Merge pull request #18658 from smarterclayton/ingress_to_route

Replace router support for ingress with an ingress-to-route controller

Author: openshift-merge-robot

pkg/cmd/infra/router/f5.go

@@ -251,7 +251,7 @@ func (o *F5RouterOptions) Run() error {
 
 	factory := o.RouterSelection.NewFactory(routeclient, projectclient.Project().Projects(), kc)
 	watchNodes := (len(o.InternalAddress) != 0 && len(o.VxlanGateway) != 0)
-	controller := factory.Create(plugin, watchNodes, o.EnableIngress)
+	controller := factory.Create(plugin, watchNodes)
 	controller.Run()
 
 	select {}

pkg/cmd/infra/router/router.go

@@ -60,8 +60,6 @@ type RouterSelection struct {
 
 	ExtendedValidation bool
 
-	EnableIngress bool
-
 	ListenAddr string
 }
 
@@ -82,8 +80,9 @@ func (o *RouterSelection) Bind(flag *pflag.FlagSet) {
 	flag.StringSliceVar(&o.AllowedDomains, "allowed-domains", envVarAsStrings("ROUTER_ALLOWED_DOMAINS", "", ","), "List of comma separated domains to allow in routes. If specified, only the domains in this list will be allowed routes. Note that domains in the denied list take precedence over the ones in the allowed list")
 	flag.BoolVar(&o.AllowWildcardRoutes, "allow-wildcard-routes", isTrue(cmdutil.Env("ROUTER_ALLOW_WILDCARD_ROUTES", "")), "Allow wildcard host names for routes")
 	flag.BoolVar(&o.DisableNamespaceOwnershipCheck, "disable-namespace-ownership-check", isTrue(cmdutil.Env("ROUTER_DISABLE_NAMESPACE_OWNERSHIP_CHECK", "")), "Disables the namespace ownership checks for a route host with different paths or for overlapping host names in the case of wildcard routes. Please be aware that if namespace ownership checks are disabled, routes in a different namespace can use this mechanism to 'steal' sub-paths for existing domains. This is only safe if route creation privileges are restricted, or if all the users can be trusted.")
-	flag.BoolVar(&o.EnableIngress, "enable-ingress", isTrue(cmdutil.Env("ROUTER_ENABLE_INGRESS", "")), "Enable configuration via ingress resources")
 	flag.BoolVar(&o.ExtendedValidation, "extended-validation", isTrue(cmdutil.Env("EXTENDED_VALIDATION", "true")), "If set, then an additional extended validation step is performed on all routes admitted in by this router. Defaults to true and enables the extended validation checks.")
+	flag.Bool("enable-ingress", false, "Enable configuration via ingress resources.")
+	flag.MarkDeprecated("enable-ingress", "Ingress resources are now synchronized to routes automatically.")
 	flag.StringVar(&o.ListenAddr, "listen-addr", cmdutil.Env("ROUTER_LISTEN_ADDR", ""), "The name of an interface to listen on to expose metrics and health checking. If not specified, will not listen. Overrides stats port.")
 }
 
@@ -96,14 +95,10 @@ func (o *RouterSelection) RouteSelectionFunc() controller.RouteHostFunc {
 		if !o.OverrideHostname && len(route.Spec.Host) > 0 {
 			return route.Spec.Host
 		}
-		// GetNameForHost returns the ingress name for a generated route, and the route route
-		// name otherwise.  When a route and ingress in the same namespace share a name, the
-		// route and the ingress' rules should receive the same generated host.
-		nameForHost := controller.GetNameForHost(route.Name)
 		s, err := variable.ExpandStrict(o.HostnameTemplate, func(key string) (string, bool) {
 			switch key {
 			case "name":
-				return nameForHost, true
+				return route.Name, true
 			case "namespace":
 				return route.Namespace, true
 			default:

pkg/cmd/infra/router/template.go

@@ -431,7 +431,7 @@ func (o *TemplateRouterOptions) Run() error {
 	plugin = controller.NewHostAdmitter(plugin, o.RouteAdmissionFunc(), o.AllowWildcardRoutes, o.RouterSelection.DisableNamespaceOwnershipCheck, recorder)
 
 	factory := o.RouterSelection.NewFactory(routeclient, projectclient.Project().Projects(), kc)
-	controller := factory.Create(plugin, false, o.EnableIngress)
+	controller := factory.Create(plugin, false)
 	controller.Run()
 
