From b8bf7c81143e9b4ad5ef89acbc5e245bd039545a Mon Sep 17 00:00:00 2001 From: Tao Yi Date: Wed, 6 Dec 2023 18:11:58 +0800 Subject: [PATCH 1/4] Fix: Add --emit-translation-events to toggle creating of events in translation and config applying (#5296) * add --emit-translation-events to toggle creating of events in translation and config applying * update changelog * Update internal/manager/run.go Co-authored-by: Jintao Zhang * Capitalize logs Co-authored-by: Jakub Warczarek --------- Co-authored-by: Jintao Zhang Co-authored-by: Jakub Warczarek (cherry picked from commit 8b3d551ea7c93048add583f517992e8a6883e7d7) --- CHANGELOG.md | 61 +++++++++++++++++++++++++++++++++++++- docs/cli-arguments.md | 4 +++ internal/manager/config.go | 4 ++- internal/manager/run.go | 10 ++++++- 4 files changed, 76 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 63fec9dd86..c4d7e60f77 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,9 @@ Adding a new version? You'll need three changes: * Add the diff link, like "[2.7.0]: https://github.com/kong/kubernetes-ingress-controller/compare/v1.2.2...v1.2.3". This is all the way at the bottom. It's the thing we always forget. ---> + - [2.12.3](#2123) + - [2.12.2](#2122) + - [2.12.1](#2121) - [2.12.0](#2120) - [2.11.1](#2111) - [2.11.0](#2110) @@ -75,7 +78,63 @@ Adding a new version? You'll need three changes: - [0.0.5](#005) - [0.0.4 and prior](#004-and-prior) -## 2.12.0 +## [2.12.3] + +> Release date: TBD + +### Added + +- Added `--emit-translation-events` CLI flag to disable the creation of events + in translating and applying configurations to Kong. + [#5296](https://github.com/Kong/kubernetes-ingress-controller/pull/5296) + +## [2.12.2] + +> Release date: 2023-11-22 + +### Fixed + +- Using an Ingress with annotation `konghq.com/rewrite` and another Ingress without it pointing to the same Service, + will no longer cause synchronization loop and random request failures due to incorrect routing. + [#5215](https://github.com/Kong/kubernetes-ingress-controller/pull/5215) +- Using the same Service in one Ingress as a target for ingress rule and default backend works without issues. + [#5217](https://github.com/Kong/kubernetes-ingress-controller/pull/5217) + +### Known issues + +- **Only when combined routes are not enabled**, generated Kong routes may have conflicting names, that leads to + incorrect routing. In such case the descriptive error message is now provided. Use feature gate `CombinedRoutes=true` + or update Kong Kubernetes Ingress Controller version to 3.0.0 or above (both remediation changes naming schema of Kong routes). + [#5198](https://github.com/Kong/kubernetes-ingress-controller/issues/5198) + +## [2.12.1] + +> Release date: 2023-11-09 + +### Fixed + +- Credentials Secrets that are not referenced by any KongConsumer but violate the KongConsumer + basic level validation (invalid credential type or missing required fields) are now rejected + by the admission webhook. + [#4887](https://github.com/Kong/kubernetes-ingress-controller/pull/4887) +- Error logs emitted from Gateway Discovery readiness checker that should be + logged at `debug` level are now logged at that level. + [#5030](https://github.com/Kong/kubernetes-ingress-controller/pull/5030) +- Fix `panic` when last known configuration fetcher gets a `nil` Status when requesting + `/status` from Kong Gateway. + This happens when Gateway is responding with a 50x HTTP status code. + [#5120](https://github.com/Kong/kubernetes-ingress-controller/pull/5120) +- Use 46 bits in values of priorities of generated Kong routes when expression + rotuer is enabled to limit the priorities to be less than `1e14`. This + prevents them to be encoded into scientific notation when dumping + configurations from admin API that brings precision loss and type + inconsistency in decoding JSON/YAML data to `uint64`. + This change will limit number of `HTTPRoute`s that can be + deterministically sorted by their creation timestamps, names and internal + rule orders to `2^12=4096` and number of `GRPCRoutes` can be sorted to `2^8=256`. + [#5124](https://github.com/Kong/kubernetes-ingress-controller/pull/5124) + +## [2.12.0] > Release date: 2023-09-25 diff --git a/docs/cli-arguments.md b/docs/cli-arguments.md index 26bfb0aa82..72ad54dd6b 100644 --- a/docs/cli-arguments.md +++ b/docs/cli-arguments.md @@ -18,6 +18,10 @@ | `--dump-sensitive-config` | `bool` | Include credentials and TLS secrets in configs exposed with --dump-config. | `false` | | `--election-id` | `string` | Election id to use for status update. | `5b374a9e.konghq.com` | | `--election-namespace` | `string` | Leader election namespace to use when running outside a cluster. | | +| `--emit-translation-events` | `bool` | Emit Kubernetes events for successful configuration applies, translation failures and configuration apply failures on managed objects. | `true` | +| `--enable-controller-gwapi-gateway` | `bool` | Enable the Gateway API Gateway controller. | `true` | +| `--enable-controller-gwapi-httproute` | `bool` | Enable the Gateway API HTTPRoute controller. | `true` | +| `--enable-controller-gwapi-reference-grant` | `bool` | Enable the Gateway API ReferenceGrant controller. | `true` | | `--enable-controller-ingress-class-networkingv1` | `bool` | Enable the networking.k8s.io/v1 IngressClass controller. | `true` | | `--enable-controller-ingress-class-parameters` | `bool` | Enable the IngressClassParameters controller. | `true` | | `--enable-controller-ingress-networkingv1` | `bool` | Enable the networking.k8s.io/v1 Ingress controller. | `true` | diff --git a/internal/manager/config.go b/internal/manager/config.go index c372c39b9a..916b1a78c1 100644 --- a/internal/manager/config.go +++ b/internal/manager/config.go @@ -82,6 +82,7 @@ type Config struct { WatchNamespaces []string GatewayAPIControllerName string Impersonate string + EmitTranslationEvents bool // Ingress status PublishServiceUDP OptionalNamespacedName @@ -199,7 +200,8 @@ func (c *Config) FlagSet() *pflag.FlagSet { flagSet.StringSliceVar(&c.FilterTags, "kong-admin-filter-tag", []string{"managed-by-ingress-controller"}, "The tag used to manage and filter entities in Kong. This flag can be specified multiple times to specify multiple tags. This setting will be silently ignored if the Kong instance has no tags support.") flagSet.IntVar(&c.Concurrency, "kong-admin-concurrency", 10, "Max number of concurrent requests sent to Kong's Admin API.") flagSet.StringSliceVar(&c.WatchNamespaces, "watch-namespace", nil, - `Namespace(s) to watch for Kubernetes resources. Defaults to all namespaces. To watch multiple namespaces, use a comma-separated list of namespaces.`) + `Namespace(s) in comma-separated format (or specify this flag multiple times) to watch for Kubernetes resources. Defaults to all namespaces.`) + flagSet.BoolVar(&c.EmitTranslationEvents, "emit-translation-events", true, `Emit Kubernetes events for successful configuration applies, translation failures and configuration apply failures on managed objects.`) // Ingress status flagSet.Var(flags.NewValidatedValue(&c.PublishService, namespacedNameFromFlagValue, nnTypeNameOverride), "publish-service", diff --git a/internal/manager/run.go b/internal/manager/run.go index 700e43ae6d..4344bcaa7e 100644 --- a/internal/manager/run.go +++ b/internal/manager/run.go @@ -15,6 +15,7 @@ import ( "github.com/go-logr/logr" "github.com/sirupsen/logrus" "k8s.io/apimachinery/pkg/util/sets" + "k8s.io/client-go/tools/record" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/healthz" "sigs.k8s.io/controller-runtime/pkg/manager" @@ -138,7 +139,14 @@ func Run(ctx context.Context, c *Config, diagnostic util.ConfigDumpDiagnostic, d } setupLog.Info("Initializing Dataplane Client") - eventRecorder := mgr.GetEventRecorderFor(KongClientEventRecorderComponentName) + var eventRecorder record.EventRecorder + if c.EmitTranslationEvents { + setupLog.Info("Emit translation event enabled, create event recorder for " + KongClientEventRecorderComponentName) + eventRecorder = mgr.GetEventRecorderFor(KongClientEventRecorderComponentName) + } else { + setupLog.Info("Emit translation event disabled, discard all events") + eventRecorder = &record.FakeRecorder{} + } readinessChecker := clients.NewDefaultReadinessChecker(adminAPIClientsFactory, setupLog.WithName("readiness-checker")) clientsManager, err := clients.NewAdminAPIClientsManager( From ae49c0ea9a769e6e455cbc73726a9dc33f46ff51 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Grzegorz=20Burzy=C5=84ski?