Merge pull request #1645 from Caascad/ignore_tls_rules

Optionally ignore tls rules in ingress source
2025-08-06 09:36:58 +02:00 · 2020-09-24 01:12:05 -07:00 · 2020-09-24 01:12:05 -07:00 · 32fedeaf07
commit 32fedeaf07
parent b74f583a6b fefb1b2777
6 changed files with 60 additions and 10 deletions
--- a/main.go
+++ b/main.go
@ -103,6 +103,7 @@ func main() {
 		FQDNTemplate:                   cfg.FQDNTemplate,
 		CombineFQDNAndAnnotation:       cfg.CombineFQDNAndAnnotation,
 		IgnoreHostnameAnnotation:       cfg.IgnoreHostnameAnnotation,
+		IgnoreIngressTLSSpec:           cfg.IgnoreIngressTLSSpec,
 		Compatibility:                  cfg.Compatibility,
 		PublishInternal:                cfg.PublishInternal,
 		PublishHostIP:                  cfg.PublishHostIP,
--- a/pkg/apis/externaldns/types.go
+++ b/pkg/apis/externaldns/types.go
@ -50,6 +50,7 @@ type Config struct {
 	FQDNTemplate                      string
 	CombineFQDNAndAnnotation          bool
 	IgnoreHostnameAnnotation          bool
+	IgnoreIngressTLSSpec              bool
 	Compatibility                     string
 	PublishInternal                   bool
 	PublishHostIP                     bool
@ -159,6 +160,7 @@ var defaultConfig = &Config{
 	FQDNTemplate:                "",
 	CombineFQDNAndAnnotation:    false,
 	IgnoreHostnameAnnotation:    false,
+	IgnoreIngressTLSSpec:        false,
 	Compatibility:               "",
 	PublishInternal:             false,
 	PublishHostIP:               false,
@ -311,6 +313,7 @@ func (cfg *Config) ParseFlags(args []string) error {
 	app.Flag("fqdn-template", "A templated string that's used to generate DNS names from sources that don't define a hostname themselves, or to add a hostname suffix when paired with the fake source (optional). Accepts comma separated list for multiple global FQDN.").Default(defaultConfig.FQDNTemplate).StringVar(&cfg.FQDNTemplate)
 	app.Flag("combine-fqdn-annotation", "Combine FQDN template and Annotations instead of overwriting").BoolVar(&cfg.CombineFQDNAndAnnotation)
 	app.Flag("ignore-hostname-annotation", "Ignore hostname annotation when generating DNS names, valid only when using fqdn-template is set (optional, default: false)").BoolVar(&cfg.IgnoreHostnameAnnotation)
+	app.Flag("ignore-ingress-tls-spec", "Ignore tls spec section in ingresses resources, applicable only for ingress sources (optional, default: false)").BoolVar(&cfg.IgnoreIngressTLSSpec)
 	app.Flag("compatibility", "Process annotation semantics from legacy implementations (optional, options: mate, molecule)").Default(defaultConfig.Compatibility).EnumVar(&cfg.Compatibility, "", "mate", "molecule")
 	app.Flag("publish-internal-services", "Allow external-dns to publish DNS records for ClusterIP services (optional)").BoolVar(&cfg.PublishInternal)
 	app.Flag("publish-host-ip", "Allow external-dns to publish host-ip for headless services (optional)").BoolVar(&cfg.PublishHostIP)
--- a/pkg/apis/externaldns/types_test.go
+++ b/pkg/apis/externaldns/types_test.go
@ -113,6 +113,7 @@ var (
 		Sources:                     []string{"service", "ingress", "connector"},
 		Namespace:                   "namespace",
 		IgnoreHostnameAnnotation:    true,
+		IgnoreIngressTLSSpec:        true,
 		FQDNTemplate:                "{{.Name}}.service.example.com",
 		Compatibility:               "mate",
 		Provider:                    "google",
@ -218,6 +219,7 @@ func TestParseFlags(t *testing.T) {
 				"--namespace=namespace",
 				"--fqdn-template={{.Name}}.service.example.com",
 				"--ignore-hostname-annotation",
+				"--ignore-ingress-tls-spec",
 				"--compatibility=mate",
 				"--provider=google",
 				"--google-project=project",
@ -310,6 +312,7 @@ func TestParseFlags(t *testing.T) {
 				"EXTERNAL_DNS_NAMESPACE":                       "namespace",
 				"EXTERNAL_DNS_FQDN_TEMPLATE":                   "{{.Name}}.service.example.com",
 				"EXTERNAL_DNS_IGNORE_HOSTNAME_ANNOTATION":      "1",
+				"EXTERNAL_DNS_IGNORE_INGRESS_TLS_SPEC":         "1",
 				"EXTERNAL_DNS_COMPATIBILITY":                   "mate",
 				"EXTERNAL_DNS_PROVIDER":                        "google",
 				"EXTERNAL_DNS_GOOGLE_PROJECT":                  "project",
--- a/source/ingress.go
+++ b/source/ingress.go
@ -56,10 +56,11 @@ type ingressSource struct {
 	combineFQDNAnnotation    bool
 	ignoreHostnameAnnotation bool
 	ingressInformer          extinformers.IngressInformer
+	ignoreIngressTLSSpec     bool
 }