 	proc.StartReaper()

pkg/cmd/openshift-controller-manager/controller/config.go

@@ -63,9 +63,10 @@ type OpenshiftControllerConfig struct {
 
 	ServiceServingCertsControllerOptions ServiceServingCertsControllerOptions
 
-	SDNControllerConfig       SDNControllerConfig
-	UnidlingControllerConfig  UnidlingControllerConfig
-	IngressIPControllerConfig IngressIPControllerConfig
+	SDNControllerConfig            SDNControllerConfig
+	UnidlingControllerConfig       UnidlingControllerConfig
+	IngressIPControllerConfig      IngressIPControllerConfig
+	IngressToRouteControllerConfig IngressToRouteControllerConfig
 
 	ClusterQuotaReconciliationControllerConfig ClusterQuotaReconciliationControllerConfig
 
@@ -98,6 +99,7 @@ func (c *OpenshiftControllerConfig) GetControllerInitializers() (map[string]Init
 	ret["openshift.io/sdn"] = c.SDNControllerConfig.RunController
 	ret["openshift.io/unidling"] = c.UnidlingControllerConfig.RunController
 	ret["openshift.io/ingress-ip"] = c.IngressIPControllerConfig.RunController
+	ret["openshift.io/ingress-to-route"] = c.IngressToRouteControllerConfig.RunController
 
 	ret["openshift.io/resourcequota"] = RunResourceQuotaManager
 	ret["openshift.io/cluster-quota-reconciliation"] = c.ClusterQuotaReconciliationControllerConfig.RunController

pkg/cmd/openshift-controller-manager/controller/ingress.go

@@ -0,0 +1,36 @@
+package controller
+
+import (
+	coreclient "k8s.io/client-go/kubernetes/typed/core/v1"
+
+	routeclient "github.com/openshift/client-go/route/clientset/versioned/typed/route/v1"
+	"github.com/openshift/origin/pkg/cmd/server/bootstrappolicy"
+	"github.com/openshift/origin/pkg/route/controller/ingress"
+)
+
+type IngressToRouteControllerConfig struct{}
+
+func (c *IngressToRouteControllerConfig) RunController(ctx ControllerContext) (bool, error) {
+	clientConfig := ctx.ClientBuilder.ConfigOrDie(bootstrappolicy.InfraIngressToRouteControllerServiceAccountName)
+	coreClient, err := coreclient.NewForConfig(clientConfig)
+	if err != nil {
+		return false, err
+	}
+	routeClient, err := routeclient.NewForConfig(clientConfig)
+	if err != nil {
+		return false, err
+	}
+
+	controller := ingress.NewController(
+		coreClient,
+		routeClient,
+		ctx.ExternalKubeInformers.Extensions().V1beta1().Ingresses(),
+		ctx.ExternalKubeInformers.Core().V1().Secrets(),
+		ctx.ExternalKubeInformers.Core().V1().Services(),
+		ctx.RouteInformers.Route().V1().Routes(),
+	)
+
+	go controller.Run(5, ctx.Stop)
+
+	return true, nil
+}

pkg/cmd/openshift-controller-manager/controller/interfaces.go

@@ -12,6 +12,7 @@ import (
 	kinternalinformers "k8s.io/kubernetes/pkg/client/informers/informers_generated/internalversion"
 	"k8s.io/kubernetes/pkg/controller"
 
+	routeinformer "github.com/openshift/client-go/route/informers/externalversions"
 	appinformer "github.com/openshift/origin/pkg/apps/generated/informers/internalversion"
 	appsclientinternal "github.com/openshift/origin/pkg/apps/generated/internalclientset"
 	authorizationinformer "github.com/openshift/origin/pkg/authorization/generated/informers/internalversion"
@@ -46,6 +47,7 @@ type ControllerContext struct {
 	TemplateInformers       templateinformer.SharedInformerFactory
 	QuotaInformers          quotainformer.SharedInformerFactory
 	AuthorizationInformers  authorizationinformer.SharedInformerFactory
+	RouteInformers          routeinformer.SharedInformerFactory
 	SecurityInformers       securityinformer.SharedInformerFactory
 	GenericResourceInformer GenericResourceInformer
 

