diff --git a/apis/elbv2/v1beta1/ingressclassparams_types.go b/apis/elbv2/v1beta1/ingressclassparams_types.go index 61c6aa49c..06d9beddf 100644 --- a/apis/elbv2/v1beta1/ingressclassparams_types.go +++ b/apis/elbv2/v1beta1/ingressclassparams_types.go @@ -86,9 +86,9 @@ type Attribute struct { // IngressClassParamsSpec defines the desired state of IngressClassParams type IngressClassParamsSpec struct { - // CertificateARN specifies the ARN of the certificates for all Ingresses that belong to IngressClass with this IngressClassParams. + // CertificateArn specifies the ARN of the certificates for all Ingresses that belong to IngressClass with this IngressClassParams. // +optional - CertficateArn []string `json:"certficateArn,omitempty"` + CertificateArn []string `json:"certificateArn,omitempty"` // NamespaceSelector restrict the namespaces of Ingresses that are allowed to specify the IngressClass with this IngressClassParams. // * if absent or present but empty, it selects all namespaces. diff --git a/apis/elbv2/v1beta1/zz_generated.deepcopy.go b/apis/elbv2/v1beta1/zz_generated.deepcopy.go index b58f98286..5cbf8a21a 100644 --- a/apis/elbv2/v1beta1/zz_generated.deepcopy.go +++ b/apis/elbv2/v1beta1/zz_generated.deepcopy.go @@ -117,8 +117,8 @@ func (in *IngressClassParamsList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *IngressClassParamsSpec) DeepCopyInto(out *IngressClassParamsSpec) { *out = *in - if in.CertficateArn != nil { - in, out := &in.CertficateArn, &out.CertficateArn + if in.CertificateArn != nil { + in, out := &in.CertificateArn, &out.CertificateArn *out = make([]string, len(*in)) copy(*out, *in) } diff --git a/config/crd/bases/elbv2.k8s.aws_ingressclassparams.yaml b/config/crd/bases/elbv2.k8s.aws_ingressclassparams.yaml index b6b399933..a742a094e 100644 --- a/config/crd/bases/elbv2.k8s.aws_ingressclassparams.yaml +++ b/config/crd/bases/elbv2.k8s.aws_ingressclassparams.yaml @@ -55,8 +55,8 @@ spec: spec: description: IngressClassParamsSpec defines the desired state of IngressClassParams properties: - certficateArn: - description: CertificateARN specifies the ARN of the certificates + certificateArn: + description: CertificateArn specifies the ARN of the certificates for all Ingresses that belong to IngressClass with this IngressClassParams. items: type: string diff --git a/docs/guide/ingress/cert_discovery.md b/docs/guide/ingress/cert_discovery.md index 1f79faab7..42ef81bd2 100644 --- a/docs/guide/ingress/cert_discovery.md +++ b/docs/guide/ingress/cert_discovery.md @@ -1,5 +1,5 @@ # Certificate Discovery -TLS certificates for ALB Listeners can be automatically discovered with hostnames from Ingress resources if the [`alb.ingress.kubernetes.io/certificate-arn`](annotations.md#certificate-arn) annotation is not specified. +TLS certificates for ALB Listeners can be automatically discovered with hostnames from Ingress resources if the [`spec.certificateArn`](ingress_class.md#speccertificatearn) in [`IngressClassParams`](ingress_class.md#ingressclassparams-specification) or [`alb.ingress.kubernetes.io/certificate-arn`](annotations.md#certificate-arn) annotation is not specified. The controller will attempt to discover TLS certificates from the `tls` field in Ingress and `host` field in Ingress rules. diff --git a/docs/guide/ingress/ingress_class.md b/docs/guide/ingress/ingress_class.md index 85bccc76d..5a9089bfa 100644 --- a/docs/guide/ingress/ingress_class.md +++ b/docs/guide/ingress/ingress_class.md @@ -131,6 +131,15 @@ You