Adds CustomHTTPErrors ingress annotation and test #3344
Conversation
k8s-ci-robot
added
cncf-cla: yes
jasongwartz
force-pushed
the
jg-customerrors-per-ingress
branch
2 times, most recently
from
508878a to
ed56533
Compare
internal/ingress/types.go
Outdated
| @@ -148,6 +148,8 @@ type Server struct { | |||
| SSLCiphers string `json:"sslCiphers,omitempty"` | |||
| // AuthTLSError contains the reason why the access to a server should be denied | |||
| AuthTLSError string `json:"authTLSError,omitempty"` | |||
| // AllCustomHTTPErrors contains an array of custom error codes for all locations | |||
| AllCustomHTTPErrors []int `json:allCustomHTTPErrors,omitempty` | |||
There was a problem hiding this comment.
Is this really necessary? A server has locations you can access when rendering at https://github.com/kubernetes/ingress-nginx/pull/3344/files#diff-980db9e4b88704f12338bd074839f94eR821 and aggregate the custom HTTP codes per location. Also IMO template.go is a better place for doing the aggregation rather than controller.go.
There was a problem hiding this comment.
@ElvinEfendi IIRC I set this up when I intended to do deduplication (for example - two ingresses for the same host but different paths can both intercept 404, but only one @custom_404 should be created). I looked into doing this directly in the gotemplate but it seemed tricky - I'll look into moving this into template.go as you suggest
There was a problem hiding this comment.
@ElvinEfendi as per your comment I removed the AllCustomHTTPErrors field and replaced it with a template function to do the collation of all error routes for a server block, and added deduplication (so both ingresses can specify 404 and only one @custom_404 location is created, for example).
Let me know if this is more in line with what you were thinking!
Edit: if it looks better, I'll squash the new commit into the earlier squashed commits
jasongwartz
force-pushed
the
jg-customerrors-per-ingress
branch
3 times, most recently
from
92d0f71 to
ae49fd5
Compare
|
Rebasing from master seems to have fixed the CI build. |
jasongwartz
force-pushed
the
jg-customerrors-per-ingress
branch
2 times, most recently
from
ee39db2 to
1662c78
Compare
| SSLCiphers: anns.SSLCiphers, | ||
| SSLPassthrough: anns.SSLPassthrough, | ||
| SSLCiphers: anns.SSLCiphers, | ||
| } |
There was a problem hiding this comment.
Can you revert this nop change? I think you left it from your original commit and you don't need it anymore.
| "strconv" | ||
| "strings" | ||
|
|
||
| // "github.com/pkg/errors" |
There was a problem hiding this comment.
Done (in with latest squash commit)
|
@jasongwartz please squash the commits and this lgtm |
|
@jasongwartz how hard is to allow custom annotations for the same error code in different paths? |
Adds per-server/location error-catch functionality to nginx template Adds documentation Reduces template duplication with helper function for CUSTOM_ERRORS data Updates documentation Adds e2e test for customerrors Removes AllCustomHTTPErrors, replaces with template function with deduplication and adds e2e test of deduplication Fixes copy-paste error in test, adds additional test cases Reverts noop change in controller.go (unused now)
jasongwartz
force-pushed
the
jg-customerrors-per-ingress
branch
from
8c10eef to
0ebf035
Compare
|
@aledbf cheers! squashed and pushed I think I understand your question - are you asking in the case that there are two ingresses with the same hostname but different paths? In that case, each ingress can set its own set of error codes in an annotation - if both ingresses want to intercept the same error codes, they can both set the annotation the same (or the global config value can be set). |
I am sorry for the lack of context. This PR allows custom error codes using the "default backend". What I "want" is custom error codes with different default backends |
|
@aledbf I actually thought about that but was planning on doing it as a follow-up, I think I need to learn more about how the default-backends are used/assigned first. I considered both sending the custom errors to the annotation default-backend or to a separate backend (maybe specifiable by a secondary annotation), but I figured the current state of the PR is already an improvement on the existing functionality. |
👍 :)
I think would be ideal to avoid new annotations |
|
/lgtm |
k8s-ci-robot
added
the
lgtm
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: aledbf, jasongwartz The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
|
👍 |
|
/retest If this doesn't work, is there something I can do to rerun the build? |
No. The bot does not trigger travis-ci builds. |
|
@aledbf my mistake, I wasn’t sure. The build seems to be failing on unrelated e2e tests |
|
@aledbf @ElvinEfendi cheers, and thanks for the help! |
This is a reopen of #3340 (after some rebasing trouble)
What this PR does / why we need it:
This PR introduces a new annotation called
custom-http-errors, which functions in a similar way to the config valuecustom-http-errors, but performs the proxy_intercept overriding on the location blocks specified by that Ingress only.In our Kubernetes cluster, we have one single ingress controller which serves both frontend website services and APIs - and we want to send back 'pretty' error pages for the web services, but not the APIs.
Which issue this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)format, will close that issue when PR gets merged): fixes ##2532
#3246 - when using this PR, it's possible to cancel out the global
custom-http-errorssetting by adding the Ingress annotation and setting an unused status code only, like"nginx.ingress.kubernetes.io/custom-http-errors": "418".Special notes for your reviewer:
We've been using this annotation in our development/test cluster for a while now and it's working well. I'm open to feedback on how to improve!