Add zone-sync/state sharing with no TLS to ConfigMap

[AlexFenlon]

Proposed changes

Adds zone-sync without TLS to the ConfigMap. NGINX Plus is required to use this.

• add zone-sync ConfigMap values as llisted below:
  • zone-sync
  • zone-sync-port
  • zone-sync-resolver-addresses
  • zone-sync-resolver-valid
  • zone-sync-resolver-ipv6

Every value listed above requires both zone-sync and NGINX Plus to be enabled.

• add OIDC exmple using new zone-sync ConfigMap values instead of snippets.
• add simple zone-sync example
• auto creation of headless service on startup and runtime
• pytests

docs will be seperate pr soon

Minimum ConfigMap value to get the output below

kind: ConfigMap
apiVersion: v1
metadata:
  name: nginx-config
  namespace: nginx-ingress
data:
  zone-sync: "true"

nginx.conf snippet

    server {
        listen 12345;
        listen [::]:12345;
        resolver kube-dns.kube-system.svc.cluster.local valid=5s;
        zone_sync;
        zone_sync_server default-headless.default.svc.cluster.local:12345 resolve;
    }

Checklist

Before creating a PR, run through this checklist and mark each as complete.

• I have read the CONTRIBUTING doc
• I have added tests that prove my fix is effective or that my feature works
• I have checked that all unit tests pass after adding my changes
• I have updated necessary documentation
• I have rebased my branch onto main
• I will ensure my PR is targeting the main branch and pulling from my branch from my own fork

[codecov]

Codecov Report

Attention: Patch coverage is 23.89381% with 172 lines in your changes missing coverage. Please review.

Project coverage is 52.49%. Comparing base (0dd08f0) to head (257e502).
Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
cmd/nginx-ingress/main.go	0.00%	60 Missing ⚠️
internal/k8s/service.go	0.00%	53 Missing ⚠️
internal/configs/configmaps.go	55.67%	37 Missing and 6 partials ⚠️
internal/k8s/controller.go	0.00%	14 Missing ⚠️
...l/configs/commonhelpers/common_template_helpers.go	0.00%	2 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #7347      +/-   ##
==========================================
- Coverage   52.82%   52.49%   -0.34%     
==========================================
  Files          89       89              
  Lines       20922    21103     +181     
==========================================
+ Hits        11052    11077      +25     
- Misses       9407     9562     +155     
- Partials      463      464       +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[jjngx]

🚀

[pdabelf5]

What happens to the headless service when NIC is removed?

[pdabelf5]

Can two NIC instances with zone-sync enabled co-exist in the same namespace?

[AlexFenlon]

@pdabelf5

What happens to the headless service when NIC is removed?

The headless service gets created again and then reapplied as it is required for zone_sync. if zone_sync is disabled, it will be removed.

Can two NIC instances with zone-sync enabled co-exist in the same namespace?

Yes. Two or more can be deployed with zone-sync enabled.

[pdabelf5]

@pdabelf5

What happens to the headless service when NIC is removed?

The headless service gets created again and then reapplied as it is required for zone_sync. if zone_sync is disabled, it will be removed.

If NIC is uninstalled, is the headless service left orphaned or removed. I see code to handle if zone-sync is disabled, but I didn't see any code to handle uninstalls.

Can two NIC instances with zone-sync enabled co-exist in the same namespace?

Yes. Two or more can be deployed with zone-sync enabled.

they all have my-release as the the helm release name, are they unique instances. With two NIC instances deployed in the same namespace, how many headless services are created?

[AlexFenlon]

@pdabelf5

If NIC is uninstalled, is the headless service left orphaned or removed. I see code to handle if zone-sync is disabled, but I didn't see any code to handle uninstalls.

Correct, it is left orphaned. It seems to be left over when uninstalling the deployment. I will look into fixing this as it was an oversight.

they all have my-release as the the helm release name, are they unique instances. With two NIC instances deployed in the same namespace, how many headless services are created?

tested two different Helm deployments and enabled zone sync through their ConfigMaps on each, and both are up and running, a single "default-headless" is created. Default being the namespace. This is not the desired outcome so I will change this so each ingress controller can control its headless service.