Skip to content

Commit

Permalink
Merge pull request #531 from grayluck/cherrypick-suppress-xpn-err
Browse files Browse the repository at this point in the history
Add gke.io/suppress-firewall-xpn-error annotation to suppress XPN firewall events
  • Loading branch information
k8s-ci-robot authored Nov 1, 2018
2 parents 9200ebc + b42d886 commit 11515a0
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 0 deletions.
18 changes: 18 additions & 0 deletions pkg/annotations/ingress.go
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,10 @@ const (
// manage ManagedCertificate resources, it is the user's responsibility to
// create/delete them.
ManagedCertificates = "gke.googleapis.com/managed-certificates"

// SuppressFirewallXPNErrorKey is the annotation key used by firewall
// controller whether to supress firewallXPNError.
SuppressFirewallXPNErrorKey = "networking.gke.io/suppress-firewall-xpn-error"
)

// Ingress represents ingress annotations.
Expand Down Expand Up @@ -128,3 +132,17 @@ func (ing *Ingress) ManagedCertificates() string {
}
return val
}

// SuppressFirewallXPNError returns the SuppressFirewallXPNErrorKey flag.
// False by default.
func (ing *Ingress) SuppressFirewallXPNError() bool {
val, ok := ing.v[SuppressFirewallXPNErrorKey]
if !ok {
return false
}
v, err := strconv.ParseBool(val)
if err != nil {
return false
}
return v
}
4 changes: 4 additions & 0 deletions pkg/firewalls/controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
listers "k8s.io/client-go/listers/core/v1"
"k8s.io/client-go/tools/cache"
"k8s.io/ingress-gce/pkg/annotations"
"k8s.io/ingress-gce/pkg/context"
"k8s.io/ingress-gce/pkg/controller/translator"
"k8s.io/ingress-gce/pkg/utils"
Expand Down Expand Up @@ -170,6 +171,9 @@ func (fwc *FirewallController) sync(key string) error {
if fwErr, ok := err.(*FirewallXPNError); ok {
// XPN: Raise an event on each ingress
for _, ing := range gceIngresses.Items {
if annotations.FromIngress(&ing).SuppressFirewallXPNError() {
continue
}
fwc.ctx.Recorder(ing.Namespace).Eventf(&ing, apiv1.EventTypeNormal, "XPN", fwErr.Message)
}
} else {
Expand Down

0 comments on commit 11515a0

Please sign in to comment.