fix: nginx ingress support https

Signed-off-by: liheng.zms <liheng.zms@alibaba-inc.com>
2022-10-24 15:32:20 +08:00 · 2022-10-24 15:32:20 +08:00 · e903bc5517
parent f21c3fb763
commit e903bc5517
2 changed files with 6 additions and 14 deletions
--- a/pkg/controller/rollout/trafficrouting/nginx/nginx.go
+++ b/pkg/controller/rollout/trafficrouting/nginx/nginx.go
@ -144,10 +144,13 @@ func (r *nginxController) buildCanaryIngress(stableIngress *netv1.Ingress, desir
 		ObjectMeta: metav1.ObjectMeta{
 			Name:        r.defaultCanaryIngressName(),
 			Namespace:   stableIngress.Namespace,
-			Annotations: map[string]string{},
+			Annotations: stableIngress.Annotations,
+			Labels:      stableIngress.Labels,
 		},
 		Spec: netv1.IngressSpec{
-			Rules: make([]netv1.IngressRule, 0),
+			Rules:            make([]netv1.IngressRule, 0),
+			IngressClassName: stableIngress.Spec.IngressClassName,
+			TLS:              stableIngress.Spec.TLS,
 		},
 	}

@ -156,12 +159,6 @@ func (r *nginxController) buildCanaryIngress(stableIngress *netv1.Ingress, desir
 		desiredCanaryIngress.Spec.IngressClassName = stableIngress.Spec.IngressClassName
 	}

-	// Must preserve ingress.class on canary ingress, no other annotations matter
-	// See: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/#canary
-	if val, ok := stableIngress.Annotations[k8sIngressClassAnnotation]; ok {
-		desiredCanaryIngress.Annotations[k8sIngressClassAnnotation] = val
-	}
-
 	// Ensure canaryIngress is owned by this Rollout for cleanup
 	desiredCanaryIngress.SetOwnerReferences([]metav1.OwnerReference{r.conf.OwnerRef})

--- a/pkg/webhook/workload/mutating/workload_update_handler.go
+++ b/pkg/webhook/workload/mutating/workload_update_handler.go
@ -51,18 +51,13 @@ type WorkloadHandler struct {

 var _ admission.Handler = &WorkloadHandler{}

-// Handle handles admission requests.
-//  TODO
-//  Currently there is an implicit condition for rollout: the workload must be currently in a stable version (only one version of Pods),
-//  if not, it will not enter the rollout process. There is an additional problem here, the user may not be aware of this.
-//  when user does a release and thinks it enters the rollout process, but due to the implicit condition above,
-//  it actually goes through the normal release process. No good idea to solve this problem has been found yet.
 func (h *WorkloadHandler) Handle(ctx context.Context, req admission.Request) admission.Response {
 	// if subResources, then ignore
 	if req.Operation != admissionv1.Update || req.SubResource != "" {
 		return admission.Allowed("")
 	}

+	// Rollout是旁路式的方案，因此需要
 	switch req.Kind.Group {
 	// kruise cloneSet
 	case kruiseappsv1alpha1.GroupVersion.Group: