fix(Traefik Proxy): missing IgnoreIngressRulesSpec check

source/store.go

@@ -305,7 +305,7 @@ func BuildWithConfig(ctx context.Context, source string, p ClientGenerator, cfg
 		if err != nil {
 			return nil, err
 		}
-		return NewTraefikSource(ctx, dynamicClient, kubernetesClient, cfg.Namespace, cfg.AnnotationFilter, cfg.IgnoreHostnameAnnotation, cfg.TraefikDisableLegacy, cfg.TraefikDisableNew)
+		return NewTraefikSource(ctx, dynamicClient, kubernetesClient, cfg.Namespace, cfg.AnnotationFilter, cfg.IgnoreHostnameAnnotation, cfg.IgnoreIngressRulesSpec, cfg.TraefikDisableLegacy, cfg.TraefikDisableNew)
 	case "openshift-route":
 		ocpClient, err := p.OpenShiftClient()
 		if err != nil {

source/traefik_proxy.go

@@ -81,6 +81,7 @@ var (
 type traefikSource struct {
 	annotationFilter           string
 	ignoreHostnameAnnotation   bool
+	ignoreIngressRouteSpec     bool
 	dynamicKubeClient          dynamic.Interface
 	ingressRouteInformer       informers.GenericInformer
 	ingressRouteTcpInformer    informers.GenericInformer
@@ -93,7 +94,7 @@ type traefikSource struct {
 	unstructuredConverter      *unstructuredConverter
 }
 
-func NewTraefikSource(ctx context.Context, dynamicKubeClient dynamic.Interface, kubeClient kubernetes.Interface, namespace string, annotationFilter string, ignoreHostnameAnnotation bool, disableLegacy bool, disableNew bool) (Source, error) {
+func NewTraefikSource(ctx context.Context, dynamicKubeClient dynamic.Interface, kubeClient kubernetes.Interface, namespace string, annotationFilter string, ignoreHostnameAnnotation bool, ignoreIngressRouteSpec bool, disableLegacy bool, disableNew bool) (Source, error) {
 	// Use shared informer to listen for add/update/delete of Host in the specified namespace.
 	// Set resync period to 0, to prevent processing when nothing has changed.
 	informerFactory := dynamicinformer.NewFilteredDynamicSharedInformerFactory(dynamicKubeClient, 0, namespace, nil)
@@ -157,6 +158,7 @@ func NewTraefikSource(ctx context.Context, dynamicKubeClient dynamic.Interface,
 	return &traefikSource{
 		annotationFilter:           annotationFilter,
 		ignoreHostnameAnnotation:   ignoreHostnameAnnotation,
+		ignoreIngressRouteSpec:     ignoreIngressRouteSpec,
 		dynamicKubeClient:          dynamicKubeClient,
 		ingressRouteInformer:       ingressRouteInformer,
 		ingressRouteTcpInformer:    ingressRouteTcpInformer,
@@ -679,17 +681,19 @@ func (ts *traefikSource) endpointsFromIngressRoute(ingressRoute *IngressRoute, t
 		}
 	}
 
-	for _, route := range ingressRoute.Spec.Routes {
-		match := route.Match
+	if !ts.ignoreIngressRouteSpec {
+		for _, route := range ingressRoute.Spec.Routes {
+			match := route.Match
 
-		for _, hostEntry := range traefikHostExtractor.FindAllString(match, -1) {
-			for _, host := range traefikValueProcessor.FindAllString(hostEntry, -1) {
-				host = strings.TrimPrefix(host, "`")
-				host = strings.TrimSuffix(host, "`")
+			for _, hostEntry := range traefikHostExtractor.FindAllString(match, -1) {
+				for _, host := range traefikValueProcessor.FindAllString(hostEntry, -1) {
+					host = strings.TrimPrefix(host, "`")
+					host = strings.TrimSuffix(host, "`")
 
-				// Checking for host = * is required, as Host(`*`) can be set
-				if host != "*" && host != "" {
-					endpoints = append(endpoints, endpointsForHostname(host, targets, ttl, providerSpecific, setIdentifier, resource)...)
+					// Checking for host = * is required, as Host(`*`) can be set
+					if host != "*" && host != "" {
+						endpoints = append(endpoints, endpointsForHostname(host, targets, ttl, providerSpecific, setIdentifier, resource)...)
+					}
 				}
 			}
 		}
@@ -715,18 +719,20 @@ func (ts *traefikSource) endpointsFromIngressRouteTCP(ingressRoute *IngressRoute
 		}
 	}
 
