From 9b26dcb6680006e9f4cda0defa2cb01f059d1eb4 Mon Sep 17 00:00:00 2001 From: Reto Lehmann Date: Fri, 1 Sep 2023 05:33:34 +0200 Subject: [PATCH] Revert changes from https://github.com/knative-extensions/net-kourier/pull/852 (#1099) --- README.md | 25 --------- config/200-config.yaml | 11 ---- config/200-serviceaccount.yaml | 3 -- pkg/config/config.go | 11 ---- pkg/config/configmap.go | 13 ----- pkg/config/configmap_test.go | 12 ----- pkg/generator/caches.go | 46 +--------------- pkg/generator/caches_test.go | 30 ----------- pkg/generator/ingress_translator.go | 23 -------- pkg/generator/ingress_translator_test.go | 45 ---------------- pkg/reconciler/ingress/controller.go | 15 ++---- pkg/reconciler/ingress/ingress.go | 16 ------ pkg/reconciler/ingress/lister.go | 26 ++-------- .../informers/core/v1/namespace/namespace.go | 52 ------------------- vendor/modules.txt | 1 - 15 files changed, 8 insertions(+), 321 deletions(-) delete mode 100644 vendor/knative.dev/pkg/client/injection/kube/informers/core/v1/namespace/namespace.go diff --git a/README.md b/README.md index 55c2391ef..3d43bf741 100644 --- a/README.md +++ b/README.md @@ -102,7 +102,6 @@ To change the Kourier gateway namespace, you will need to: - Cipher Suite - External Authorization support. - Proxy Protocol (AN EXPERIMENTAL / ALPHA FEATURE) -- Traffic Isolation (AN EXPERIMENTAL / ALPHA FEATURE) ## Setup TLS certificate @@ -210,30 +209,6 @@ spec: type: LoadBalancer ``` - -## Traffic Isolation Configuration -Note: this is an experimental/alpha feature. - - -To enable the traffic isolation feature, run the following command to patch `config-kourier` ConfigMap: -``` -kubectl patch configmap/config-kourier \ - -n knative-serving \ - --type merge \ - -p '{"data":{"traffic-isolation":"port"}}' -``` - -Ensure that the file was updated successfully: -``` -kubectl get configmap config-kourier --namespace knative-serving --output yaml -``` - -Traffic isolation works by telling the `net-kourier` controller which envoy listener to use for all ingresses -in a given namespace. When reconciling an ingress, the controller looks for the following annotation on the -ingress namespace: - -- `kourier.knative.dev/listener-port`: the envoy listener port - ## Tips Domain Mapping is configured to explicitly use `http2` protocol only. This behaviour can be disabled by adding the following annotation to the Domain Mapping resource ``` diff --git a/config/200-config.yaml b/config/200-config.yaml index bcdc41724..b6ef01610 100644 --- a/config/200-config.yaml +++ b/config/200-config.yaml @@ -63,17 +63,6 @@ data: # The default, 0s, imposes no timeout at all. stream-idle-timeout: "0s" - # Control the desired level of incoming traffic isolation. - # - # When set to an empty value (default), all incoming traffic flows through - # a shared ingress and listeners. - # - # When set to "port", incoming traffic is isolated by using different - # listener ports. - # - # NOTE: This flag is in an alpha state. - traffic-isolation: "" - # Specifies whether to use CryptoMB private key provider in order to # acclerate the TLS handshake. # NOTE THAT THIS IS AN EXPERIMENTAL / ALPHA FEATURE. diff --git a/config/200-serviceaccount.yaml b/config/200-serviceaccount.yaml index 0989a185d..8da7469bd 100644 --- a/config/200-serviceaccount.yaml +++ b/config/200-serviceaccount.yaml @@ -41,9 +41,6 @@ rules: verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["configmaps"] - verbs: [ "get", "list", "watch" ] - - apiGroups: [""] - resources: ["namespaces"] verbs: ["get", "list", "watch"] - apiGroups: ["coordination.k8s.io"] resources: ["leases"] diff --git a/pkg/config/config.go b/pkg/config/config.go index aaf423b19..0d515a47f 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -31,9 +31,6 @@ const ( // InternalServiceName is the name of the internal service. InternalServiceName = "kourier-internal" - // IsolationServicePrefix is the prefix of the isolated services. - IsolationServicePrefix = "kourier-isolation-" - // ExternalServiceName is the name of the external service. ExternalServiceName = "kourier" @@ -72,10 +69,6 @@ const ( // e.g. OpenShift deploys Kourier in different namespace so `system.Namespace()` does not work. ServingNamespaceEnv = "SERVING_NAMESPACE" - // ListenerPortAnnotationKey is the annotation key for assigning the ingress to a particular - // envoy listener port. Only applicable to internal services. - ListenerPortAnnotationKey = "kourier.knative.dev/listener-port" - // trustedHopsCount Configure the number of additional ingress proxy hops from the // right side of the x-forwarded-for HTTP header to trust. trustedHopsCount = "trusted-hops-count" @@ -96,10 +89,6 @@ func ServiceHostnames() (string, string) { network.GetServiceHostname(InternalServiceName, GatewayNamespace()) } -func ListenerServiceHostnames(port string) string { - return network.GetServiceHostname(IsolationServicePrefix+port, GatewayNamespace()) -} - // GatewayNamespace returns the namespace where the gateway is deployed. func GatewayNamespace() string { namespace := os.Getenv(GatewayNamespaceEnv) diff --git a/pkg/config/configmap.go b/pkg/config/configmap.go index aec4f15a2..962fe3c9b 100644 --- a/pkg/config/configmap.go +++ b/pkg/config/configmap.go @@ -29,9 +29,6 @@ import ( cm "knative.dev/pkg/configmap" ) -// TrafficIsolationType is the type for traffic isolation configuration -type TrafficIsolationType string - const ( // ConfigName is the name of config map for Kourier. ConfigName = "config-kourier" @@ -50,12 +47,6 @@ const ( // for incoming requests. This value is set to "stream_idle_timeout" in Envoy. IdleTimeoutKey = "stream-idle-timeout" - // trafficIsolation is the config map key for controlling the desire level of incoming traffic isolation - trafficIsolation = "traffic-isolation" - - // IsolationIngressPort if the config map value enabling port-level traffic isolation - IsolationIngressPort TrafficIsolationType = "port" - // enableCryptoMB is the config map for enabling CryptoMB private key provider. enableCryptoMB = "enable-cryptomb" @@ -69,7 +60,6 @@ func DefaultConfig() *Kourier { EnableProxyProtocol: false, ClusterCertSecret: "", IdleTimeout: 0 * time.Second, // default value - TrafficIsolation: "", TrustedHopsCount: 0, CipherSuites: nil, EnableCryptoMB: false, @@ -85,7 +75,6 @@ func NewConfigFromMap(configMap map[string]string) (*Kourier, error) { cm.AsBool(enableProxyProtocol, &nc.EnableProxyProtocol), cm.AsString(clusterCert, &nc.ClusterCertSecret), cm.AsDuration(IdleTimeoutKey, &nc.IdleTimeout), - cm.AsString(trafficIsolation, (*string)(&nc.TrafficIsolation)), cm.AsUint32(trustedHopsCount, &nc.TrustedHopsCount), cm.AsStringSet(cipherSuites, &nc.CipherSuites), cm.AsBool(enableCryptoMB, &nc.EnableCryptoMB), @@ -157,8 +146,6 @@ type Kourier struct { // this option, for example, the "timeoutSeconds" specified in Knative service is still // valid. IdleTimeout time.Duration - // Desire level of incoming traffic isolation - TrafficIsolation TrafficIsolationType // TrustedHopsCount configures the number of additional ingress proxy hops from the // right side of the x-forwarded-for HTTP header to trust. TrustedHopsCount uint32 diff --git a/pkg/config/configmap_test.go b/pkg/config/configmap_test.go index 72f42755b..ffc4f5cc3 100644 --- a/pkg/config/configmap_test.go +++ b/pkg/config/configmap_test.go @@ -109,18 +109,6 @@ func TestKourierConfig(t *testing.T) { clusterCert: "", IdleTimeoutKey: "200s", }, - }, { - name: "set isolation-traffic to port", - want: &Kourier{ - EnableServiceAccessLogging: true, - EnableProxyProtocol: false, - ClusterCertSecret: "", - IdleTimeout: 0 * time.Second, - TrafficIsolation: "port", - }, - data: map[string]string{ - trafficIsolation: "port", - }, }, { name: "add 3 trusted hops", want: &Kourier{ diff --git a/pkg/generator/caches.go b/pkg/generator/caches.go index 9f4b5dc7c..be9333a27 100644 --- a/pkg/generator/caches.go +++ b/pkg/generator/caches.go @@ -20,7 +20,6 @@ import ( "context" "errors" "os" - "strconv" "sync" envoyclusterv3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3" @@ -51,7 +50,6 @@ const ( externalRouteConfigName = "external_services" externalTLSRouteConfigName = "external_tls_services" internalRouteConfigName = "internal_services" - isolationRouteConfigName = "isolation_services" internalTLSRouteConfigName = "internal_tls_services" ) @@ -68,11 +66,6 @@ type Caches struct { kubeClient kubeclient.Interface } -type portVHost struct { - port string - vhost []*route.VirtualHost -} - func NewCaches(ctx context.Context, kubernetesClient kubeclient.Interface, extAuthz bool) (*Caches, error) { c := &Caches{ translatedIngresses: make(map[types.NamespacedName]*translatedIngress), @@ -146,18 +139,8 @@ func (caches *Caches) ToEnvoySnapshot(ctx context.Context) (*cache.Snapshot, err externalTLSVHosts := make([]*route.VirtualHost, 0, len(caches.translatedIngresses)) snis := sniMatches{} - localVHostsPerListener := make(map[string]portVHost) - for _, translatedIngress := range caches.translatedIngresses { - if translatedIngress.listenerPort != "" { - localVHostsPerListener[translatedIngress.listenerPort] = portVHost{ - port: translatedIngress.listenerPort, - vhost: append(localVHostsPerListener[translatedIngress.listenerPort].vhost, translatedIngress.internalVirtualHosts...), - } - } else { - localVHosts = append(localVHosts, translatedIngress.internalVirtualHosts...) - } - + localVHosts = append(localVHosts, translatedIngress.internalVirtualHosts...) externalVHosts = append(externalVHosts, translatedIngress.externalVirtualHosts...) externalTLSVHosts = append(externalTLSVHosts, translatedIngress.externalTLSVirtualHosts...) @@ -174,7 +157,6 @@ func (caches *Caches) ToEnvoySnapshot(ctx context.Context) (*cache.Snapshot, err externalVHosts, externalTLSVHosts, localVHosts, - localVHostsPerListener, snis.list(), caches.kubeClient, ) @@ -231,7 +213,6 @@ func generateListenersAndRouteConfigsAndClusters( externalVirtualHosts []*route.VirtualHost, externalTLSVirtualHosts []*route.VirtualHost, clusterLocalVirtualHosts []*route.VirtualHost, - clusterLocalVirtualHostsPerListener map[string]portVHost, sniMatches []*envoy.SNIMatch, kubeclient kubeclient.Interface) ([]cachetypes.Resource, []cachetypes.Resource, []cachetypes.Resource, error) { @@ -245,22 +226,11 @@ func generateListenersAndRouteConfigsAndClusters( externalTLSRouteConfig := envoy.NewRouteConfig(externalTLSRouteConfigName, externalTLSVirtualHosts) internalRouteConfig := envoy.NewRouteConfig(internalRouteConfigName, clusterLocalVirtualHosts) - internalListenersRouteConfig := make(map[string]*route.RouteConfiguration, len(clusterLocalVirtualHostsPerListener)) - for listenerPort, portVhosts := range clusterLocalVirtualHostsPerListener { - routeName := isolationRouteConfigName + "_" + listenerPort - internalListenersRouteConfig[listenerPort] = envoy.NewRouteConfig(routeName, portVhosts.vhost) - } - // Now we setup connection managers, that reference the routeconfigs via RDS. externalManager := envoy.NewHTTPConnectionManager(externalRouteConfig.Name, cfg.Kourier) externalTLSManager := envoy.NewHTTPConnectionManager(externalTLSRouteConfig.Name, cfg.Kourier) internalManager := envoy.NewHTTPConnectionManager(internalRouteConfig.Name, cfg.Kourier) - internalListenerManagers := make(map[string]*httpconnmanagerv3.HttpConnectionManager, len(internalListenersRouteConfig)) - for listenerPort, internalListenerRouteConfig := range internalListenersRouteConfig { - internalListenerManagers[listenerPort] = envoy.NewHTTPConnectionManager(internalListenerRouteConfig.Name, cfg.Kourier) - } - externalHTTPEnvoyListener, err := envoy.NewHTTPListener(externalManager, config.HTTPPortExternal, cfg.Kourier.EnableProxyProtocol) if err != nil { return nil, nil, nil, err @@ -274,20 +244,6 @@ func generateListenersAndRouteConfigsAndClusters( routes := []cachetypes.Resource{externalRouteConfig, internalRouteConfig} clusters := make([]cachetypes.Resource, 0, 1) - for listenerPort, portVhosts := range clusterLocalVirtualHostsPerListener { - port, err := strconv.ParseInt(portVhosts.port, 10, 32) - if err != nil { - return nil, nil, nil, err - } - - envoyListener, err := envoy.NewHTTPListener(internalListenerManagers[listenerPort], uint32(port), false) - if err != nil { - return nil, nil, nil, err - } - listeners = append(listeners, envoyListener) - routes = append(routes, internalListenersRouteConfig[listenerPort]) - } - // create probe listeners probHTTPListener, err := envoy.NewHTTPListener(externalManager, config.HTTPPortProb, false) if err != nil { diff --git a/pkg/generator/caches_test.go b/pkg/generator/caches_test.go index c188fdcb3..3a151c7c0 100644 --- a/pkg/generator/caches_test.go +++ b/pkg/generator/caches_test.go @@ -482,33 +482,3 @@ func getVHostsNames(routeConfigs []*route.RouteConfiguration) []string { return res } - -func TestAddIsolatedIngress(t *testing.T) { - kubeClient := fake.Clientset{} - ctx := context.Background() - - caches, err := NewCaches(ctx, &kubeClient, false) - assert.NilError(t, err) - - translatedIngress := translatedIngress{ - name: types.NamespacedName{ - Namespace: "ingress_2_namespace", - Name: "ingress_2", - }, - listenerPort: "12158", - internalVirtualHosts: []*route.VirtualHost{{Name: "internal_host_for_ingress_2", Domains: []string{"internal_host_for_ingress_1"}}}, - } - - err = caches.addTranslatedIngress(&translatedIngress) - assert.NilError(t, err) - - snapshot, err := caches.ToEnvoySnapshot(ctx) - assert.NilError(t, err) - - ls := snapshot.GetResources(resource.ListenerType) - assert.Assert(t, ls != nil) - - l, ok := ls["listener_12158"].(*listener.Listener) - assert.Assert(t, ok) - assert.Equal(t, l.GetAddress().GetSocketAddress().GetPortValue(), uint32(12158)) -} diff --git a/pkg/generator/ingress_translator.go b/pkg/generator/ingress_translator.go index c1cc1c809..9b03fef3a 100644 --- a/pkg/generator/ingress_translator.go +++ b/pkg/generator/ingress_translator.go @@ -48,7 +48,6 @@ import ( type translatedIngress struct { name types.NamespacedName - listenerPort string sniMatches []*envoy.SNIMatch clusters []*v3.Cluster externalVirtualHosts []*route.VirtualHost @@ -60,7 +59,6 @@ type IngressTranslator struct { secretGetter func(ns, name string) (*corev1.Secret, error) endpointsGetter func(ns, name string) (*corev1.Endpoints, error) serviceGetter func(ns, name string) (*corev1.Service, error) - namespaceGetter func(name string) (*corev1.Namespace, error) tracker tracker.Interface } @@ -68,13 +66,11 @@ func NewIngressTranslator( secretGetter func(ns, name string) (*corev1.Secret, error), endpointsGetter func(ns, name string) (*corev1.Endpoints, error), serviceGetter func(ns, name string) (*corev1.Service, error), - namespaceGetter func(name string) (*corev1.Namespace, error), tracker tracker.Interface) IngressTranslator { return IngressTranslator{ secretGetter: secretGetter, endpointsGetter: endpointsGetter, serviceGetter: serviceGetter, - namespaceGetter: namespaceGetter, tracker: tracker, } } @@ -286,31 +282,12 @@ func (translator *IngressTranslator) translateIngress(ctx context.Context, ingre } } } - listenerPort := "" - - if config.FromContextOrDefaults(ctx).Kourier.TrafficIsolation == pkgconfig.IsolationIngressPort { - ns, err := translator.namespaceGetter(ingress.Namespace) - if err != nil { - return nil, err - } - - if ns.Annotations != nil { - if value, ok := ns.Annotations[pkgconfig.ListenerPortAnnotationKey]; ok { - listenerPort = value - - logger.Infof("mapping ingress %s/%s to port %v", ingress.Namespace, ingress.Name, listenerPort) - } - } - - // REVISIT: When neither labels/annotations if found then default to the default behavior (no isolation) - } return &translatedIngress{ name: types.NamespacedName{ Namespace: ingress.Namespace, Name: ingress.Name, }, - listenerPort: listenerPort, sniMatches: sniMatches, clusters: clusters, externalVirtualHosts: externalHosts, diff --git a/pkg/generator/ingress_translator_test.go b/pkg/generator/ingress_translator_test.go index 7b2eaae45..9e0ec97e5 100644 --- a/pkg/generator/ingress_translator_test.go +++ b/pkg/generator/ingress_translator_test.go @@ -39,7 +39,6 @@ import ( "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/intstr" "k8s.io/client-go/kubernetes/fake" - pkgconfig "knative.dev/net-kourier/pkg/config" envoy "knative.dev/net-kourier/pkg/envoy/api" "knative.dev/net-kourier/pkg/reconciler/ingress/config" "knative.dev/networking/pkg/apis/networking/v1alpha1" @@ -59,7 +58,6 @@ func TestIngressTranslator(t *testing.T) { name: "simple", in: ing("simplens", "simplename"), state: []runtime.Object{ - ns("simplens"), svc("servicens", "servicename"), eps("servicens", "servicename"), }, @@ -121,7 +119,6 @@ func TestIngressTranslator(t *testing.T) { }} }), state: []runtime.Object{ - ns("testspace"), svc("servicens", "servicename"), eps("servicens", "servicename"), secret, @@ -194,7 +191,6 @@ func TestIngressTranslator(t *testing.T) { ing.Spec.HTTPOption = v1alpha1.HTTPOptionRedirected }), state: []runtime.Object{ - ns("testspace"), svc("servicens", "servicename"), eps("servicens", "servicename"), secret, @@ -289,7 +285,6 @@ func TestIngressTranslator(t *testing.T) { ing.Spec.Rules[0].Visibility = v1alpha1.IngressVisibilityClusterLocal }), state: []runtime.Object{ - ns("testspace"), svc("servicens", "servicename"), eps("servicens", "servicename"), secret, @@ -361,7 +356,6 @@ func TestIngressTranslator(t *testing.T) { }} }), state: []runtime.Object{ - ns("testspace"), svc("servicens", "servicename"), eps("servicens", "servicename"), invalidSecret, @@ -389,7 +383,6 @@ func TestIngressTranslator(t *testing.T) { }) }), state: []runtime.Object{ - ns("testspace"), svc("servicens", "servicename"), eps("servicens", "servicename"), svc("servicens2", "servicename2"), @@ -472,7 +465,6 @@ func TestIngressTranslator(t *testing.T) { ing.Spec.Rules[0].HTTP.Paths[0].Path = "" }), state: []runtime.Object{ - ns("testspace"), svc("servicens", "servicename"), eps("servicens", "servicename"), }, @@ -529,7 +521,6 @@ func TestIngressTranslator(t *testing.T) { name: "external service", in: ing("testspace", "testname"), state: []runtime.Object{ - ns("testspace"), svc("servicens", "servicename", func(svc *corev1.Service) { svc.Spec.Type = corev1.ServiceTypeExternalName svc.Spec.ExternalName = "example.com" @@ -588,7 +579,6 @@ func TestIngressTranslator(t *testing.T) { name: "external service without service port", in: ing("testspace", "testname"), state: []runtime.Object{ - ns("testspace"), svc("servicens", "servicename", func(svc *corev1.Service) { svc.Spec.Type = corev1.ServiceTypeExternalName svc.Spec.ExternalName = "example.com" @@ -670,9 +660,6 @@ func TestIngressTranslator(t *testing.T) { func(ns, name string) (*corev1.Service, error) { return kubeclient.CoreV1().Services(ns).Get(ctx, name, metav1.GetOptions{}) }, - func(name string) (*corev1.Namespace, error) { - return kubeclient.CoreV1().Namespaces().Get(ctx, name, metav1.GetOptions{}) - }, &pkgtest.FakeTracker{}, ) @@ -699,13 +686,11 @@ var ( Network: &netconfig.Config{ AutoTLS: false, }, - Kourier: pkgconfig.DefaultConfig(), } upstreamTLSConfig = &config.Config{ Network: &netconfig.Config{ AutoTLS: false, }, - Kourier: pkgconfig.DefaultConfig(), } ) @@ -727,7 +712,6 @@ func TestIngressTranslatorWithHTTPOptionDisabled(t *testing.T) { ing.Spec.HTTPOption = v1alpha1.HTTPOptionRedirected }), state: []runtime.Object{ - ns("testspace"), svc("servicens", "servicename"), eps("servicens", "servicename"), secret, @@ -801,7 +785,6 @@ func TestIngressTranslatorWithHTTPOptionDisabled(t *testing.T) { ing.Spec.Rules[0].Visibility = v1alpha1.IngressVisibilityClusterLocal }), state: []runtime.Object{ - ns("testspace"), svc("servicens", "servicename"), eps("servicens", "servicename"), secret, @@ -882,9 +865,6 @@ func TestIngressTranslatorWithHTTPOptionDisabled(t *testing.T) { func(ns, name string) (*corev1.Service, error) { return kubeclient.CoreV1().Services(ns).Get(ctx, name, metav1.GetOptions{}) }, - func(name string) (*corev1.Namespace, error) { - return kubeclient.CoreV1().Namespaces().Get(ctx, name, metav1.GetOptions{}) - }, &pkgtest.FakeTracker{}, ) @@ -911,7 +891,6 @@ func TestIngressTranslatorWithUpstreamTLS(t *testing.T) { ing.Spec.Rules[0].HTTP.Paths[0].Splits[0].IngressBackend.ServicePort = intstr.FromInt(443) }), state: []runtime.Object{ - ns("simplens"), svc("servicens", "servicename"), eps("servicens", "servicename"), caSecret, @@ -975,7 +954,6 @@ func TestIngressTranslatorWithUpstreamTLS(t *testing.T) { ing.Spec.Rules[0].HTTP.Paths[0].Splits[0].IngressBackend.ServicePort = intstr.FromInt(443) }), state: []runtime.Object{ - ns("simplens"), svc("servicens", "servicename", func(service *corev1.Service) { service.Spec.Ports = []corev1.ServicePort{{ Name: "http2", @@ -1048,7 +1026,6 @@ func TestIngressTranslatorWithUpstreamTLS(t *testing.T) { ing.Spec.Rules[0].HTTP.Paths[0].Splits[0].IngressBackend.ServicePort = intstr.FromInt(443) }), state: []runtime.Object{ - ns("simplens"), svc("servicens", "servicename", func(service *corev1.Service) { service.Spec.Ports = []corev1.ServicePort{{ Name: "http", @@ -1122,7 +1099,6 @@ func TestIngressTranslatorWithUpstreamTLS(t *testing.T) { ing.Spec.Rules[0].HTTP.Paths[0].Splits[0].IngressBackend.ServicePort = intstr.FromInt(443) }), state: []runtime.Object{ - ns("simplens"), svc("servicens", "servicename", func(service *corev1.Service) { service.Spec.Ports = []corev1.ServicePort{{ Name: "http2", @@ -1208,9 +1184,6 @@ func TestIngressTranslatorWithUpstreamTLS(t *testing.T) { func(ns, name string) (*corev1.Service, error) { return kubeclient.CoreV1().Services(ns).Get(ctx, name, metav1.GetOptions{}) }, - func(name string) (*corev1.Namespace, error) { - return kubeclient.CoreV1().Namespaces().Get(ctx, name, metav1.GetOptions{}) - }, &pkgtest.FakeTracker{}, ) @@ -1234,7 +1207,6 @@ func TestIngressTranslatorHTTP01Challenge(t *testing.T) { name: "http01-challenge", in: ingHTTP01Challenge("simplens", "simplename"), state: []runtime.Object{ - ns("simplens"), svc("simplens", "cm-acme-http-solver", func(service *corev1.Service) { service.Spec.Ports = []corev1.ServicePort{{ Name: "http01-challenge", @@ -1309,9 +1281,6 @@ func TestIngressTranslatorHTTP01Challenge(t *testing.T) { func(ns, name string) (*corev1.Service, error) { return kubeclient.CoreV1().Services(ns).Get(ctx, name, metav1.GetOptions{}) }, - func(name string) (*corev1.Namespace, error) { - return kubeclient.CoreV1().Namespaces().Get(ctx, name, metav1.GetOptions{}) - }, &pkgtest.FakeTracker{}, ) @@ -1339,7 +1308,6 @@ func TestIngressTranslatorDomainMappingDisableHTTP2(t *testing.T) { ing.Spec.Rules[0].HTTP.Paths[0].Splits[0].ServicePort = intstr.FromInt(80) }), state: []runtime.Object{ - ns("simplens"), svc("servicens", "servicename", func(service *corev1.Service) { service.Spec.Type = corev1.ServiceTypeExternalName service.Spec.ExternalName = "kourier-internal.kourier-system.svc.cluster.local" @@ -1421,9 +1389,6 @@ func TestIngressTranslatorDomainMappingDisableHTTP2(t *testing.T) { func(ns, name string) (*corev1.Service, error) { return kubeclient.CoreV1().Services(ns).Get(ctx, name, metav1.GetOptions{}) }, - func(name string) (*corev1.Namespace, error) { - return kubeclient.CoreV1().Namespaces().Get(ctx, name, metav1.GetOptions{}) - }, &pkgtest.FakeTracker{}, ) @@ -1540,16 +1505,6 @@ func eps(ns, name string, opts ...func(endpoint *corev1.Endpoints)) *corev1.Endp return serviceEndpoint } -func ns(name string) *corev1.Namespace { - ns := &corev1.Namespace{ - ObjectMeta: metav1.ObjectMeta{ - Name: name, - }, - } - - return ns -} - func ingHTTP01Challenge(ns, name string, opts ...func(*v1alpha1.Ingress)) *v1alpha1.Ingress { ingress := &v1alpha1.Ingress{ ObjectMeta: metav1.ObjectMeta{ diff --git a/pkg/reconciler/ingress/controller.go b/pkg/reconciler/ingress/controller.go index 0a9d27aa6..69ef7f06c 100644 --- a/pkg/reconciler/ingress/controller.go +++ b/pkg/reconciler/ingress/controller.go @@ -42,7 +42,6 @@ import ( "knative.dev/networking/pkg/status" kubeclient "knative.dev/pkg/client/injection/kube/client" endpointsinformer "knative.dev/pkg/client/injection/kube/informers/core/v1/endpoints" - nsinformer "knative.dev/pkg/client/injection/kube/informers/core/v1/namespace" podinformer "knative.dev/pkg/client/injection/kube/informers/core/v1/pod" secretfilteredinformer "knative.dev/pkg/client/injection/kube/informers/core/v1/secret/filtered" serviceinformer "knative.dev/pkg/client/injection/kube/informers/core/v1/service" @@ -77,7 +76,6 @@ func NewController(ctx context.Context, cmw configmap.Watcher) *controller.Impl serviceInformer := serviceinformer.Get(ctx) podInformer := podinformer.Get(ctx) secretInformer := getSecretInformer(ctx) - namespaceInformer := nsinformer.Get(ctx) // Create a new Cache, with the Readiness endpoint enabled, and the list of current Ingresses. caches, err := generator.NewCaches(ctx, kubernetesClient, config.ExternalAuthz.Enabled) @@ -86,9 +84,8 @@ func NewController(ctx context.Context, cmw configmap.Watcher) *controller.Impl } r := &Reconciler{ - caches: caches, - extAuthz: config.ExternalAuthz.Enabled, - namespaceLister: namespaceInformer.Lister(), + caches: caches, + extAuthz: config.ExternalAuthz.Enabled, } impl := v1alpha1ingress.NewImpl(ctx, r, config.KourierIngressClassName, func(impl *controller.Impl) controller.Options { @@ -162,7 +159,7 @@ func NewController(ctx context.Context, cmw configmap.Watcher) *controller.Impl statusProber := status.NewProber( logger.Named("status-manager"), - NewProbeTargetLister(logger, endpointsInformer.Lister(), namespaceInformer.Lister()), + NewProbeTargetLister(logger, endpointsInformer.Lister()), func(ing *v1alpha1.Ingress) { logger.Debugf("Ready callback triggered for ingress: %s/%s", ing.Namespace, ing.Name) impl.EnqueueKey(types.NamespacedName{Namespace: ing.Namespace, Name: ing.Name}) @@ -187,9 +184,6 @@ func NewController(ctx context.Context, cmw configmap.Watcher) *controller.Impl func(ns, name string) (*corev1.Service, error) { return serviceInformer.Lister().Services(ns).Get(name) }, - func(name string) (*corev1.Namespace, error) { - return namespaceInformer.Lister().Get(name) - }, impl.Tracker) r.ingressTranslator = &ingressTranslator @@ -220,9 +214,6 @@ func NewController(ctx context.Context, cmw configmap.Watcher) *controller.Impl func(ns, name string) (*corev1.Service, error) { return serviceInformer.Lister().Services(ns).Get(name) }, - func(name string) (*corev1.Namespace, error) { - return namespaceInformer.Lister().Get(name) - }, impl.Tracker) for _, ingress := range ingressesToSync { diff --git a/pkg/reconciler/ingress/ingress.go b/pkg/reconciler/ingress/ingress.go index 4ff107ae3..35a08ed74 100644 --- a/pkg/reconciler/ingress/ingress.go +++ b/pkg/reconciler/ingress/ingress.go @@ -22,11 +22,9 @@ import ( "fmt" "k8s.io/apimachinery/pkg/types" - corev1listers "k8s.io/client-go/listers/core/v1" "knative.dev/net-kourier/pkg/config" envoy "knative.dev/net-kourier/pkg/envoy/server" "knative.dev/net-kourier/pkg/generator" - ingressconfig "knative.dev/net-kourier/pkg/reconciler/ingress/config" "knative.dev/networking/pkg/apis/networking/v1alpha1" "knative.dev/networking/pkg/client/injection/reconciler/networking/v1alpha1/ingress" "knative.dev/networking/pkg/status" @@ -45,7 +43,6 @@ type Reconciler struct { statusManager *status.Prober ingressTranslator *generator.IngressTranslator extAuthz bool - namespaceLister corev1listers.NamespaceLister // resyncConflicts triggers a filtered global resync to reenqueue all ingresses in // a "Conflict" state. @@ -81,19 +78,6 @@ func (r *Reconciler) ReconcileKind(ctx context.Context, ing *v1alpha1.Ingress) r if ready { external, internal := config.ServiceHostnames() - if ingressconfig.FromContextOrDefaults(ctx).Kourier.TrafficIsolation == config.IsolationIngressPort { - ns, err := r.namespaceLister.Get(ing.Namespace) - if err != nil { - return fmt.Errorf("failed to get namespace: %w", err) - } - - if ns.Annotations != nil { - if port, ok := ns.Annotations[config.ListenerPortAnnotationKey]; ok { - internal = config.ListenerServiceHostnames(port) - } - } - } - ing.Status.MarkLoadBalancerReady( []v1alpha1.LoadBalancerIngressStatus{{DomainInternal: external}}, []v1alpha1.LoadBalancerIngressStatus{{DomainInternal: internal}}, diff --git a/pkg/reconciler/ingress/lister.go b/pkg/reconciler/ingress/lister.go index 8c90e5c1c..bef01f0e1 100644 --- a/pkg/reconciler/ingress/lister.go +++ b/pkg/reconciler/ingress/lister.go @@ -26,23 +26,20 @@ import ( "k8s.io/apimachinery/pkg/util/sets" corev1listers "k8s.io/client-go/listers/core/v1" "knative.dev/net-kourier/pkg/config" - ingressconfig "knative.dev/net-kourier/pkg/reconciler/ingress/config" "knative.dev/networking/pkg/apis/networking/v1alpha1" "knative.dev/networking/pkg/status" ) -func NewProbeTargetLister(logger *zap.SugaredLogger, endpointsLister corev1listers.EndpointsLister, namespaceLister corev1listers.NamespaceLister) status.ProbeTargetLister { +func NewProbeTargetLister(logger *zap.SugaredLogger, endpointsLister corev1listers.EndpointsLister) status.ProbeTargetLister { return &gatewayPodTargetLister{ logger: logger, endpointsLister: endpointsLister, - namespaceLister: namespaceLister, } } type gatewayPodTargetLister struct { logger *zap.SugaredLogger endpointsLister corev1listers.EndpointsLister - namespaceLister corev1listers.NamespaceLister } func (l *gatewayPodTargetLister) ListProbeTargets(ctx context.Context, ing *v1alpha1.Ingress) ([]status.ProbeTarget, error) { @@ -60,10 +57,10 @@ func (l *gatewayPodTargetLister) ListProbeTargets(ctx context.Context, ing *v1al if len(readyIPs) == 0 { return nil, fmt.Errorf("no gateway pods available") } - return l.getIngressUrls(ctx, ing, readyIPs) + return l.getIngressUrls(ing, readyIPs) } -func (l *gatewayPodTargetLister) getIngressUrls(ctx context.Context, ing *v1alpha1.Ingress, gatewayIps []string) ([]status.ProbeTarget, error) { +func (l *gatewayPodTargetLister) getIngressUrls(ing *v1alpha1.Ingress, gatewayIps []string) ([]status.ProbeTarget, error) { ips := sets.NewString(gatewayIps...) targets := make([]status.ProbeTarget, 0, len(ing.Spec.Rules)) @@ -85,24 +82,9 @@ func (l *gatewayPodTargetLister) getIngressUrls(ctx context.Context, ing *v1alph target.URLs = domainsToURL(domains, scheme) } } else { - podPort := strconv.Itoa(int(config.HTTPPortInternal)) - - if ingressconfig.FromContextOrDefaults(ctx).Kourier.TrafficIsolation == config.IsolationIngressPort { - ns, err := l.namespaceLister.Get(ing.Namespace) - if err != nil { - return nil, fmt.Errorf("failed to get the ingress namespace: %w", err) - } - - if ns.Annotations != nil { - if value, ok := ns.Annotations[config.ListenerPortAnnotationKey]; ok { - podPort = value - } - } - } - target = status.ProbeTarget{ PodIPs: ips, - PodPort: podPort, + PodPort: strconv.Itoa(int(config.HTTPPortInternal)), URLs: domainsToURL(domains, scheme), } } diff --git a/vendor/knative.dev/pkg/client/injection/kube/informers/core/v1/namespace/namespace.go b/vendor/knative.dev/pkg/client/injection/kube/informers/core/v1/namespace/namespace.go deleted file mode 100644 index 84a6bf628..000000000 --- a/vendor/knative.dev/pkg/client/injection/kube/informers/core/v1/namespace/namespace.go +++ /dev/null @@ -1,52 +0,0 @@ -/* -Copyright 2022 The Knative Authors - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by injection-gen. DO NOT EDIT. - -package namespace - -import ( - context "context" - - v1 "k8s.io/client-go/informers/core/v1" - factory "knative.dev/pkg/client/injection/kube/informers/factory" - controller "knative.dev/pkg/controller" - injection "knative.dev/pkg/injection" - logging "knative.dev/pkg/logging" -) - -func init() { - injection.Default.RegisterInformer(withInformer) -} - -// Key is used for associating the Informer inside the context.Context. -type Key struct{} - -func withInformer(ctx context.Context) (context.Context, controller.Informer) { - f := factory.Get(ctx) - inf := f.Core().V1().Namespaces() - return context.WithValue(ctx, Key{}, inf), inf.Informer() -} - -// Get extracts the typed informer from the context. -func Get(ctx context.Context) v1.NamespaceInformer { - untyped := ctx.Value(Key{}) - if untyped == nil { - logging.FromContext(ctx).Panic( - "Unable to fetch k8s.io/client-go/informers/core/v1.NamespaceInformer from context.") - } - return untyped.(v1.NamespaceInformer) -} diff --git a/vendor/modules.txt b/vendor/modules.txt index 6f84a68eb..62eeacd2a 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -1055,7 +1055,6 @@ knative.dev/pkg/apis/duck/v1 knative.dev/pkg/changeset knative.dev/pkg/client/injection/kube/client knative.dev/pkg/client/injection/kube/informers/core/v1/endpoints -knative.dev/pkg/client/injection/kube/informers/core/v1/namespace knative.dev/pkg/client/injection/kube/informers/core/v1/pod knative.dev/pkg/client/injection/kube/informers/core/v1/secret/filtered knative.dev/pkg/client/injection/kube/informers/core/v1/service