Merge branch 'main' into evolve_oidc_logout

Author: llomgui

.github/actions/smoke-tests/action.yaml

@@ -80,23 +80,23 @@ runs:
         token_format: access_token
         workload_identity_provider: ${{ inputs.gcr-workload-identity-secret }}
         service_account: ${{ inputs.gcr-service-account-secret }}
-      if: ${{ ! inputs.forked-workflow }}
+      if: ${{ inputs.forked-workflow == 'false' }}
 
     - name: Login to GCR
       uses: docker/login-action@v3
       with:
         registry: gcr.io
         username: oauth2accesstoken
         password: ${{ steps.auth.outputs.access_token }}
-      if: ${{ ! inputs.forked-workflow }}
+      if: ${{ inputs.forked-workflow == 'false' }}
 
     - name: Build ${{ inputs.image }} Container
       uses: docker/build-push-action@v3
       with:
         file: build/Dockerfile
         context: "."
         cache-from: type=gha,scope=${{ inputs.image }}${{ contains(inputs.marker, 'dos') && '-dos' || '' }}${{ contains(inputs.marker, 'appprotect') && '-nap' || '' }}
-        target: goreleaser${{ inputs.forked-workflow && '' || '-prebuilt' }}
+        target: goreleaser${{ inputs.forked-workflow == 'false' && '-prebuilt' || '' }}
         tags: "docker.io/nginx/${{ steps.ingress-type.outputs.name }}:${{ steps.ingress-type.outputs.tag }}"
         load: true
         pull: true
@@ -138,7 +138,7 @@ runs:
         tags: ${{ inputs.test-image }}
         pull: true
         load: true
-      if: ${{ inputs.forked-workflow }}
+      if: ${{ inputs.forked-workflow == 'true' }}
 
     - name: Run Smoke Tests
       run: |

.github/workflows/ci.yml

@@ -45,7 +45,7 @@ jobs:
       ic_version: ${{ steps.vars.outputs.ic_version }}
       publish_images: ${{ steps.vars.outputs.publish }}
       docker_md5: ${{ steps.vars.outputs.docker_md5 }}
-      forked_workflow: ${{ github.event.pull_request.head.repo.full_name != github.repository }}
+      forked_workflow: ${{ (github.event.pull_request.head.repo.full_name != github.repository) && ! (startsWith(github.ref, 'refs/heads/release-') || github.ref_name == 'main') }}
     steps:
       - name: Checkout Repository
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

internal/externaldns/controller.go

@@ -2,6 +2,7 @@ package externaldns
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"sync"
 	"time"
@@ -58,7 +59,7 @@ type ExtDNSOpts struct {
 }
 
 // NewController takes external dns config and return a new External DNS Controller.
-func NewController(opts *ExtDNSOpts) *ExtDNSController {
+func NewController(opts *ExtDNSOpts) (*ExtDNSController, error) {
 	ig := make(map[string]*namespacedInformer)
 	c := &ExtDNSController{
 		ctx:           opts.context,
@@ -74,35 +75,44 @@ func NewController(opts *ExtDNSOpts) *ExtDNSController {
 			// no initial namespaces with watched label - skip creating informers for now
 			break
 		}
-		c.newNamespacedInformer(ns)
+		_, err := c.newNamespacedInformer(ns)
+		if err != nil {
+			return nil, err
+		}
 	}
 
 	c.sync = SyncFnFor(c.recorder, c.client, c.informerGroup)
-	return c
+	return c, nil
 }
 
-func (c *ExtDNSController) newNamespacedInformer(ns string) *namespacedInformer {
+func (c *ExtDNSController) newNamespacedInformer(ns string) (*namespacedInformer, error) {
 	nsi := &namespacedInformer{sharedInformerFactory: k8s_nginx_informers.NewSharedInformerFactoryWithOptions(c.client, c.resync, k8s_nginx_informers.WithNamespace(ns))}
 	nsi.stopCh = make(chan struct{})
 	nsi.vsLister = nsi.sharedInformerFactory.K8s().V1().VirtualServers().Lister()
 	nsi.extdnslister = nsi.sharedInformerFactory.Externaldns().V1().DNSEndpoints().Lister()
 
