient().
-			GET("/").
-			WithHeader("Host", host).
-			Expect().
-			Status(http.StatusNotFound)
-
-		ginkgo.By("not having ingress.class annotation and invalid IngressClassName")
-		ing, err = f.KubeClientSet.NetworkingV1().Ingresses(f.Namespace).Get(context.TODO(), host, metav1.GetOptions{})
-		assert.Nil(ginkgo.GinkgoT(), err)
-		ing.Annotations = map[string]string{}
-		invalidClassName := "invalidclass"
-		ing.Spec.IngressClassName = &invalidClassName
-
-		_, err = f.KubeClientSet.NetworkingV1().Ingresses(f.Namespace).Update(context.TODO(), ing, metav1.UpdateOptions{})
-		assert.Nil(ginkgo.GinkgoT(), err)
-
-		framework.Sleep()
-
-		f.WaitForNginxConfiguration(func(cfg string) bool {
-			return !strings.Contains(cfg, fmt.Sprintf("server_name %v", host))
-		})
-
-		f.HTTPTestClient().
-			GET("/").
-			WithHeader("Host", host).
-			Expect().
-			Status(http.StatusNotFound)
 	})
 })

test/e2e/settings/no_auth_locations.go

@@ -106,6 +106,7 @@ func buildBasicAuthIngressWithSecondPath(host, namespace, secretName, pathName s
 			},
 		},
 		Spec: networking.IngressSpec{
+			IngressClassName: framework.GetIngressClassName(namespace),
 			Rules: []networking.IngressRule{
 				{
 					Host: host,

test/e2e/settings/server_tokens.go

@@ -57,6 +57,7 @@ var _ = framework.DescribeSetting("server-tokens", func() {
 				Annotations: map[string]string{},
 			},
 			Spec: networking.IngressSpec{
+				IngressClassName: &f.IngressClass,
 				Rules: []networking.IngressRule{
 					{
 						Host: serverTokens,