 // NewIngressSource creates a new ingressSource with the given config.
-func NewIngressSource(kubeClient kubernetes.Interface, namespace, annotationFilter string, fqdnTemplate string, combineFqdnAnnotation bool, ignoreHostnameAnnotation bool) (Source, error) {
+func NewIngressSource(kubeClient kubernetes.Interface, namespace, annotationFilter string, fqdnTemplate string, combineFqdnAnnotation bool, ignoreHostnameAnnotation bool, ignoreIngressTLSSpec bool) (Source, error) {
 	var (
 		tmpl *template.Template
 		err  error
@ -105,6 +106,7 @@ func NewIngressSource(kubeClient kubernetes.Interface, namespace, annotationFilt
 		combineFQDNAnnotation:    combineFqdnAnnotation,
 		ignoreHostnameAnnotation: ignoreHostnameAnnotation,
 		ingressInformer:          ingressInformer,
+		ignoreIngressTLSSpec:     ignoreIngressTLSSpec,
 	}
 	return sc, nil
 }
@ -132,7 +134,7 @@ func (sc *ingressSource) Endpoints(ctx context.Context) ([]*endpoint.Endpoint, e
 			continue
 		}

-		ingEndpoints := endpointsFromIngress(ing, sc.ignoreHostnameAnnotation)
+		ingEndpoints := endpointsFromIngress(ing, sc.ignoreHostnameAnnotation, sc.ignoreIngressTLSSpec)

 		// apply template if host is missing on ingress
 		if (sc.combineFQDNAnnotation || len(ingEndpoints) == 0) && sc.fqdnTemplate != nil {
@ -240,7 +242,7 @@ func (sc *ingressSource) setDualstackLabel(ingress *v1beta1.Ingress, endpoints [
 }

 // endpointsFromIngress extracts the endpoints from ingress object
-func endpointsFromIngress(ing *v1beta1.Ingress, ignoreHostnameAnnotation bool) []*endpoint.Endpoint {
+func endpointsFromIngress(ing *v1beta1.Ingress, ignoreHostnameAnnotation bool, ignoreIngressTLSSpec bool) []*endpoint.Endpoint {
 	var endpoints []*endpoint.Endpoint

 	ttl, err := getTTLFromAnnotations(ing.Annotations)
@ -263,12 +265,15 @@ func endpointsFromIngress(ing *v1beta1.Ingress, ignoreHostnameAnnotation bool) [
 		endpoints = append(endpoints, endpointsForHostname(rule.Host, targets, ttl, providerSpecific, setIdentifier)...)
 	}

-	for _, tls := range ing.Spec.TLS {
-		for _, host := range tls.Hosts {
-			if host == "" {
-				continue
+	// Skip endpoints if we do not want entries from tls spec section
+	if !ignoreIngressTLSSpec {
+		for _, tls := range ing.Spec.TLS {
+			for _, host := range tls.Hosts {
+				if host == "" {
+					continue
+				}
+				endpoints = append(endpoints, endpointsForHostname(host, targets, ttl, providerSpecific, setIdentifier)...)
 			}
-			endpoints = append(endpoints, endpointsForHostname(host, targets, ttl, providerSpecific, setIdentifier)...)
 		}
 	}