-	for _, route := range ingressRoute.Spec.Routes {
-		match := route.Match
+	if !ts.ignoreIngressRouteSpec {
+		for _, route := range ingressRoute.Spec.Routes {
+			match := route.Match
 
-		for _, hostEntry := range traefikHostExtractor.FindAllString(match, -1) {
-			for _, host := range traefikValueProcessor.FindAllString(hostEntry, -1) {
-				host = strings.TrimPrefix(host, "`")
-				host = strings.TrimSuffix(host, "`")
+			for _, hostEntry := range traefikHostExtractor.FindAllString(match, -1) {
+				for _, host := range traefikValueProcessor.FindAllString(hostEntry, -1) {
+					host = strings.TrimPrefix(host, "`")
+					host = strings.TrimSuffix(host, "`")
 
-				// Checking for host = * is required, as HostSNI(`*`) can be set
-				// in the case of TLS passthrough
-				if host != "*" && host != "" {
-					endpoints = append(endpoints, endpointsForHostname(host, targets, ttl, providerSpecific, setIdentifier, resource)...)
+					// Checking for host = * is required, as HostSNI(`*`) can be set
+					// in the case of TLS passthrough
+					if host != "*" && host != "" {
+						endpoints = append(endpoints, endpointsForHostname(host, targets, ttl, providerSpecific, setIdentifier, resource)...)
+					}
 				}
 			}
 		}

source/traefik_proxy_test.go

@@ -43,6 +43,7 @@ func TestTraefikProxyIngressRouteEndpoints(t *testing.T) {
 		title                    string
 		ingressRoute             IngressRoute
 		ignoreHostnameAnnotation bool
+		ignoreIngressRouteSpec   bool
 		expected                 []*endpoint.Endpoint
 	}{
 		{
@@ -323,6 +324,44 @@ func TestTraefikProxyIngressRouteEndpoints(t *testing.T) {
 			},
 			expected: nil,
 		},
+		{
+			title: "IngressRoute ignoring host rules",
+			ingressRoute: IngressRoute{
+				TypeMeta: metav1.TypeMeta{
+					APIVersion: ingressrouteGVR.GroupVersion().String(),
+					Kind:       "IngressRoute",
+				},
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "ingressroute-multi-host-annotations-match",
+					Namespace: defaultTraefikNamespace,
+					Annotations: map[string]string{
+						"external-dns.alpha.kubernetes.io/hostname": "f.example.com",
+						"external-dns.alpha.kubernetes.io/target":   "target.domain.tld",
+						"kubernetes.io/ingress.class":               "traefik",
+					},
+				},
+				Spec: traefikIngressRouteSpec{
+					Routes: []traefikRoute{
+						{
+							Match: "Host(`g.example.com`, `h.example.com`)",
+						},
+					},
+				},
+			},
+			ignoreIngressRouteSpec: true,
+			expected: []*endpoint.Endpoint{
+				{
+					DNSName:    "f.example.com",
+					Targets:    []string{"target.domain.tld"},
+					RecordType: endpoint.RecordTypeCNAME,
+					RecordTTL:  0,
+					Labels: endpoint.Labels{
+						"resource": "ingressroute/traefik/ingressroute-multi-host-annotations-match",
+					},
+					ProviderSpecific: endpoint.ProviderSpecific{},
+				},
+			},
+		},
 	} {
 		ti := ti
 		t.Run(ti.title, func(t *testing.T) {
@@ -349,7 +388,7 @@ func TestTraefikProxyIngressRouteEndpoints(t *testing.T) {
 			_, err = fakeDynamicClient.Resource(ingressrouteGVR).Namespace(defaultTraefikNamespace).Create(context.Background(), &ir, metav1.CreateOptions{})
 			assert.NoError(t, err)
 
-			source, err := NewTraefikSource(context.TODO(), fakeDynamicClient, fakeKubernetesClient, defaultTraefikNamespace, "kubernetes.io/ingress.class=traefik", ti.ignoreHostnameAnnotation, false, false)
+			source, err := NewTraefikSource(context.TODO(), fakeDynamicClient, fakeKubernetesClient, defaultTraefikNamespace, "kubernetes.io/ingress.class=traefik", ti.ignoreHostnameAnnotation, ti.ignoreIngressRouteSpec, false, false)
 			assert.NoError(t, err)
 			assert.NotNil(t, source)
 