-	nsi.sharedInformerFactory.K8s().V1().VirtualServers().Informer().AddEventHandler(
+	vsInformer := nsi.sharedInformerFactory.K8s().V1().VirtualServers().Informer()
+	vsHandlerReg, err := vsInformer.AddEventHandler(
 		&QueuingEventHandler{
 			Queue: c.queue,
 		},
 	)
-
-	nsi.sharedInformerFactory.Externaldns().V1().DNSEndpoints().Informer().AddEventHandler(&BlockingEventHandler{
+	if err != nil {
+		return nil, err
+	}
+	dnsInformer := nsi.sharedInformerFactory.Externaldns().V1().DNSEndpoints().Informer()
+	dnsHandlerReg, err := dnsInformer.AddEventHandler(&BlockingEventHandler{
 		WorkFunc: externalDNSHandler(c.queue),
 	})
-
+	if err != nil {
+		return nil, err
+	}
 	nsi.mustSync = append(nsi.mustSync,
-		nsi.sharedInformerFactory.K8s().V1().VirtualServers().Informer().HasSynced,
-		nsi.sharedInformerFactory.Externaldns().V1().DNSEndpoints().Informer().HasSynced,
+		vsHandlerReg.HasSynced,
+		dnsHandlerReg.HasSynced,
 	)
 	c.informerGroup[ns] = nsi
-	return nsi
+	return nsi, nil
 }
 
 // Run sets up the event handlers for types we are interested in, as well
@@ -254,16 +264,20 @@ func getNamespacedInformer(ns string, ig map[string]*namespacedInformer) *namesp
 }
 
 // AddNewNamespacedInformer adds watchers for a new namespace
-func (c *ExtDNSController) AddNewNamespacedInformer(ns string) {
+func (c *ExtDNSController) AddNewNamespacedInformer(ns string) error {
 	glog.V(3).Infof("Adding or Updating cert-manager Watchers for Namespace: %v", ns)
 	nsi := getNamespacedInformer(ns, c.informerGroup)
 	if nsi == nil {
-		nsi = c.newNamespacedInformer(ns)
+		nsi, err := c.newNamespacedInformer(ns)
+		if err != nil {
+			return err
+		}
 		nsi.start()
 	}
 	if !cache.WaitForCacheSync(nsi.stopCh, nsi.mustSync...) {
-		return
+		return errors.New("failed to sync the cache")
 	}
+	return nil
 }
 
 // RemoveNamespacedInformer removes watchers for a namespace we are no longer watching

internal/k8s/controller.go

@@ -274,7 +274,9 @@ func NewLoadBalancerController(input NewLoadBalancerControllerInput) *LoadBalanc
 	}
 
 	if input.ExternalDNSEnabled {
-		lbc.externalDNSController = ed_controller.NewController(ed_controller.BuildOpts(context.TODO(), lbc.namespaceList, lbc.recorder, lbc.confClient, input.ResyncPeriod, isDynamicNs))
+		if lbc.externalDNSController, err = ed_controller.NewController(ed_controller.BuildOpts(context.TODO(), lbc.namespaceList, lbc.recorder, lbc.confClient, input.ResyncPeriod, isDynamicNs)); err != nil {
+			glog.Fatalf("failed to initialize ExternalDNS: %v", err)
+		}
 	}
 
 	glog.V(3).Infof("Nginx Ingress Controller has class: %v", input.IngressClass)
@@ -1142,7 +1144,10 @@ func (lbc *LoadBalancerController) syncNamespace(task task) {
 			lbc.certManagerController.AddNewNamespacedInformer(key)
 		}
 		if lbc.externalDNSController != nil {
-			lbc.externalDNSController.AddNewNamespacedInformer(key)
+			if err := lbc.externalDNSController.AddNewNamespacedInformer(key); err != nil {
+				lbc.syncQueue.Requeue(task, err)
+				return
+			}
 		}
 		if !cache.WaitForCacheSync(nsi.stopCh, nsi.cacheSyncs...) {
 			return

internal/telemetry/cluster.go

@@ -26,9 +26,9 @@ func (c *Collector) ClusterID(ctx context.Context) (string, error) {
 	return string(cluster.UID), nil
 }
 