= Date: Wed, 6 Dec 2023 14:36:55 +0100 Subject: [PATCH 2/4] fix: change events emit toggle name to --emit-kubernetes-events (#5299) --- CHANGELOG.md | 3 ++- docs/cli-arguments.md | 2 +- internal/manager/config.go | 4 ++-- internal/manager/run.go | 7 ++++--- 4 files changed, 9 insertions(+), 7 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c4d7e60f77..259421b488 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -84,9 +84,10 @@ Adding a new version? You'll need three changes: ### Added -- Added `--emit-translation-events` CLI flag to disable the creation of events +- Added `--emit-kubernetes-events` CLI flag to disable the creation of events in translating and applying configurations to Kong. [#5296](https://github.com/Kong/kubernetes-ingress-controller/pull/5296) + [#5299](https://github.com/Kong/kubernetes-ingress-controller/pull/5299) ## [2.12.2] diff --git a/docs/cli-arguments.md b/docs/cli-arguments.md index 72ad54dd6b..5e2b0c4862 100644 --- a/docs/cli-arguments.md +++ b/docs/cli-arguments.md @@ -18,7 +18,7 @@ | `--dump-sensitive-config` | `bool` | Include credentials and TLS secrets in configs exposed with --dump-config. | `false` | | `--election-id` | `string` | Election id to use for status update. | `5b374a9e.konghq.com` | | `--election-namespace` | `string` | Leader election namespace to use when running outside a cluster. | | -| `--emit-translation-events` | `bool` | Emit Kubernetes events for successful configuration applies, translation failures and configuration apply failures on managed objects. | `true` | +| `--emit-kubernetes-events` | `bool` | Emit Kubernetes events for successful configuration applies, translation failures and configuration apply failures on managed objects. | `true` | | `--enable-controller-gwapi-gateway` | `bool` | Enable the Gateway API Gateway controller. | `true` | | `--enable-controller-gwapi-httproute` | `bool` | Enable the Gateway API HTTPRoute controller. | `true` | | `--enable-controller-gwapi-reference-grant` | `bool` | Enable the Gateway API ReferenceGrant controller. | `true` | diff --git a/internal/manager/config.go b/internal/manager/config.go index 916b1a78c1..e4e5eea19e 100644 --- a/internal/manager/config.go +++ b/internal/manager/config.go @@ -82,7 +82,7 @@ type Config struct { WatchNamespaces []string GatewayAPIControllerName string Impersonate string - EmitTranslationEvents bool + EmitKubernetesEvents bool // Ingress status PublishServiceUDP OptionalNamespacedName @@ -201,7 +201,7 @@ func (c *Config) FlagSet() *pflag.FlagSet { flagSet.IntVar(&c.Concurrency, "kong-admin-concurrency", 10, "Max number of concurrent requests sent to Kong's Admin API.") flagSet.StringSliceVar(&c.WatchNamespaces, "watch-namespace", nil, `Namespace(s) in comma-separated format (or specify this flag multiple times) to watch for Kubernetes resources. Defaults to all namespaces.`) - flagSet.BoolVar(&c.EmitTranslationEvents, "emit-translation-events", true, `Emit Kubernetes events for successful configuration applies, translation failures and configuration apply failures on managed objects.`) + flagSet.BoolVar(&c.EmitKubernetesEvents, "emit-kubernetes-events", true, `Emit Kubernetes events for successful configuration applies, translation failures and configuration apply failures on managed objects.