@@ -373,6 +412,7 @@ func TestTraefikProxyIngressRouteTCPEndpoints(t *testing.T) {
 		title                    string
 		ingressRouteTCP          IngressRouteTCP
 		ignoreHostnameAnnotation bool
+		ignoreIngressRouteSpec   bool
 		expected                 []*endpoint.Endpoint
 	}{
 		{
@@ -617,6 +657,44 @@ func TestTraefikProxyIngressRouteTCPEndpoints(t *testing.T) {
 			},
 			expected: nil,
 		},
+		{
+			title: "IngressRouteTCP ignoring IngressRouteTCP",
+			ingressRouteTCP: IngressRouteTCP{
+				TypeMeta: metav1.TypeMeta{
+					APIVersion: ingressrouteTCPGVR.GroupVersion().String(),
+					Kind:       "IngressRouteTCP",
+				},
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "ingressroutetcp-multi-host-annotations-match",
+					Namespace: defaultTraefikNamespace,
+					Annotations: map[string]string{
+						"external-dns.alpha.kubernetes.io/hostname": "f.example.com",
+						"external-dns.alpha.kubernetes.io/target":   "target.domain.tld",
+						"kubernetes.io/ingress.class":               "traefik",
+					},
+				},
+				Spec: traefikIngressRouteTCPSpec{
+					Routes: []traefikRouteTCP{
+						{
+							Match: "HostSNI(`g.example.com`, `h.example.com`)",
+						},
+					},
+				},
+			},
+			ignoreIngressRouteSpec: true,
+			expected: []*endpoint.Endpoint{
+				{
+					DNSName:    "f.example.com",
+					Targets:    []string{"target.domain.tld"},
+					RecordType: endpoint.RecordTypeCNAME,
+					RecordTTL:  0,
+					Labels: endpoint.Labels{
+						"resource": "ingressroutetcp/traefik/ingressroutetcp-multi-host-annotations-match",
+					},
+					ProviderSpecific: endpoint.ProviderSpecific{},
+				},
+			},
+		},
 	} {
 		ti := ti
 		t.Run(ti.title, func(t *testing.T) {
@@ -643,7 +721,7 @@ func TestTraefikProxyIngressRouteTCPEndpoints(t *testing.T) {
 			_, err = fakeDynamicClient.Resource(ingressrouteTCPGVR).Namespace(defaultTraefikNamespace).Create(context.Background(), &ir, metav1.CreateOptions{})
 			assert.NoError(t, err)
 
-			source, err := NewTraefikSource(context.TODO(), fakeDynamicClient, fakeKubernetesClient, defaultTraefikNamespace, "kubernetes.io/ingress.class=traefik", ti.ignoreHostnameAnnotation, false, false)
+			source, err := NewTraefikSource(context.TODO(), fakeDynamicClient, fakeKubernetesClient, defaultTraefikNamespace, "kubernetes.io/ingress.class=traefik", ti.ignoreHostnameAnnotation, ti.ignoreIngressRouteSpec, false, false)
 			assert.NoError(t, err)
 			assert.NotNil(t, source)
 
@@ -667,6 +745,7 @@ func TestTraefikProxyIngressRouteUDPEndpoints(t *testing.T) {
 		title                    string
 		ingressRouteUDP          IngressRouteUDP
 		ignoreHostnameAnnotation bool
+		ignoreIngressRouteSpec   bool
 		expected                 []*endpoint.Endpoint
 	}{
 		{
@@ -785,7 +864,7 @@ func TestTraefikProxyIngressRouteUDPEndpoints(t *testing.T) {
 			_, err = fakeDynamicClient.Resource(ingressrouteUDPGVR).Namespace(defaultTraefikNamespace).Create(context.Background(), &ir, metav1.CreateOptions{})
 			assert.NoError(t, err)
 
-			source, err := NewTraefikSource(context.TODO(), fakeDynamicClient, fakeKubernetesClient, defaultTraefikNamespace, "kubernetes.io/ingress.class=traefik", ti.ignoreHostnameAnnotation, false, false)
+			source, err := NewTraefikSource(context.TODO(), fakeDynamicClient, fakeKubernetesClient, defaultTraefikNamespace, "kubernetes.io/ingress.class=traefik", ti.ignoreHostnameAnnotation, ti.ignoreIngressRouteSpec, false, false)
 			assert.NoError(t, err)
 			assert.NotNil(t, source)
 
