diff --git a/pkg/reconciler/contour/resources/httpproxy.go b/pkg/reconciler/contour/resources/httpproxy.go index c69a537b8..20fcde5b2 100644 --- a/pkg/reconciler/contour/resources/httpproxy.go +++ b/pkg/reconciler/contour/resources/httpproxy.go @@ -123,13 +123,13 @@ func MakeHTTPProxies(ctx context.Context, ing *v1alpha1.Ingress, serviceToProtoc proxies := []*v1.HTTPProxy{} for _, rule := range ing.Spec.Rules { - class := config.FromContext(ctx).Contour.VisibilityClasses[rule.Visibility] + class := cfg.Contour.VisibilityClasses[rule.Visibility] routes := make([]v1.Route, 0, len(rule.HTTP.Paths)) for _, path := range rule.HTTP.Paths { top := &v1.TimeoutPolicy{ - Response: config.FromContext(ctx).Contour.TimeoutPolicyResponse, - Idle: config.FromContext(ctx).Contour.TimeoutPolicyIdle, + Response: cfg.Contour.TimeoutPolicyResponse, + Idle: cfg.Contour.TimeoutPolicyIdle, } // By default retry on connection problems twice. @@ -299,7 +299,7 @@ func MakeHTTPProxies(ctx context.Context, ing *v1alpha1.Ingress, serviceToProtoc // Ideally these would just be marked ClusterLocal :( if strings.HasSuffix(originalHost, network.GetClusterDomainName()) { - class = config.FromContext(ctx).Contour.VisibilityClasses[v1alpha1.IngressVisibilityClusterLocal] + class = cfg.Contour.VisibilityClasses[v1alpha1.IngressVisibilityClusterLocal] hostProxy.Annotations[ClassKey] = class hostProxy.Labels[ClassKey] = class } @@ -334,7 +334,7 @@ func MakeHTTPProxies(ctx context.Context, ing *v1alpha1.Ingress, serviceToProtoc hostProxy.Spec.VirtualHost.TLS = &v1.TLS{ SecretName: fmt.Sprintf("%s/%s", tls.SecretNamespace, tls.SecretName), } - } else if s := config.FromContext(ctx).Contour.DefaultTLSSecret; s != nil { + } else if s := cfg.Contour.DefaultTLSSecret; s != nil && rule.Visibility == v1alpha1.IngressVisibilityExternalIP { hostProxy.Spec.VirtualHost.TLS = &v1.TLS{SecretName: s.String()} } diff --git a/pkg/reconciler/contour/resources/httpproxy_test.go b/pkg/reconciler/contour/resources/httpproxy_test.go index 7defe6bf5..f61e17209 100644 --- a/pkg/reconciler/contour/resources/httpproxy_test.go +++ b/pkg/reconciler/contour/resources/httpproxy_test.go @@ -970,9 +970,6 @@ func TestMakeProxies(t *testing.T) { Spec: v1.HTTPProxySpec{ VirtualHost: &v1.VirtualHost{ Fqdn: "bar.foo", - TLS: &v1.TLS{ - SecretName: "foo/bar", - }, }, Routes: []v1.Route{{ EnableWebsockets: true, @@ -1055,9 +1052,6 @@ func TestMakeProxies(t *testing.T) { Spec: v1.HTTPProxySpec{ VirtualHost: &v1.VirtualHost{ Fqdn: "bar.foo.svc", - TLS: &v1.TLS{ - SecretName: "foo/bar", - }, }, Routes: []v1.Route{{ EnableWebsockets: true, @@ -1140,9 +1134,6 @@ func TestMakeProxies(t *testing.T) { Spec: v1.HTTPProxySpec{ VirtualHost: &v1.VirtualHost{ Fqdn: "bar.foo.svc.cluster.local", - TLS: &v1.TLS{ - SecretName: "foo/bar", - }, }, Routes: []v1.Route{{ EnableWebsockets: true, @@ -1392,6 +1383,25 @@ func TestMakeProxies(t *testing.T) { }}, }}, }, + }, { + Hosts: []string{ + "hello.default", + }, + Visibility: v1alpha1.IngressVisibilityClusterLocal, + HTTP: &v1alpha1.HTTPIngressRuleValue{ + Paths: []v1alpha1.HTTPIngressPath{{ + Splits: []v1alpha1.IngressBackendSplit{{ + IngressBackend: v1alpha1.IngressBackend{ + ServiceName: "goo", + ServicePort: intstr.FromInt(123), + }, + Percent: 100, + AppendHeaders: map[string]string{ + "Baz": "blah", + }, + }}, + }}, + }, }}, }, }, @@ -1440,7 +1450,89 @@ func TestMakeProxies(t *testing.T) { RequestHeadersPolicy: &v1.HeadersPolicy{ Set: []v1.HeaderValue{{ Name: "K-Network-Hash", - Value: "225764a7e90e21a05c0591ed9ec9f82f7014ce34f3293ecee049ed44c3ab9eb1", + Value: "1767beffd53ed097be2cf345709d9b65a8b09943196418e59d82ecf48b562e97", + }}, + }, + Services: []v1.Service{{ + Name: "goo", + Protocol: &protocol, + Port: 123, + Weight: 100, + RequestHeadersPolicy: &v1.HeadersPolicy{ + Set: []v1.HeaderValue{{ + Name: "Baz", + Value: "blah", + }}, + }, + }}, + }, { + EnableWebsockets: true, + PermitInsecure: true, + TimeoutPolicy: &v1.TimeoutPolicy{ + Response: "infinity", + Idle: "infinity", + }, + RetryPolicy: defaultRetryPolicy(), + RequestHeadersPolicy: &v1.HeadersPolicy{ + Set: []v1.HeaderValue{}, + }, + Services: []v1.Service{{ + Name: "goo", + Protocol: &protocol, + Port: 123, + Weight: 100, + RequestHeadersPolicy: &v1.HeadersPolicy{ + Set: []v1.HeaderValue{{ + Name: "Baz", + Value: "blah", + }}, + }, + }}, + }}, + }, + }, { + ObjectMeta: metav1.ObjectMeta{ + Namespace: "foo", + Name: "bar-" + privateClass + "-hello.default", + Labels: map[string]string{ + DomainHashKey: "b8a521823106d27dcc64898df9d4bab6ad322938", + GenerationKey: "0", + ParentKey: "bar", + ClassKey: privateClass, + }, + Annotations: map[string]string{ + ClassKey: privateClass, + }, + OwnerReferences: []metav1.OwnerReference{{ + APIVersion: "networking.internal.knative.dev/v1alpha1", + Kind: "Ingress", + Name: "bar", + Controller: ptr.Bool(true), + BlockOwnerDeletion: ptr.Bool(true), + }}, + }, + Spec: v1.HTTPProxySpec{ + VirtualHost: &v1.VirtualHost{ + Fqdn: "hello.default", + }, + Routes: []v1.Route{{ + EnableWebsockets: true, + PermitInsecure: true, + TimeoutPolicy: &v1.TimeoutPolicy{ + Response: "infinity", + Idle: "infinity", + }, + RetryPolicy: defaultRetryPolicy(), + Conditions: []v1.MatchCondition{{ + Header: &v1.HeaderMatchCondition{ + Name: "K-Network-Hash", + Exact: "override", + }, + }}, + RequestHeadersPolicy: &v1.HeadersPolicy{ + Set: []v1.HeaderValue{{ + Name: "K-Network-Hash", + Value: "1767beffd53ed097be2cf345709d9b65a8b09943196418e59d82ecf48b562e97", }}, }, Services: []v1.Service{{