--- a/source/ingress_test.go
+++ b/source/ingress_test.go
@ -52,6 +52,7 @@ func (suite *IngressSuite) SetupTest() {
 		"{{.Name}}",
 		false,
 		false,
+		false,
 	)
 	suite.NoError(err, "should initialize ingress source")

@ -134,6 +135,7 @@ func TestNewIngressSource(t *testing.T) {
 				ti.fqdnTemplate,
 				ti.combineFQDNAndAnnotation,
 				false,
+				false,
 			)
 			if ti.expectError {
 				assert.Error(t, err)
@ -221,7 +223,7 @@ func testEndpointsFromIngress(t *testing.T) {
 	} {
 		t.Run(ti.title, func(t *testing.T) {
 			realIngress := ti.ingress.Ingress()
-			validateEndpoints(t, endpointsFromIngress(realIngress, false), ti.expected)
+			validateEndpoints(t, endpointsFromIngress(realIngress, false, false), ti.expected)
 		})
 	}
 }
@ -238,6 +240,7 @@ func testIngressEndpoints(t *testing.T) {
 		fqdnTemplate             string
 		combineFQDNAndAnnotation bool
 		ignoreHostnameAnnotation bool
+		ignoreIngressTLSSpec     bool
 	}{
 		{
 			title:           "no ingress",
@ -993,6 +996,39 @@ func testIngressEndpoints(t *testing.T) {
 				},
 			},
 		},
+		{
+			title:                    "ignore tls section",
+			targetNamespace:          "",
+			ignoreIngressTLSSpec:     true,
+			ingressItems: []fakeIngress{
+				{
+					name:      "fake1",
+					namespace: namespace,
+					tlsdnsnames: [][]string{{"example.org"}},
+					ips:         []string{"1.2.3.4"},
+				},
+		  },
+			expected: []*endpoint.Endpoint{},
+		},
+		{
+			title:                    "reading tls section",
+			targetNamespace:          "",
+			ignoreIngressTLSSpec:     false,
+			ingressItems: []fakeIngress{
+				{
+					name:      "fake1",
+					namespace: namespace,
+					tlsdnsnames: [][]string{{"example.org"}},
+					ips:         []string{"1.2.3.4"},
+				},
+		  },
+			expected: []*endpoint.Endpoint{
+				{
+					DNSName: "example.org",
+					Targets: endpoint.Targets{"1.2.3.4"},
+				},
+			},
+		},
 	} {
 		t.Run(ti.title, func(t *testing.T) {
 			ingresses := make([]*v1beta1.Ingress, 0)
@ -1008,6 +1044,7 @@ func testIngressEndpoints(t *testing.T) {
 				ti.fqdnTemplate,
 				ti.combineFQDNAndAnnotation,
 				ti.ignoreHostnameAnnotation,
+				ti.ignoreIngressTLSSpec,
 			)
 			for _, ingress := range ingresses {
 				_, err := fakeClient.ExtensionsV1beta1().Ingresses(ingress.Namespace).Create(context.Background(), ingress, metav1.CreateOptions{})
--- a/source/store.go
+++ b/source/store.go
@ -45,6 +45,7 @@ type Config struct {
 	FQDNTemplate                   string
 	CombineFQDNAndAnnotation       bool
 	IgnoreHostnameAnnotation       bool
+	IgnoreIngressTLSSpec           bool
 	Compatibility                  string
 	PublishInternal                bool
 	PublishHostIP                  bool
@ -184,7 +185,7 @@ func BuildWithConfig(source string, p ClientGenerator, cfg *Config) (Source, err
 		if err != nil {
 			return nil, err
 		}
-		return NewIngressSource(client, cfg.Namespace, cfg.AnnotationFilter, cfg.FQDNTemplate, cfg.CombineFQDNAndAnnotation, cfg.IgnoreHostnameAnnotation)
+		return NewIngressSource(client, cfg.Namespace, cfg.AnnotationFilter, cfg.FQDNTemplate, cfg.CombineFQDNAndAnnotation, cfg.IgnoreHostnameAnnotation, cfg.IgnoreIngressTLSSpec)
 	case "istio-gateway":
 		kubernetesClient, err := p.KubeClient()
 		if err != nil {