-// K8sVersion returns a string respresenting the K8s version.
+// ClusterVersion returns a string respresenting the K8s version.
 // It returns an error if the underlying k8s API client errors.
-func (c *Collector) K8sVersion() (string, error) {
+func (c *Collector) ClusterVersion() (string, error) {
 	sv, err := c.Config.K8sClientReader.Discovery().ServerVersion()
 	if err != nil {
 		return "", err

internal/telemetry/cluster_test.go

@@ -69,7 +69,7 @@ func TestK8sVersionRetrievesClusterVersion(t *testing.T) {
 	t.Parallel()
 
 	c := newTestCollectorForClusterWithNodes(t, node1)
-	got, err := c.K8sVersion()
+	got, err := c.ClusterVersion()
 	if err != nil {
 		t.Fatal(err)
 	}

internal/telemetry/collector.go

@@ -7,6 +7,8 @@ import (
 	"runtime"
 	"time"
 
+	telemetry "github.com/nginxinc/telemetry-exporter/pkg/telemetry"
+
 	"github.com/nginxinc/kubernetes-ingress/internal/configs"
 
 	k8s_nginx "github.com/nginxinc/kubernetes-ingress/pkg/client/clientset/versioned"
@@ -95,14 +97,13 @@ func (c *Collector) Collect(ctx context.Context) {
 }
 
 // BuildReport takes context and builds report from gathered telemetry data.
-func (c *Collector) BuildReport(ctx context.Context) (Data, error) {
-	pm := ProjectMeta{
-		Name:    "NIC",
-		Version: c.Config.Version,
-	}
+func (c *Collector) BuildReport(ctx context.Context) (telemetry.Exportable, error) {
 	d := Data{
-		ProjectMeta: pm,
-		Arch:        runtime.GOARCH,
+		Data: telemetry.Data{
+			ProjectName:         "NIC",
+			ProjectVersion:      c.Config.Version,
+			ProjectArchitecture: runtime.GOARCH,
+		},
 	}
 
 	var err error
@@ -113,16 +114,21 @@ func (c *Collector) BuildReport(ctx context.Context) (Data, error) {
 		d.TransportServers = int64(c.Config.Configurator.GetTransportServerCounts())
 	}
 
-	if d.NodeCount, err = c.NodeCount(ctx); err != nil {
-		glog.Errorf("Error collecting telemetry data: Nodes: %v", err)
-	}
-
 	if d.ClusterID, err = c.ClusterID(ctx); err != nil {
 		glog.Errorf("Error collecting telemetry data: ClusterID: %v", err)
 	}
 
-	if d.K8sVersion, err = c.K8sVersion(); err != nil {
+	if d.ClusterNodeCount, err = c.NodeCount(ctx); err != nil {
+		glog.Errorf("Error collecting telemetry data: Nodes: %v", err)
+	}
+
+	if d.ClusterVersion, err = c.ClusterVersion(); err != nil {
 		glog.Errorf("Error collecting telemetry data: K8s Version: %v", err)
 	}
-	return d, err
+
+	// TODO: Get Cluster (k8s) platform. e.g. EKS, AWS, Openshift, etc...
+
+	// TODO: Get InstallationID
+	// example of how NGF gets this ID https://github.com/nginxinc/nginx-gateway-fabric/blob/f33db51fc9e05ccf98fc8cdae100772a5cc6775e/internal/mode/static/telemetry/collector.go#L244-L248
+	return &d, err
 }