`) // Ingress status flagSet.Var(flags.NewValidatedValue(&c.PublishService, namespacedNameFromFlagValue, nnTypeNameOverride), "publish-service", diff --git a/internal/manager/run.go b/internal/manager/run.go index 4344bcaa7e..730ba9d627 100644 --- a/internal/manager/run.go +++ b/internal/manager/run.go @@ -140,11 +140,12 @@ func Run(ctx context.Context, c *Config, diagnostic util.ConfigDumpDiagnostic, d setupLog.Info("Initializing Dataplane Client") var eventRecorder record.EventRecorder - if c.EmitTranslationEvents { - setupLog.Info("Emit translation event enabled, create event recorder for " + KongClientEventRecorderComponentName) + if c.EmitKubernetesEvents { + setupLog.Info("Emitting Kubernetes events enabled, creating an event recorder for " + KongClientEventRecorderComponentName) eventRecorder = mgr.GetEventRecorderFor(KongClientEventRecorderComponentName) } else { - setupLog.Info("Emit translation event disabled, discard all events") + setupLog.Info("Emitting Kubernetes events disabled, discarding all events") + // Create an empty record.FakeRecorder with no Events channel to discard all events. eventRecorder = &record.FakeRecorder{} } From 7067f68567883e34512c8356331a5b5aab19c17e Mon Sep 17 00:00:00 2001 From: Jintao Zhang Date: Thu, 7 Dec 2023 19:21:37 +0800 Subject: [PATCH 3/4] docs: re-generate docs/cli-arguments.md Signed-off-by: Jintao Zhang --- docs/cli-arguments.md | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/docs/cli-arguments.md b/docs/cli-arguments.md index 5e2b0c4862..adee97371b 100644 --- a/docs/cli-arguments.md +++ b/docs/cli-arguments.md @@ -19,9 +19,6 @@ | `--election-id` | `string` | Election id to use for status update. | `5b374a9e.konghq.com` | | `--election-namespace` | `string` | Leader election namespace to use when running outside a cluster. | | | `--emit-kubernetes-events` | `bool` | Emit Kubernetes events for successful configuration applies, translation failures and configuration apply failures on managed objects. | `true` | -| `--enable-controller-gwapi-gateway` | `bool` | Enable the Gateway API Gateway controller. | `true` | -| `--enable-controller-gwapi-httproute` | `bool` | Enable the Gateway API HTTPRoute controller. | `true` | -| `--enable-controller-gwapi-reference-grant` | `bool` | Enable the Gateway API ReferenceGrant controller. | `true` | | `--enable-controller-ingress-class-networkingv1` | `bool` | Enable the networking.k8s.io/v1 IngressClass controller. | `true` | | `--enable-controller-ingress-class-parameters` | `bool` | Enable the IngressClassParameters controller. | `true` | | `--enable-controller-ingress-networkingv1` | `bool` | Enable the networking.k8s.io/v1 Ingress controller. | `true` | @@ -85,5 +82,5 @@ | `--term-delay` | `duration` | The time delay to sleep before SIGTERM or SIGINT will shut down the Ingress Controller. | `0s` | | `--update-status` | `bool` | Indicates if the ingress controller should update the status of resources (e.g. IP/Hostname for v1.Ingress, e.t.c.). | `true` | | `--update-status-queue-buffer-size` | `int` | Buffer size of the underlying channels used to update the status of resources. | `8192` | -| `--watch-namespace` | `stringSlice` | Namespace(s) to watch for Kubernetes resources. Defaults to all namespaces. To watch multiple namespaces, use a comma-separated list of namespaces. | `[]` | +| `--watch-namespace` | `stringSlice` | Namespace(s) in comma-separated format (or specify this flag multiple times) to watch for Kubernetes resources. Defaults to all namespaces. | `[]` | From 597371d1f91bf6bf5c2623fb04aac03c26505b6b Mon Sep 17 00:00:00 2001 From: Jintao Zhang Date: Fri, 8 Dec 2023 14:42:33 +0800 Subject: [PATCH 4/4] Update CHANGELOG Signed-off-by: Jintao Zhang --- CHANGELOG.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 259421b488..873b21d33b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -82,8 +82,12 @@ Adding a new version? You'll need three changes: > Release date: TBD -### Added +### Fixed +- Fix(manager): set InitCacheSyncDuration to 5s by default and allow it to be configured via cli. + [#5238](https://github.com/Kong/kubernetes-ingress-controller/pull/5238) +- Don't set `instance_name` of plugin if Kong version is below 3.2.0. + [#5250](https://github.com/Kong/kubernetes-ingress-controller/pull/5250) - Added `--emit-kubernetes-events` CLI flag to disable the creation of events in translating and applying configurations to Kong. [#5296](https://github.com/Kong/kubernetes-ingress-controller/pull/5296)