Merge branch 'main' of github.com:oracle/oci-native-ingress-controller into dependabot/go_modules/golang.org/x/net-0.17.0

Author: Inbaraj-S

.github/workflows/release.yaml

@@ -20,21 +20,28 @@ jobs:
       IMAGE_REGISTRY: ghcr.io/oracle
     steps:
       - name: Checkout
-        uses: actions/checkout@v3.3.0
+        uses: actions/checkout@v4
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3
         with:
-          platforms: amd64
+          platforms: linux/amd64,linux/arm64
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
 
-      - name: Log into GitHub Container Registry
-        run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${GITHUB_ACTOR,,} --password-stdin
-
-      - name: Build Image
-        run: REGISTRY="${{ env.IMAGE_REGISTRY }}" VERSION="${{ github.ref_name }}" make image
+      - name: Login to Docker
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Push Image
-        run: REGISTRY="${{ env.IMAGE_REGISTRY }}" VERSION="${{ github.ref_name }}" make push
+      - name: Build and push
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm64
+          push: true
+          provenance: false
+          tags: ghcr.io/oracle/oci-native-ingress-controller:${{ github.ref_name }}

Dockerfile

@@ -18,7 +18,7 @@ COPY . ./
 # the docker BUILDPLATFORM arg will be linux/arm64 when for Apple x86 it will be linux/amd64. Therefore,
 # by leaving it empty we can ensure that the container and binary shipped on it will have the same platform.
 #RUN CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -a -o manager main.go
-RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -mod vendor -a -o dist/onic ./main.go
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=${TARGETARCH} GO111MODULE=on go build -mod vendor -a -o dist/onic ./main.go
 
 # For Open source
 FROM oraclelinux:7-slim
@@ -34,4 +34,4 @@ COPY THIRD_PARTY_LICENSES.txt .
 # Copy the manager binary
 COPY --from=builder /workspace/dist/onic .
 
-ENTRYPOINT ["/usr/local/bin/oci-native-ingress-controller/onic"]
+ENTRYPOINT ["/usr/local/bin/oci-native-ingress-controller/onic"]

GettingStarted.md

@@ -46,8 +46,9 @@ This section describes steps to deploy and test OCI-Native-Ingress-Controller.
 ### Prerequisites
 Kubernetes Cluster with Native Pod Networking setup.
 Currently supported kubernetes versions are:
-- v1.25.4
-- v1.26.2
+- 1.26
+- 1.27
+- 1.28
 
 We set up the cluster with native pod networking and update the security rules. 
 The documentation for NPN : [Doc Ref](https://docs.oracle.com/en-us/iaas/Content/ContEng/Concepts/contengpodnetworking_topic-OCI_CNI_plugin.htm).
@@ -105,7 +106,7 @@ If the deployment is done via manifest templates update deployment container arg
 ```
 
 #### Workload Identity
-For workload identity, we have to use [Enhanced Clusters](https://confluence.oci.oraclecorp.com/display/OKE/Enhanced+Clusters), and follow the public documentation to setup policies - [Doc](https://docs.oracle.com/en-us/iaas/Content/ContEng/Tasks/contenggrantingworkloadaccesstoresources.htm)
+For workload identity, we have to use [Enhanced Clusters](https://docs.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengcreatingenhancedclusters.htm), and follow the public documentation to setup policies - [Doc](https://docs.oracle.com/en-us/iaas/Content/ContEng/Tasks/contenggrantingworkloadaccesstoresources.htm)
 
 We have added the support to enable this via the authType flag as follows:
 ```

Makefile

@@ -59,10 +59,10 @@ version:
 
 # Currently only supports amd
 build: ./main.go
-	CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -mod vendor -a -o dist/onic ./main.go
+	CGO_ENABLED=0 GOOS=$(GOOS) GOARCH=$(GOARCH) GO111MODULE=on go build -mod vendor -a -o dist/onic ./main.go
 
 image:
-	docker build -t ${IMAGE_PATH} -f Dockerfile .
+	docker build --build-arg goos=$(GOOS) --build-arg goarch=$(GOARCH) -t ${IMAGE_PATH} -f Dockerfile .
 
 push:
 	docker push ${IMAGE_PATH}

pkg/state/ingressstate.go

@@ -90,11 +90,9 @@ func (s *StateStore) BuildState(ingressClass *networkingv1.IngressClass) error {
 
 	var ingressGroup []*networkingv1.Ingress
 	for _, ing := range ingressList {
-		ingIc, err := util.GetIngressClass(ing, s.IngressClassLister)
-		if err != nil {
-			return errors.Wrap(err, "error getting ingress class")
-		}
-		if ingIc != nil && ingressClass.Name == ingIc.Name && !util.IsIngressDeleting(ing) {
+		if ((ing.Spec.IngressClassName == nil && ingressClass.Annotations[util.IngressClassIsDefault] == "true") ||
+			(ing.Spec.IngressClassName != nil && ingressClass.Name == *ing.Spec.IngressClassName)) &&
+			!util.IsIngressDeleting(ing) {
 			ingressGroup = append(ingressGroup, ing)
 		}
 	}

pkg/state/ingressstate_test.go

@@ -34,6 +34,7 @@ const (
 	ListenerProtocolConfigValidationsFilePath = "validate-listener-protocol-config.yaml"
 	TestIngressStateFilePath                  = "test-ingress-state.yaml"
 	TestIngressStateWithPortNameFilePath      = "test-ingress-state_withportname.yaml"
+	TestIngressStateWithNamedClassesFilePath  = "test-ingress-state_withnamedclasses.yaml"
 )
 
 func setUp(ctx context.Context, ingressClassList *networkingv1.IngressClassList, ingressList *networkingv1.IngressList, testService *v1.ServiceList) (networkinglisters.IngressClassLister, networkinglisters.IngressLister, corelisters.ServiceLister) {
@@ -226,6 +227,25 @@ func TestIngressStateWithPortName(t *testing.T) {
 	assertCases(stateStore)
 }
 
+func TestIngressStateWithNamedClasses(t *testing.T) {
+	RegisterTestingT(t)
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+
+	ingressClassList := testutil.GetIngressClassList()
+
+	ingressList := testutil.ReadResourceAsIngressList(TestIngressStateWithNamedClassesFilePath)
+
+	testService := testutil.GetServiceListResourceWithPortName("default", "tls-test", 80, "tls-port")
+	ingressClassLister, ingressLister, serviceLister := setUp(ctx, ingressClassList, ingressList, testService)
+
+	stateStore := NewStateStore(ingressClassLister, ingressLister, serviceLister, nil)
+	err := stateStore.BuildState(&ingressClassList.Items[0])
+	Expect(err).NotTo(HaveOccurred())
+
+	assertCases(stateStore)
+}
+
 func assertCases(stateStore *StateStore) {
 	ingressName := "ingress-state"
 	allBs := stateStore.GetAllBackendSetForIngressClass()

pkg/state/test-ingress-state_withnamedclasses.yaml

@@ -0,0 +1,123 @@
+#
+# OCI Native Ingress Controller
+#
+# Copyright (c) 2023 Oracle America, Inc. and its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/
+#
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: ingress-state
+  namespace: default
+spec:
+  ingressClassName: default-ingress-class
+  tls:
+  - hosts:
+      - foo.bar.com
+    secretName: secret_name
+  rules:
+  - host: "foo.bar.com"
+    http:
+      paths:
+      - pathType: Prefix
+        path: "/PrefixEcho1"
+        backend:
+          service:
+            name: tls-test
+            port:
+              number: 80
+  - host: "foo.bar.com"
+    http:
+      paths:
+      - pathType: Prefix
+        path: "/ExactEcho1"
+        backend:
+          service:
+            name: tls-test
+            port:
+              number: 70
+---
+
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: ingress-state-excluded
+  namespace: default
+spec:
+  ingressClassName: missing-ingress-class
+  tls:
+    - hosts:
+        - foo.bar.com
+      secretName: secret_name
+  rules:
+    - host: "foo.bar.com"
+      http:
+        paths:
+          - pathType: Prefix
+            path: "/PrefixEcho1/aa"
+            backend:
+              service:
+                name: tls-test
+                port:
+                  number: 80
+    - host: "foo.bar.com"
+      http:
+        paths:
+          - pathType: Prefix
+            path: "/ExactEcho1"
+            backend:
+              service:
+                name: tls-test
+                port:
+                  number: 90
+    - http:
+        paths:
+          - pathType: Prefix
+            path: "/PrefixEcho1"
+            backend:
+              service:
+                name: tls-test
+                port:
+                  number: 100
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: ingress-state-new
+  namespace: default
+spec:
+  ingressClassName: default-ingress-class
+  tls:
+  - hosts:
+      - foo.bar.com
+    secretName: secret_name
+  rules:
+  - host: "foo.bar.com"
+    http:
+      paths:
+      - pathType: Prefix
+        path: "/PrefixEcho1/aa"
+        backend:
+          service:
+            name: tls-test
+            port:
+              number: 80
+  - host: "foo.bar.com"
+    http:
+      paths:
+      - pathType: Prefix
+        path: "/ExactEcho1"
+        backend:
+          service:
+            name: tls-test
+            port:
+              number: 90
+  - http:
+      paths:
+      - pathType: Prefix
+        path: "/PrefixEcho1"
+        backend:
+          service:
+            name: tls-test
+            port:
+              number: 100