Skip to content

support disabling admission-webhook for creating duplicates #10090

New issue
New issue
Closed
#10943
#10091
Closed
support disabling admission-webhook for creating duplicates#10090
#10943
#10091
Assignees
tao12345666333
Labels
needs-kindIndicates a PR lacks a `kind/foo` label and requires one.needs-prioritytriage/needs-informationIndicates an issue needs more information in order to work on it.
@ailurarctos

Description

@ailurarctos
ailurarctos
opened on Jun 16, 2023

What happened:

I created the following three ingress resources in the listed order with a small wait in between each apply so that they each have a different creationTimestamp:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ingress-1
spec:
  ingressClassName: nginx
  rules:
  - host: example
    http:
      paths:
      - path: /a
        pathType: Exact
        backend:
          service:
            name: service-1
            port:
              number: 80
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ingress-2
spec:
  ingressClassName: nginx
  rules:
  - host: example
    http:
      paths:
      - path: /a
        pathType: Prefix
        backend:
          service:
            name: service-2
            port:
              number: 80
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ingress-3
spec:
  ingressClassName: nginx
  rules:
  - host: example
    http:
      paths:
      - path: /a
        pathType: Prefix
        backend:
          service:
            name: service-3
            port:
              number: 80

This caused the ingress controller to generate an invalid NGINX configuration:

nginx: [emerg] duplicate location "/a/" in /tmp/nginx/nginx-cfg2287376726:693
nginx: configuration file /tmp/nginx/nginx-cfg2287376726 test failed

What you expected to happen:

I expected ingress-3 to be ignored as it is older than ingress-2 and has the same path and pathType. This is documented in https://kubernetes.github.io/ingress-nginx/how-it-works/#building-the-nginx-model:

  • If the same path for the same host is defined in more than one Ingress, the oldest rule wins.

NGINX Ingress controller version (exec into the pod and run nginx-ingress-controller --version.):

% kubectl -ningress-nginx exec deployment/ingress-nginx-controller -ccontroller -- /nginx-ingress-controller --version
-------------------------------------------------------------------------------
NGINX Ingress controller
  Release:       v1.8.0
  Build:         35f5082ee7f211555aaff431d7c4423c17f8ce9e
  Repository:    https://github.com/kubernetes/ingress-nginx
  nginx version: nginx/1.21.6

-------------------------------------------------------------------------------

Kubernetes version (use kubectl version):

WARNING: This version information is deprecated and will be replaced with the output from kubectl version --short.  Use --output=yaml|json to get the full version.
Client Version: version.Info{Major:"1", Minor:"27", GitVersion:"v1.27.3", GitCommit:"25b4e43193bcda6c7328a6d147b1fb73a33f1598", GitTreeState:"clean", BuildDate:"2023-06-14T09:53:42Z", GoVersion:"go1.20.5", Compiler:"gc", Platform:"darwin/amd64"}
Kustomize Version: v5.0.1
Server Version: version.Info{Major:"1", Minor:"27", GitVersion:"v1.27.3", GitCommit:"25b4e43193bcda6c7328a6d147b1fb73a33f1598", GitTreeState:"clean", BuildDate:"2023-06-15T00:36:28Z", GoVersion:"go1.20.5", Compiler:"gc", Platform:"linux/amd64"}

Environment:

I created a local environment to reproduce this issue as follows:

kind create cluster --name=ingress-nginx
kind export kubeconfig --name=ingress-nginx
kubectl config use-context kind-ingress-nginx
helm \
  upgrade --install ingress-nginx ingress-nginx \
  --repo=https://kubernetes.github.io/ingress-nginx --namespace=ingress-nginx \
  --create-namespace --set=controller.admissionWebhooks.enabled=false

Note that the admission webhook is disabled as it does not allow for identical paths. Identical paths can be useful when doing a migration from one ingress to another.

Here is the kind version:

% kind version
kind v0.20.0 go1.20.4 darwin/amd64

Here is the helm version:

% helm version
version.BuildInfo{Version:"v3.12.1", GitCommit:"f32a527a060157990e2aa86bf45010dfb3cc8b8d", GitTreeState:"clean", GoVersion:"go1.20.4"}

How to reproduce this issue:

  1. The script in Environment describes how to create the kind cluster and install ingress-nginx.
  2. Create the ingress resources listed in What happened with a minimum 1-second wait between creating each to ensure they have a different timestamp.
  3. Get the logs from nginx-ingress (kubectl -ningress-nginx logs deployment/ingress-nginx-controller).

You will see it is generating an invalid NGINX config:

nginx: [emerg] duplicate location "/a/" in /tmp/nginx/nginx-cfg1037078429:693
nginx: configuration file /tmp/nginx/nginx-cfg1037078429 test failed

Anything else we need to know:

The issue is here. The code stops looking for duplicates once it sees a different path type with the same path.

Metadata

Metadata

Assignees

Labels

needs-kindIndicates a PR lacks a `kind/foo` label and requires one.needs-prioritytriage/needs-informationIndicates an issue needs more information in order to work on it.

Type

No type

Projects

[SIG Network] Ingress NGINX

  • Status

    Done

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions