Support non-vs created Challenge Ingress (#3463)

nginx · Jan 20, 2023 · 241e7a3 · 241e7a3
1 parent 3637ddd
commit 241e7a3
Show file tree

Hide file tree

Showing 2 changed files with 48 additions and 4 deletions.
diff --git a/internal/k8s/configuration.go b/internal/k8s/configuration.go
@@ -1299,11 +1299,11 @@ func (c *Configuration) buildHostsAndResources() (newHosts map[string]Resource,
 		var resource *IngressConfiguration
 
 		if val := c.isChallengeIngress(ing); val {
-			// if using cert-manager with Ingress, the challenge Ingress must be Minion
-			// and this code won't be reached. With VS, the challenge Ingress must not be Minion.
 			vsr := c.convertIngressToVSR(ing)
-			challengesVSR = append(challengesVSR, vsr)
-			continue
+			if vsr != nil {
+				challengesVSR = append(challengesVSR, vsr)
+				continue
+			}
 		}
 
 		if isMaster(ing) {
@@ -1407,6 +1407,10 @@ func (c *Configuration) isChallengeIngress(ing *networking.Ingress) bool {
 func (c *Configuration) convertIngressToVSR(ing *networking.Ingress) *conf_v1.VirtualServerRoute {
 	rule := ing.Spec.Rules[0]
 
+	if !c.isChallengeIngressOwnerVs(rule.Host) {
+		return nil
+	}
+
 	vs := &conf_v1.VirtualServerRoute{
 		ObjectMeta: metav1.ObjectMeta{
 			Namespace: ing.Namespace,
@@ -1435,6 +1439,16 @@ func (c *Configuration) convertIngressToVSR(ing *networking.Ingress) *conf_v1.Vi
 	return vs
 }
 
+func (c *Configuration) isChallengeIngressOwnerVs(host string) bool {
+	for _, key := range getSortedVirtualServerKeys(c.virtualServers) {
+		vs := c.virtualServers[key]
+		if host == vs.Spec.Host {
+			return true
+		}
+	}
+	return false
+}
+
 func (c *Configuration) buildMinionConfigs(masterHost string) ([]*MinionConfiguration, map[string][]string) {
 	var minionConfigs []*MinionConfiguration
 	childWarnings := make(map[string][]string)

diff --git a/internal/k8s/configuration_test.go b/internal/k8s/configuration_test.go
@@ -2761,6 +2761,36 @@ func TestChallengeIngressToVSR(t *testing.T) {
 	}
 }
 
+func TestChallengeIngressNoVSR(t *testing.T) {
+	configuration := createTestConfiguration()
+
+	var expectedProblems []ConfigurationProblem
+
+	vs := createTestVirtualServer("virtualserver", "bar.example.com")
+	ing := createTestChallengeIngress("challenge", "foo.example.com", "/.well-known/acme-challenge/test", "cm-acme-http-solver-test")
+	configuration.AddOrUpdateVirtualServer(vs)
+	expectedChanges := []ResourceChange{
+		{
+			Op: AddOrUpdate,
+			Resource: &IngressConfiguration{
+				Ingress: ing,
+				ValidHosts: map[string]bool{
+					"foo.example.com": true,
+				},
+				ChildWarnings: map[string][]string{},
+			},
+		},
+	}
+
+	changes, problems := configuration.AddOrUpdateIngress(ing)
+	if diff := cmp.Diff(expectedChanges, changes); diff != "" {
+		t.Errorf("AddOrUpdateIngress() returned unexpected result (-want +got):\n%s", diff)
+	}
+	if diff := cmp.Diff(expectedProblems, problems); diff != "" {
+		t.Errorf("AddOrUpdateIngress() returned unexpected result (-want +got):\n%s", diff)
+	}
+}
+
 func mustInitGlobalConfiguration(c *Configuration, gc *conf_v1alpha1.GlobalConfiguration) {
 	changes, problems, err := c.AddOrUpdateGlobalConfiguration(gc)