pkg/cmd/openshift-controller-manager/controller_manager.go

@@ -185,6 +185,7 @@ func newControllerContext(
 		NetworkInformers:        informers.GetNetworkInformers(),
 		QuotaInformers:          informers.GetQuotaInformers(),
 		SecurityInformers:       informers.GetSecurityInformers(),
+		RouteInformers:          informers.GetRouteInformers(),
 		TemplateInformers:       informers.GetTemplateInformers(),
 		GenericResourceInformer: informers.ToGenericInformer(),
 		Stop:             stopCh,

pkg/cmd/server/bootstrappolicy/controller_policy.go

@@ -35,6 +35,7 @@ const (
 	InfraPersistentVolumeRecyclerControllerServiceAccountName   = "pv-recycler-controller"
 	InfraResourceQuotaControllerServiceAccountName              = "resourcequota-controller"
 	InfraDefaultRoleBindingsControllerServiceAccountName        = "default-rolebindings-controller"
+	InfraIngressToRouteControllerServiceAccountName             = "ingress-to-route-controller"
 
 	// template instance controller watches for TemplateInstance object creation
 	// and instantiates templates as a result.
@@ -296,6 +297,18 @@ func init() {
 		},
 	})
 
+	// ingress-to-route-controller
+	addControllerRole(rbac.ClusterRole{
+		ObjectMeta: metav1.ObjectMeta{Name: saRolePrefix + InfraIngressToRouteControllerServiceAccountName},
+		Rules: []rbac.PolicyRule{
+			rbac.NewRule("get", "list", "watch").Groups(kapiGroup).Resources("secrets", "services").RuleOrDie(),
+			rbac.NewRule("get", "list", "watch").Groups(extensionsGroup).Resources("ingress").RuleOrDie(),
+			rbac.NewRule("get", "list", "watch", "create", "update", "patch", "delete").Groups(routeGroup).Resources("routes").RuleOrDie(),
+			rbac.NewRule("create", "update").Groups(routeGroup).Resources("routes/custom-host").RuleOrDie(),
+			eventsRule(),
+		},
+	})
+
 	// pv-recycler-controller
 	addControllerRole(rbac.ClusterRole{
 		ObjectMeta: metav1.ObjectMeta{Name: saRolePrefix + InfraPersistentVolumeRecyclerControllerServiceAccountName},

pkg/cmd/server/origin/master_config.go

@@ -27,6 +27,7 @@ import (
 	rbacregistryvalidation "k8s.io/kubernetes/pkg/registry/rbac/validation"
 	rbacauthorizer "k8s.io/kubernetes/plugin/pkg/auth/authorizer/rbac"
 
+	routeinformer "github.com/openshift/client-go/route/informers/externalversions"
 	userinformer "github.com/openshift/client-go/user/informers/externalversions"
 	appinformer "github.com/openshift/origin/pkg/apps/generated/informers/internalversion"
 	authorizationinformer "github.com/openshift/origin/pkg/authorization/generated/informers/internalversion"
@@ -96,6 +97,7 @@ type MasterConfig struct {
 	InternalKubeInformers  kinternalinformers.SharedInformerFactory
 	ClientGoKubeInformers  kubeclientgoinformers.SharedInformerFactory
 	AuthorizationInformers authorizationinformer.SharedInformerFactory
+	RouteInformers         routeinformer.SharedInformerFactory
 	QuotaInformers         quotainformer.SharedInformerFactory
 	SecurityInformers      securityinformer.SharedInformerFactory
 }
@@ -112,6 +114,7 @@ type InformerAccess interface {
 	GetOauthInformers() oauthinformer.SharedInformerFactory
 	GetQuotaInformers() quotainformer.SharedInformerFactory
 	GetSecurityInformers() securityinformer.SharedInformerFactory
+	GetRouteInformers() routeinformer.SharedInformerFactory
 	GetUserInformers() userinformer.SharedInformerFactory
 	GetTemplateInformers() templateinformer.SharedInformerFactory
 	ToGenericInformer() GenericResourceInformer
@@ -226,6 +229,7 @@ func BuildMasterConfig(
 		AuthorizationInformers: informers.GetAuthorizationInformers(),
 		QuotaInformers:         informers.GetQuotaInformers(),
 		SecurityInformers:      informers.GetSecurityInformers(),
+		RouteInformers:         informers.GetRouteInformers(),
 	}
 
 	for name, hook := range authenticatorPostStartHooks {