Skip to content
This repository has been archived by the owner on Sep 20, 2022. It is now read-only.

Operator doesn't take information of prefixes from Ingress configuration #101

Closed
denis-buravlev opened this issue Feb 8, 2021 · 4 comments · Fixed by #143
Closed

Operator doesn't take information of prefixes from Ingress configuration #101

denis-buravlev opened this issue Feb 8, 2021 · 4 comments · Fixed by #143
Assignees
@travisgroth
Labels
enhancement New feature or request

Comments

@denis-buravlev
Copy link

Environment:
Pomerium chart: 15.0.0
Pomerium version: v0.12.1
Operator version: v0.0.5

I don't use Pomerium for routing. I use it only for forward auth (with Traefik).

Problem:

By some reasons I have an Ingress with the following configuration:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    ingress.pomerium.io/allowed_domains: '["example.com"]'
    ingress.pomerium.io/allowed_idp_claims: '{"groups":["group-name"]}'
  labels:
    ...
  name: ingress-rule-1
  namespace: default
spec:
  rules:
  - host: example.com
    http:
      paths:
      - backend:
          serviceName: example-service
          servicePort: 8080
        path: /path1
        pathType: ImplementationSpecific
      - backend:
          serviceName: example-service
          servicePort: 8080
        path: /path2
        pathType: ImplementationSpecific
  tls:
  - hosts:
    - example.com
    secretName: secret-name

Operator generates the following policies:

- from: https://example.com
  to: http://example-service.default.svc.cluster.local:8080
  allowed_domains:
  - example.com
  allowed_idp_claims:
    groups:
    - group-name
- from: https://example.com
  to: http://example-service.default.svc.cluster.local:8080
  allowed_domains:
  - example.com
  allowed_idp_claims:
    groups:
    - group-name

Proxy service can't start with the configuration. It throws the following error:
ERR error applying configuration error="duplicate name policy-f7b2cb2f22d55930 found among added/updated resources" code=13 details=null

If I stop Operator and add "pathPrefix" options Proxy will start correctly.
From my point of view Operator should take pathPrefix information from Ingress rule.

Am I right?
@travisgroth travisgroth self-assigned this Feb 8, 2021
@travisgroth travisgroth added this to the 2021Q1 - Sprint 3 milestone Feb 8, 2021
@travisgroth travisgroth added the enhancement New feature or request label Feb 8, 2021
@travisgroth
Copy link
Contributor

Hi @denis-buravlev,

You're correct. This isn't supported currently, though I think it can be added.

@denis-buravlev
Copy link
Author

Thanks a lot. It was a surprise for me because I'm using Pomerium since 0.9.x and Proxy didn't fall down before wit the same config.

@travisgroth travisgroth removed this from the 2021Q1 - Sprint 5 milestone Feb 26, 2021
@travisgroth travisgroth mentioned this issue Apr 2, 2021
Merged
2 tasks
@x0ddf
Copy link

x0ddf commented Jun 22, 2021

Hi, this issue is still reproduced for pomerium 0.14.2 and operator version 0.0.5 on any k8s version 1.17+. Any chances what the issue will be fixed?

@travisgroth travisgroth mentioned this issue Nov 5, 2021
Merged
@travisgroth
Copy link
Contributor

Closed by #143

This should be resolved by migrating to the Pomerium Ingress Controller (docs). See deprecation notice for more info.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@travisgroth travisgroth

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add Deprecation Notice travisgroth/pomerium-operator
3 participants
@x0ddf @denis-buravlev @travisgroth