Fixed bug where ingress table printer did not check to see if HTTP was enabled before including port 80 in the output #90658
Conversation
k8s-ci-robot
added
release-note
|
/sig cli |
k8s-ci-robot
added
sig/cli
|
/retest |
|
/assign @janetkuo |
k8s-ci-robot
added
the
lgtm
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: brianpursley, soltysh The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
k8s-ci-robot
removed
the
lgtm
brianpursley
force-pushed
the
kubectl-500
branch
2 times, most recently
from
39df2f3 to
c9874e3
Compare
…s enabled before including port 80 in the output
|
@soltysh I resolved your comment, but then after taking a second look, I reverted back. I think there is actually an invalid config that could occur by mistake if the user does not set TLS, and explicitly sets the If you still think I should make the change to default to "80" even if the |
k8s-ci-robot
added
the
lgtm
|
/retest |
| return "80, 443" | ||
| func formatPorts(obj *networking.Ingress) string { | ||
| allowHTTP := true | ||
| if annotationValue, exists := obj.Annotations["kubernetes.io/ingress.allow-http"]; exists { |
There was a problem hiding this comment.
is this officially part of the ingress API?
There was a problem hiding this comment.
Good call, I guess someone from networking can weigh in.
The current code just hard codes the assumption that if you have TLS, ports are "443, 80" and otherwise just "80".
From what I can tell, kubernetes.io/ingress.allow-http is valid at least for ingress-gce:
https://github.com/kubernetes/ingress-gce/blob/c7c2a08366ed113009b60f88aca8760f43034c93/pkg/annotations/ingress.go#L30-L35.
There was a problem hiding this comment.
To be honest, and probably this is what you're getting at, it seems like the port numbers should not even be determined within the printer.
Seems like the ports should be reported out as status from the various ingress controllers, because in theory it would not even have to be 443 and 80.
|
/hold would like an ack from networking folks that this is part of the API we should modify the API server to honor |
k8s-ci-robot
added
the
do-not-merge/hold
|
/remove-sig cli |
k8s-ci-robot
added
sig/network
|
To @liggitt 's point AWS has its own annotations that affect this It seems like the problem is kubectl cannot know, without checking ingress provider-specific annotations, which ports are ACTUALLY being used. I don't see this being merged as it is right now, so I'm going to go ahead and close this PR. I'll make a note in the issue of what the challenge is in doing this. |
|
@brianpursley: PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
the
needs-rebase
What type of PR is this?
/kind bug
What this PR does / why we need it:
The ingress table printer was assuming ports to be 80 and 443 if TLS is configured. But this is not always true. You can set the
kubernetes.io/ingress.allow-httpannotation tofalseand that will disable HTTP and so in this case the ingress table printer should output only 443. This PR fixes this bug.Which issue(s) this PR fixes:
Fixes kubernetes/kubectl#500
Special notes for your reviewer:
The "HTTP and HTTPS ports" unit test case is the original unit test (pre-PR). I added four additional cases. My goal was not to change the test, but just add more cases.
Does this PR introduce a user-facing change?:
Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.: