Add IngressLink support

Author: Dean-Coakley

deploy/crds/k8s.nginx.org_nginxingresscontrollers_crd.yaml

@@ -84,11 +84,6 @@ spec:
               description: Enable TLS Passthrough on port 443. Requires enableCRDs
                 set to true.
               type: boolean
-            extraLabels:
-              additionalProperties:
-                type: string
-              description: Specifies extra labels of the service.
-              type: object
             globalConfiguration:
               description: The GlobalConfiguration resource for global configuration
                 of the Ingress Controller. Format is namespace/name. Requires enableCRDs
@@ -212,12 +207,28 @@ spec:
                   description: 'Specifies the name of the service with the type LoadBalancer
                     through which the Ingress controller pods are exposed externally.
                     The external address of the service is used when reporting the
-                    status of Ingress resources. Note: Only if ServiceType is different
-                    than LoadBalancer.'
+                    status of Ingress resources. Note: Only if serviceType is NodePort.'
+                  type: string
+                ingressLink:
+                  description: 'Specifies the name of the IngressLink resource, which
+                    exposes the Ingress Controller pods via a BIG-IP system. The IP
+                    of the BIG-IP system is used when reporting the status of Ingress,
+                    VirtualServer and VirtualServerRoute resources. Requires reportIngressStatus.enable
+                    set to true. Note: Only if serviceType is NodePort and reportIngressStatus.externalService
+                    is not set.'
                   type: string
               required:
               - enable
               type: object
+            service:
+              description: The service of the Ingress controller.
+              properties:
+                extraLabels:
+                  additionalProperties:
+                    type: string
+                  description: Specifies extra labels of the service.
+                  type: object
+              type: object
             serviceType:
               description: 'The type of the Service for the Ingress Controller. Valid
                 Service types are: NodePort and LoadBalancer.'

docs/nginx-ingress-controller.md

@@ -85,6 +85,7 @@ spec:
 | `enableCRDs` | `boolean` | Enables the use of NGINX Ingress Resource Definitions (VirtualServer and VirtualServerRoute). | No |
 | `enableSnippets` | `boolean` | Enable custom NGINX configuration snippets in VirtualServer and VirtualServerRoute resources. Requires enableCRDs set to true. | No |
 | `ingressClass` | `string` | A class of the Ingress controller. For Kubernetes >= 1.18, the Ingress controller only processes resources that belong to its class - i.e. have the "ingressClassName" field resource equal to the class. Additionally the Ingress Controller processes all the VirtualServer/VirtualServerRoute resources that do not have the "ingressClassName" field. For Kubernetes < 1.18, the Ingress Controller only processes resources that belong to its class - i.e have the annotation "kubernetes.io/ingress.class" (for Ingress resources) or field "ingressClassName" (for VirtualServer/VirtualServerRoute resources) equal to the class. Additionally, the Ingress Controller processes resources that do not have the class set, which can be disabled by setting `useIngressClassOnly` to `true`. Default is `nginx`. | No |
+| `service` | [service](#nginxingresscontrollerservice) | The service of the Ingress Controller. | No |
 | `useIngressClassOnly` | `boolean` | Ignore Ingress resources without the `"kubernetes.io/ingress.class"` annotation. For kubernetes versions >= 1.18 this flag will be IGNORED. | No |
 | `watchNamespace` | `boolean` | Namespace to watch for Ingress resources. By default the Ingress controller watches all namespaces. | No |
 | `healthStatus` | [healthStatus](#nginxingresscontrollerhealthstatus) | Adds a new location to the default server. The location responds with the 200 status code for any request. Useful for external health-checking of the Ingress Controller. | No |
@@ -124,12 +125,19 @@ spec:
 | `port` | `int` | Set the port where the NGINX stub_status or the NGINX Plus API is exposed. Default is `8080`. Format is `1023 - 65535` | No |
 | `allowCidrs` | `string` | Whitelist IPv4 IP/CIDR blocks to allow access to NGINX stub_status or the NGINX Plus API. Separate multiple IP/CIDR by commas. (default `127.0.0.1`) | No |
 
+## NginxIngressController.Service
+
+| Field | Type | Description | Required |
+| --- | --- | --- | --- |
+| `extraLabels` | `map[string]string` | Specifies extra labels of the service. | No |
+
 ## NginxIngressController.ReportIngressStatus
 
 | Field | Type | Description | Required |
 | --- | --- | --- | --- |
 | `enable` | `boolean` | Enable reporting of the Ingress status. | Yes |
-| `externalService` | `string` | Specifies the name of the service with the type LoadBalancer through which the Ingress controller pods are exposed externally. The external address of the service is used when reporting the status of Ingress resources. Note: Only if ServiceType is different than LoadBalancer. | No |
+| `externalService` | `string` | Specifies the name of the service with the type LoadBalancer through which the Ingress controller pods are exposed externally. The external address of the service is used when reporting the status of Ingress resources. Note: Only if ServiceType is `NodePort`. | No |
+| `ingressLink` | `string` | Specifies the name of the IngressLink resource, which exposes the Ingress Controller pods via a BIG-IP system. The IP of the BIG-IP system is used when reporting the status of Ingress, VirtualServer and VirtualServerRoute resources. Requires `reportIngressStatus.enable` set to `true`. Note: Only if ServiceType is `NodePort` and externalService is not set. | No |
 
 ## NginxIngressController.Prometheus
 

pkg/apis/k8s/v1alpha1/nginxingresscontroller_types.go

@@ -45,18 +45,17 @@ type NginxIngressControllerSpec struct {
 	// +kubebuilder:validation:Optional
 	// +operator-sdk:gen-csv:customresourcedefinitions.specDescriptors=true
 	EnablePreviewPolicies bool `json:"enablePreviewPolicies"`
-	// +kubebuilder:validation:Optional
 	// A class of the Ingress controller. The Ingress controller only processes Ingress resources that belong to its
 	// class (in other words, have the annotation “kubernetes.io/ingress.class”).
 	// Additionally, the Ingress controller processes Ingress resources that do not have that annotation,
 	// which can be disabled by setting UseIngressClassOnly to true. Default is `nginx`.
 	// +kubebuilder:validation:Optional
 	// +operator-sdk:gen-csv:customresourcedefinitions.specDescriptors=true
 	IngressClass string `json:"ingressClass"`
-	// Specifies extra labels of the service.
+	// The service of the Ingress controller.
 	// +kubebuilder:validation:Optional
 	// +operator-sdk:gen-csv:customresourcedefinitions.specDescriptors=true
-	ExtraLabels map[string]string `json:"extraLabels,omitempty"`
+	Service *Service `json:"service"`
 	// Ignore Ingress resources without the “kubernetes.io/ingress.class” annotation.
 	// +kubebuilder:validation:Optional
 	// +operator-sdk:gen-csv:customresourcedefinitions.specDescriptors=true
@@ -189,9 +188,16 @@ type ReportIngressStatus struct {
 	Enable bool `json:"enable"`
 	// Specifies the name of the service with the type LoadBalancer through which the Ingress controller pods are exposed externally.
 	// The external address of the service is used when reporting the status of Ingress resources.
-	// Note: Only if ServiceType is different than LoadBalancer.
+	// Note: Only if serviceType is NodePort.
 	// +kubebuilder:validation:Optional
 	ExternalService string `json:"externalService"`
+	// Specifies the name of the IngressLink resource, which exposes the Ingress Controller pods via a BIG-IP system.
+	// The IP of the BIG-IP system is used when reporting the status of Ingress, VirtualServer and VirtualServerRoute resources.
+	// Requires reportIngressStatus.enable set to true.
+	// Note: Only if serviceType is NodePort and reportIngressStatus.externalService is not set.
+	// +kubebuilder:validation:Optional
+	// +operator-sdk:gen-csv:customresourcedefinitions.specDescriptors=true
+	IngressLink string `json:"ingressLink,omitempty"`
 }
 
 // Prometheus defines the Prometheus metrics for the Ingress Controller.
@@ -207,12 +213,19 @@ type Prometheus struct {
 	Port *uint16 `json:"port"`
 }
 
-// App Protect support configuration.
+// AppProtect support configuration.
 type AppProtect struct {
 	// Enable App Protect.
 	Enable bool `json:"enable"`
 }
 
+// Service defines the Service for the Ingress Controller.
+type Service struct {
+	// Specifies extra labels of the service.
+	// +kubebuilder:validation:Optional
+	ExtraLabels map[string]string `json:"extraLabels,omitempty"`
+}
+
 // NginxIngressControllerStatus defines the observed state of NginxIngressController
 type NginxIngressControllerStatus struct {
 	// Deployed is true if the Operator has finished the deployment of the NginxIngressController.

pkg/apis/k8s/v1alpha1/zz_generated.deepcopy.go

@@ -12,7 +12,7 @@ func serviceForNginxIngressController(instance *k8sv1alpha1.NginxIngressControll
 		ObjectMeta: v1.ObjectMeta{
 			Name:      instance.Name,
 			Namespace: instance.Namespace,
-			Labels:    instance.Spec.ExtraLabels,
+			Labels:    instance.Spec.Service.ExtraLabels,
 		},
 		Spec: corev1.ServiceSpec{
 			Ports: []corev1.ServicePort{

pkg/controller/nginxingresscontroller/service.go

@@ -24,7 +24,9 @@ func TestServiceForNginxIngressController(t *testing.T) {
 		},
 		Spec: k8sv1alpha1.NginxIngressControllerSpec{
 			ServiceType: serviceType,
-			ExtraLabels: extraLabels,
+			Service: &k8sv1alpha1.Service{
+				ExtraLabels: extraLabels,
+			},
 		},
 	}
 	expected := &corev1.Service{

pkg/controller/nginxingresscontroller/service_test.go

@@ -90,6 +90,8 @@ func generatePodArgs(instance *k8sv1alpha1.NginxIngressController) []string {
 			args = append(args, fmt.Sprintf("-external-service=%v", instance.Spec.ReportIngressStatus.ExternalService))
 		} else if instance.Spec.ServiceType == "LoadBalancer" {
 			args = append(args, fmt.Sprintf("-external-service=%v", instance.Name))
+		} else if instance.Spec.ReportIngressStatus.IngressLink != "" {
+			args = append(args, fmt.Sprintf("-ingresslink=%v", instance.Spec.ReportIngressStatus.IngressLink))
 		}
 	}
 

pkg/controller/nginxingresscontroller/utils.go

@@ -111,9 +111,35 @@ func TestGeneratePodArgs(t *testing.T) {
 					Namespace: namespace,
 				},
 				Spec: k8sv1alpha1.NginxIngressControllerSpec{
-					DefaultSecret:       "my-nginx-ingress/my-secret",
-					ServiceType:         "LoadBalancer",
-					ReportIngressStatus: &k8sv1alpha1.ReportIngressStatus{Enable: true},
+					DefaultSecret: "my-nginx-ingress/my-secret",
+					ServiceType:   "NodePort",
+					ReportIngressStatus: &k8sv1alpha1.ReportIngressStatus{
+						Enable:      true,
+						IngressLink: "my-ingresslink",
+					},
+				},
+			},
+			expected: []string{
+				"-nginx-configmaps=my-nginx-ingress/my-nginx-ingress",
+				"-default-server-tls-secret=my-nginx-ingress/my-secret",
+				"-enable-custom-resources=false",
+				"-report-ingress-status",
+				"-ingresslink=my-ingresslink",
+			},
+		},
+		{
+			instance: &k8sv1alpha1.NginxIngressController{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      name,
+					Namespace: namespace,
+				},
+				Spec: k8sv1alpha1.NginxIngressControllerSpec{
+					DefaultSecret: "my-nginx-ingress/my-secret",
+					ServiceType:   "LoadBalancer",
+					ReportIngressStatus: &k8sv1alpha1.ReportIngressStatus{
+						Enable:      true,
+						IngressLink: "my-invalid-ingresslink",
+					},
 				},
 			},
 			expected: []string{
@@ -173,6 +199,7 @@ func TestGeneratePodArgs(t *testing.T) {
 					ReportIngressStatus: &k8sv1alpha1.ReportIngressStatus{
 						Enable:          true,
 						ExternalService: "external",
+						IngressLink:     "my-invalid-ingressLink",
 					},
 					EnableLeaderElection: true,
 					WildcardTLS:          "my-nginx-ingress/wildcard-secret",