Allow custom value for kubernetes.io/ingress.class annotation #2222
Conversation
|
@containous/kubernetes WDYT? (Design review) |
|
Technically, I'd tentatively approve the design. Whether we should accept the PR though is still subject to an agreement that the existing ways to distinguish separate Traefik deployments is really insufficient. I have commented the related feature request issue for that purpose. I suggest we wait for a resolution prior to moving forward with an actual review. |
|
As explained on the related issue, the desirable feature is to have a subset of Traefik controllers ignore certain Ingresses by default unless intent to process is signaled explicitly (i.e., opt-in instead of opt-out). Traefik label selectors don't fulfill this requirement since the default behavior of a missing selector is to grab Ingress objects. Acknowledging the feature request, I'm uncertain if we should reuse Maybe a better approach could be to introduce a new annotation -- I'm thinking of something including the term @aledbf any thoughts on how the feature should be best implemented in terms of annotations? Could you maybe share some information on how new |
|
I'll note that the nginx controller does allow you to change this (in the |
|
@yuvipanda thanks, I missed that! (Was only looking at the annotation documentation.) Let's see what the folks I pinged for feedback think. |
|
@timoreimann the annotation
The use of annotations is being reviewed and possible Custom Resources is going to be the way to handle the ingress configuration. I am not sure when this will discussed in #sig-network Edit: the ingress.class annotation is present since the first Ingress iteration https://github.com/aledbf/ingress/blob/master/examples/PREREQUISITES.md#ingress-class |
|
I think that I am fine with this... I think it can cause some confusion, but since the default will behave no differently from the current situation I think this is ok. I would want a clear paragraph explaining the options in the documentation before we merge this this though... |
provider/kubernetes/kubernetes.go
Outdated
| ingressClassRequired = p.IngressClass | ||
| } | ||
|
|
||
| switch ingressClass { |
There was a problem hiding this comment.
Could you simplify like that (I know this code already exists before your changes):
return ingressClass == "" || ingressClass == ingressClassRequired
There was a problem hiding this comment.
Appreciated! I think it was me who originally made this more complicated than necessary. :/
|
w00t, thanks! Should I figure out where to add the docs and just add it now or wait for a code review ok first? |
|
You can write the documentation right now. This can facilitate the code review. |
There was a problem hiding this comment.
Two general remarks:
- We should extend
TestIngressAnnotationsby a new test case that setsp.IngressClassto a custom value. - We recently merged Document ways to partition Ingresses in the k8s guide. #2223 into the v1.4 which added a section on the class annotation here. I believe it would be the ideal place to extend our documentation. @ldez, any chance we can merge v1.4 into master soonish to make it available for this PR? If not, I'm okay with omitting more detailed docs out now and amending them once we have completed the merge.
| @@ -51,6 +51,15 @@ See also [Kubernetes user guide](/user-guide/kubernetes). | |||
| # | |||
| # labelselector = "A and not B" | |||
|
|
|||
| # Value of `kubernetes.io/ingress.class` annotation that identify Ingress objects to be processed. | |||
There was a problem hiding this comment.
Grammar nit-pick: identify -> identifies.
provider/kubernetes/kubernetes.go
Outdated
| ingressClassRequired := "traefik" | ||
| if p.IngressClass != "" { | ||
| ingressClassRequired = p.IngressClass | ||
| } |
There was a problem hiding this comment.
I think we can skip the if block if we choose a default value of "" (empty string) for IngressClass.
| # will also be processed. | ||
| # | ||
| # Optional | ||
| # Default: traefik (process all Ingresses) |
There was a problem hiding this comment.
I think we can make things easier by choosing the empty string as default. Specifically:
- We don't specifically need to set
IngressClasstotraefikin tests. - We can simplify
shouldProcessIngress(see below).
provider/kubernetes/kubernetes.go
Outdated
| @@ -135,6 +136,20 @@ func (p *Provider) Provide(configurationChan chan<- types.ConfigMessage, pool *s | |||
| return nil | |||
| } | |||
|
|
|||
| func (p *Provider) shouldProcessIngress(ingressClass string) bool { | |||
| ingressClassRequired := "traefik" | |||
There was a problem hiding this comment.
We could make a constant out of this like
const ingressClassRequired = "traefik"to indicate that this is not a string to be mutated.
That said, I don't think we need the variable/constant anyway if we decide to use the empty string as default value for p.IngressClass.
There was a problem hiding this comment.
@timoreimann you should not this but use a flag with a default ("traefik"). This allows the user to deploy multiple controllers with different class annotations to expose different ingress
There was a problem hiding this comment.
Ah sorry, late night logic flaw on my end. @aledbf is right, we need the default of "traefik".
@yuvipanda please ignore my comments in this regard.
There was a problem hiding this comment.
So in summary, keeping the default of p.IngressClass to traefik should still allow us to simplify the method implementation like this:
func (p *Provider) shouldProcessIngress(ingressClass string) bool {
return ingressClass == "" || ingressClass == p.IngressClass
}I think this should work, though only tests will bring certainty...
|
Thanks for the review everyone! I'm caught up with other work this week, but will try to find some time within the next few days to address them! |
There was a problem hiding this comment.
Ok Sorry for being late to the party on this one.
I have a few concerns:
It appears that we are allowing custom ingress classes, but we do not do any sanity checking on them. What happens if we set the ingress class to "nginx"? Is that something we want to allow/support?
I totally get the nested controller/namespace issue that you are encountering. However, I would propose the following:
Require the traefik ingress class to be traefik or prefixed with traefik-. This would be a sanity check, and would avoid crossover with other ingress controllers etc.
Your jupyter app could create ingresses with the traefik-<namespace> or traefik-<UUID> format, and would be fine, and would function the way you expect them to, while still being visibly traefik related :) .
I am hesitant to approve fully custom classes.
|
I like the prefix idea too, even though it means diverging from the Nginx equivalent option somewhat. |
|
That looks good to me too! I'm making the required changes now. |
|
So looks like the things I need to do still are:
Does that sound right? I'm still sortof new to go, so any pointers for where to find (1) and (2) (or links to similar PRs / functionality in other providers) will be highly appreciated! |
|
(I also did a quick rebase to prevent my branch from getting too stale) |
Side note: I think we should allow the prefix |
|
@timoreimann thank you for your quick response! I've already done (1) early on, so I've just gotten rid of the custom check in shouldProcessIngress. I wasn't sure if (1) sets the defaults everywhere (including tests) or just when running the binary. For (2), can you help me understand why we validating that there instead of wherever it is the config.toml file is being parsed? Wouldn't that help us error out earlier? Or do we need to do this for each ingress because traefik's configuration is so dynamic? I'll work on tests next! |
Since we set the default already in cmd/traefik/configuration.go
There was a problem hiding this comment.
LGTM -- thanks a ton to both @yuvipanda for the original effort and @nmengin for finishing off! 👏
I can take care of extending the guide in a follow up PR.
Did this ever get completed? I just read this thread with interest but it's not clear how to make use of the new feature that this PR added. Can I just add IngressClass = "traefik-xxx" to my .toml file? |
|
@beyond-code-github I could have sworn that I pushed a follow-up PR to update the docs. Looks like I never did though! Thanks for the hint, will fix that soon. In the meantime, the comment to the So the answer to your question is: yes, |
|
Thanks for the swift response @timoreimann ! |
Description
Allow configuring the values of the
kubernetes.io/ingress.classannotationon ingress objects that traefik will process. This is useful when you have
multiple traefik servers in one kubernetes cluster, and you want tight control
over which Ingresses are processed by which servers.
Fixes #2221