feat(controller): use ingressClass support

duanhongyi · duanhongyi · commit 7d969479c1cb · 2022-12-01T17:06:09.000+08:00
diff --git a/charts/controller/templates/controller-clusterrole.yaml b/charts/controller/templates/controller-clusterrole.yaml
@@ -64,6 +64,9 @@ rules:
 - apiGroups: ["networking.k8s.io"]
   resources: ["ingresses"]
   verbs: ["get", "list", "create", "delete", "deletecollection", "patch", "update"]
+- apiGroups: ["networking.k8s.io"]
+  resources: ["ingressclasses"]
+  verbs: ["get"]
 - apiGroups: ["apps"]
   resources: ["replicasets"]
   verbs: ["get", "list", "watch"]
diff --git a/rootfs/scheduler/resources/ingress/__init__.py b/rootfs/scheduler/resources/ingress/__init__.py
@@ -1,9 +1,10 @@
-from .base import IngressFactory, WildcardPathIngress
+from .base import IngressClass, WildcardPathIngress
 from .nginx import NginxIngress
 from .traefik import TraefikIngress
 
 
-IngressFactory.register("gce", WildcardPathIngress)
-IngressFactory.register("alb", WildcardPathIngress)
-IngressFactory.register("traefik", TraefikIngress)
-IngressFactory.register("nginx", NginxIngress)
+# registry ingress class by controller
+IngressClass.register("k8s.io/ingress-gce", WildcardPathIngress)
+IngressClass.register("ingress.k8s.aws/alb", WildcardPathIngress)
+IngressClass.register("traefik.io/ingress-controller", TraefikIngress)
+IngressClass.register("k8s.io/ingress-nginx", NginxIngress)
diff --git a/rootfs/scheduler/resources/ingress/base.py b/rootfs/scheduler/resources/ingress/base.py
@@ -106,16 +106,27 @@ def delete(self, namespace, ingress, ignore_exception=True):
         return response
 
 
-class IngressFactory(Resource):
+class IngressClass(Resource):
 
     short_name = 'ingress'
     ingress_class_map = {
         "default": BaseIngress
     }
 
-    def __call__(self, ingress_name):
-        ingress_cls = self.ingress_class_map.get(ingress_name, self.ingress_class_map["default"])
-        ingress_cls.ingress_class = ingress_name
+    def get(self, ingress_class, ignore_exception=True):
+        response = self.http_get(f"/apis/networking.k8s.io/v1/ingressclasses/{ingress_class}")
+        if not ignore_exception and self.unhealthy(response.status_code):
+            raise KubeHTTPException(response, 'get IngressClasses "{}"', ingress_class)
+
+        return response
+
+    def __call__(self, ingress_class):
+        response = self.get(ingress_class)
+        controller = "default"
+        if response.status_code == 200:
+            controller = response.json()["spec"]["controller"]
+        ingress_cls = self.ingress_class_map.get(controller, self.ingress_class_map["default"])
+        ingress_cls.ingress_class = ingress_class
         return ingress_cls(self.url, self.k8s_api_verify_tls)
 
     @classmethod
diff --git a/rootfs/scheduler/resources/ingress/traefik.py b/rootfs/scheduler/resources/ingress/traefik.py
@@ -92,12 +92,12 @@ def manifest(self, name, resource_version=None):
 class IPWhiteListMiddleware(BaseMiddleware):
     name_suffix = "-ip-white-list"
 
-    def manifest(self, name, allowlist, resource_version=None):
+    def manifest(self, name, allowlist=None, resource_version=None):
         data = super().manifest(name, resource_version)
         data.update({
             "spec": {
                 "ipWhiteList": {
-                    "sourceRange": allowlist
+                    "sourceRange": allowlist if allowlist is not None else []
                 }
             }
         })
@@ -124,42 +124,45 @@ class TraefikIngress(BaseIngress):
 
     def __init__(self, url, k8s_api_verify_tls=True):
         super().__init__(url, k8s_api_verify_tls)
-        self.buffering = BufferingMiddleware(url, k8s_api_verify_tls)
-        self.ip_white_list = IPWhiteListMiddleware(url, k8s_api_verify_tls)
-        self.redirect_scheme = RedirectSchemeMiddleware(url, k8s_api_verify_tls)
+        self.middlewares = {
+            "buffering": BufferingMiddleware(url, k8s_api_verify_tls),
+            "allowlist": IPWhiteListMiddleware(url, k8s_api_verify_tls),
+            "ssl_redirect": RedirectSchemeMiddleware(url, k8s_api_verify_tls),
+        }
 
     def manifest(self, namespace, ingress, **kwargs):
         data = BaseIngress.manifest(self, namespace, ingress, **kwargs)
-        middlewares = [f"{namespace}-{self.buffering.fullname(ingress)}@kubernetescrd", ]
-        if "allowlist" in kwargs and kwargs["allowlist"]:
-            middlewares.append(
-                f"{namespace}-{self.ip_white_list.fullname(ingress)}@kubernetescrd")
-        if "ssl_redirect" in kwargs and kwargs["ssl_redirect"]:
-            middlewares.append(
-                f"{namespace}-{self.redirect_scheme.fullname(ingress)}@kubernetescrd")
+        middlewares = []
+        for middleware in self.middlewares.keys():
+            if middleware == "buffering" or (middleware in kwargs and kwargs[middleware]):
+                name = self.middlewares[middleware].fullname(ingress)
+                middlewares.append(f"{namespace}-{name}@kubernetescrd")
         data["metadata"]["annotations"].update({
             "traefik.ingress.kubernetes.io/router.middlewares": ",".join(middlewares)
         })
         return data
 
     def create(self, namespace, ingress, **kwargs):
         response = super().create(ingress, namespace, **kwargs)
-        self.buffering.create(namespace,  name=self.buffering.fullname(ingress))
-        self.ip_white_list.create(
-            namespace, name=self.ip_white_list.fullname(ingress), allowlist=[])
-        self.redirect_scheme.create(namespace, name=self.redirect_scheme.fullname(ingress))
+        for middleware in self.middlewares.keys():
+            name = self.middlewares[middleware].fullname(ingress)
+            self.middlewares[middleware].create(namespace, name=name)
         return response
 
     def put(self, namespace, ingress, version, **kwargs):
         response = super().put(ingress, namespace, version, **kwargs)
         if "allowlist" in kwargs:
-            self.ip_white_list.put(
-                namespace, self.ip_white_list.fullname(ingress), allowlist=kwargs["allowlist"])
+            name = self.middlewares["allowlist"].fullname(ingress)
+            self.middlewares["allowlist"].put(
+                namespace,
+                name,
+                allowlist=kwargs["allowlist"],
+            )
         return response
 
     def delete(self, namespace, ingress):
         response = super().delete(namespace, ingress)
-        self.buffering.delete(namespace,  self.buffering.fullname(ingress))
-        self.ip_white_list.delete(namespace, self.ip_white_list.fullname(ingress))
-        self.redirect_scheme.delete(namespace, self.redirect_scheme.fullname(ingress))
+        for middleware in self.middlewares.keys():
+            name = self.middlewares[middleware].fullname(ingress)
+            self.middlewares[middleware].delete(namespace, name)
         return response