@@ -809,6 +888,7 @@ func TestTraefikProxyOldIngressRouteEndpoints(t *testing.T) {
 		title                    string
 		ingressRoute             IngressRoute
 		ignoreHostnameAnnotation bool
+		ignoreIngressRouteSpec   bool
 		expected                 []*endpoint.Endpoint
 	}{
 		{
@@ -1089,6 +1169,44 @@ func TestTraefikProxyOldIngressRouteEndpoints(t *testing.T) {
 			},
 			expected: nil,
 		},
+		{
+			title: "IngressRoute ignoring IngressRouteSpec",
+			ingressRoute: IngressRoute{
+				TypeMeta: metav1.TypeMeta{
+					APIVersion: oldIngressrouteGVR.GroupVersion().String(),
+					Kind:       "IngressRoute",
+				},
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "ingressroute-multi-host-annotations-match",
+					Namespace: defaultTraefikNamespace,
+					Annotations: map[string]string{
+						"external-dns.alpha.kubernetes.io/hostname": "f.example.com",
+						"external-dns.alpha.kubernetes.io/target":   "target.domain.tld",
+						"kubernetes.io/ingress.class":               "traefik",
+					},
+				},
+				Spec: traefikIngressRouteSpec{
+					Routes: []traefikRoute{
+						{
+							Match: "Host(`g.example.com`, `h.example.com`)",
+						},
+					},
+				},
+			},
+			ignoreIngressRouteSpec: true,
+			expected: []*endpoint.Endpoint{
+				{
+					DNSName:    "f.example.com",
+					Targets:    []string{"target.domain.tld"},
+					RecordType: endpoint.RecordTypeCNAME,
+					RecordTTL:  0,
+					Labels: endpoint.Labels{
+						"resource": "ingressroute/traefik/ingressroute-multi-host-annotations-match",
+					},
+					ProviderSpecific: endpoint.ProviderSpecific{},
+				},
+			},
+		},
 	} {
 		ti := ti
 		t.Run(ti.title, func(t *testing.T) {
@@ -1115,7 +1233,7 @@ func TestTraefikProxyOldIngressRouteEndpoints(t *testing.T) {
 			_, err = fakeDynamicClient.Resource(oldIngressrouteGVR).Namespace(defaultTraefikNamespace).Create(context.Background(), &ir, metav1.CreateOptions{})
 			assert.NoError(t, err)
 
-			source, err := NewTraefikSource(context.TODO(), fakeDynamicClient, fakeKubernetesClient, defaultTraefikNamespace, "kubernetes.io/ingress.class=traefik", ti.ignoreHostnameAnnotation, false, false)
+			source, err := NewTraefikSource(context.TODO(), fakeDynamicClient, fakeKubernetesClient, defaultTraefikNamespace, "kubernetes.io/ingress.class=traefik", ti.ignoreHostnameAnnotation, ti.ignoreIngressRouteSpec, false, false)
 			assert.NoError(t, err)
 			assert.NotNil(t, source)
 
@@ -1139,6 +1257,7 @@ func TestTraefikProxyOldIngressRouteTCPEndpoints(t *testing.T) {
 		title                    string
 		ingressRouteTCP          IngressRouteTCP
 		ignoreHostnameAnnotation bool
+		ignoreIngressRouteSpec   bool
 		expected                 []*endpoint.Endpoint
 	}{
 		{
@@ -1382,6 +1501,43 @@ func TestTraefikProxyOldIngressRouteTCPEndpoints(t *testing.T) {
 				},
 			},
 			expected: nil,
+		}, {
+			title: "IngressRouteTCP ignoring IngressRouteSpec",
+			ingressRouteTCP: IngressRouteTCP{
+				TypeMeta: metav1.TypeMeta{
+					APIVersion: oldIngressrouteTCPGVR.GroupVersion().String(),
+					Kind:       "IngressRouteTCP",
+				},
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "ingressroutetcp-multi-host-annotations-match",
+					Namespace: defaultTraefikNamespace,
+					Annotations: map[string]string{
+						"external-dns.alpha.kubernetes.io/hostname": "f.example.com",
+						"external-dns.alpha.kubernetes.io/target":   "target.domain.tld",
+						"kubernetes.io/ingress.class":               "traefik",
+					},
+				},
+				Spec: traefikIngressRouteTCPSpec{
+					Routes: []traefikRouteTCP{
+						{
+							Match: "HostSNI(`g.example.com`, `h.example.com`)",
+						},
+					},
+				},
+			},
+			ignoreIngressRouteSpec: true,
+			expected: []*endpoint.Endpoint{
+				{
+					DNSName:    "f.example.com",
+					Targets:    []string{"target.domain.tld"},
+					RecordType: endpoint.RecordTypeCNAME,
+					RecordTTL:  0,
+					Labels: endpoint.Labels{
+						"resource": "ingressroutetcp/traefik/ingressroutetcp-multi-host-annotations-match",
+					},
+					ProviderSpecific: endpoint.ProviderSpecific{},
+				},
+			},
 		},
 	} {
 		ti := ti
@@ -1409,7 +1565,7 @@ func TestTraefikProxyOldIngressRouteTCPEndpoints(t *testing.T) {
 			_, err = fakeDynamicClient.Resource(oldIngressrouteTCPGVR).Namespace(defaultTraefikNamespace).Create(context.Background(), &ir, metav1.CreateOptions{})
 			assert.NoError(t, err)
 
-			source, err := NewTraefikSource(context.TODO(), fakeDynamicClient, fakeKubernetesClient, defaultTraefikNamespace, "kubernetes.io/ingress.class=traefik", ti.ignoreHostnameAnnotation, false, false)
+			source, err := NewTraefikSource(context.TODO(), fakeDynamicClient, fakeKubernetesClient, defaultTraefikNamespace, "kubernetes.io/ingress.class=traefik", ti.ignoreHostnameAnnotation, ti.ignoreIngressRouteSpec, false, false)
 			assert.NoError(t, err)
 			assert.NotNil(t, source)
 
@@ -1433,6 +1589,7 @@ func TestTraefikProxyOldIngressRouteUDPEndpoints(t *testing.T) {
 		title                    string
 		ingressRouteUDP          IngressRouteUDP
 		ignoreHostnameAnnotation bool
+		ignoreIngressRouteSpec   bool
 		expected                 []*endpoint.Endpoint
 	}{
 		{
@@ -1551,7 +1708,7 @@ func TestTraefikProxyOldIngressRouteUDPEndpoints(t *testing.T) {
 			_, err = fakeDynamicClient.Resource(oldIngressrouteUDPGVR).Namespace(defaultTraefikNamespace).Create(context.Background(), &ir, metav1.CreateOptions{})
 			assert.NoError(t, err)
 
-			source, err := NewTraefikSource(context.TODO(), fakeDynamicClient, fakeKubernetesClient, defaultTraefikNamespace, "kubernetes.io/ingress.class=traefik", ti.ignoreHostnameAnnotation, false, false)
+			source, err := NewTraefikSource(context.TODO(), fakeDynamicClient, fakeKubernetesClient, defaultTraefikNamespace, "kubernetes.io/ingress.class=traefik", ti.ignoreHostnameAnnotation, ti.ignoreIngressRouteSpec, false, false)
 			assert.NoError(t, err)
 			assert.NotNil(t, source)
 
@@ -1576,6 +1733,7 @@ func TestTraefikAPIGroupDisableFlags(t *testing.T) {
 		ingressRoute             IngressRoute
 		gvr                      schema.GroupVersionResource
 		ignoreHostnameAnnotation bool
+		ignoreIngressRouteSpec   bool
 		disableLegacy            bool
 		disableNew               bool
 		expected                 []*endpoint.Endpoint
@@ -1714,7 +1872,7 @@ func TestTraefikAPIGroupDisableFlags(t *testing.T) {
 			_, err = fakeDynamicClient.Resource(ti.gvr).Namespace(defaultTraefikNamespace).Create(context.Background(), &ir, metav1.CreateOptions{})
 			assert.NoError(t, err)
 
-			source, err := NewTraefikSource(context.TODO(), fakeDynamicClient, fakeKubernetesClient, defaultTraefikNamespace, "kubernetes.io/ingress.class=traefik", ti.ignoreHostnameAnnotation, ti.disableLegacy, ti.disableNew)
+			source, err := NewTraefikSource(context.TODO(), fakeDynamicClient, fakeKubernetesClient, defaultTraefikNamespace, "kubernetes.io/ingress.class=traefik", ti.ignoreHostnameAnnotation, ti.ignoreIngressRouteSpec, ti.disableLegacy, ti.disableNew)
 			assert.NoError(t, err)
 			assert.NotNil(t, source)