can use IngressClassParams to enforce settings for a set of Ingresses. - myVal0 - myVal1 ``` + - with certificateArn + ``` + apiVersion: elbv2.k8s.aws/v1beta1 + kind: IngressClassParams + metadata: + name: class2048-config + spec: + certificateArn: ['arn:aws:acm:us-east-1:123456789:certificate/test-arn-1','arn:aws:acm:us-east-1:123456789:certificate/test-arn-2'] + ``` ### IngressClassParams specification @@ -167,7 +176,7 @@ Cluster administrators can use the `scheme` field to restrict the scheme for all Cluster administrators can use the optional `inboundCIDRs` field to specify the CIDRs that are allowed to access the load balancers that belong to this IngressClass. If the field is specified, LBC will ignore the `alb.ingress.kubernetes.io/inbound-cidrs` annotation. -### spec.certificateArn +#### spec.certificateArn Cluster administrators can use the optional `certificateARN` field to specify the ARN of the certificates for all Ingresses that belong to IngressClass with this IngressClassParams. If the field is specified, LBC will ignore the `alb.ingress.kubernetes.io/certificate-arn` annotation. diff --git a/helm/aws-load-balancer-controller/crds/crds.yaml b/helm/aws-load-balancer-controller/crds/crds.yaml index ce50f0a5d..20fa2d0af 100644 --- a/helm/aws-load-balancer-controller/crds/crds.yaml +++ b/helm/aws-load-balancer-controller/crds/crds.yaml @@ -54,10 +54,9 @@ spec: spec: description: IngressClassParamsSpec defines the desired state of IngressClassParams properties: - certficateArn: - description: - CertificateARN specifies the ARN of the certificates for - all Ingresses that belong to IngressClass with this IngressClassParams. + certificateArn: + description: CertificateArn specifies the ARN of the certificates + for all Ingresses that belong to IngressClass with this IngressClassParams. items: type: string type: array diff --git a/pkg/annotations/constants.go b/pkg/annotations/constants.go index 84bfd13eb..493e0427e 100644 --- a/pkg/annotations/constants.go +++ b/pkg/annotations/constants.go @@ -87,5 +87,5 @@ const ( SvcLBSuffixLoadBalancerSecurityGroups = "aws-load-balancer-security-groups" SvcLBSuffixManageSGRules = "aws-load-balancer-manage-backend-security-group-rules" SvcLBSuffixEnforceSGInboundRulesOnPrivateLinkTraffic = "aws-load-balancer-inbound-sg-rules-on-private-link-traffic" - SvcLBSuffixSecurityGroupPrefixLists = "aws-load-balancer-security-group-prefix-lists" + SvcLBSuffixSecurityGroupPrefixLists = "aws-load-balancer-security-group-prefix-lists" ) diff --git a/pkg/ingress/model_build_listener.go b/pkg/ingress/model_build_listener.go index a79365049..2504dd201 100644 --- a/pkg/ingress/model_build_listener.go +++ b/pkg/ingress/model_build_listener.go @@ -167,8 +167,8 @@ func (t *defaultModelBuildTask) computeIngressListenPortConfigByPort(ctx context } func (t *defaultModelBuildTask) computeIngressExplicitTLSCertARNs(_ context.Context, ing *ClassifiedIngress) []string { - if ing.IngClassConfig.IngClassParams != nil && len(ing.IngClassConfig.IngClassParams.Spec.CertficateArn) != 0 { - return ing.IngClassConfig.IngClassParams.Spec.CertficateArn + if ing.IngClassConfig.IngClassParams != nil && len(ing.IngClassConfig.IngClassParams.Spec.CertificateArn) != 0 { + return ing.IngClassConfig.IngClassParams.Spec.CertificateArn } var rawTLSCertARNs []string _ = t.annotationParser.ParseStringSliceAnnotation(annotations.IngressSuffixCertificateARN, &rawTLSCertARNs, ing.Ing.Annotations) diff --git a/pkg/ingress/model_builder_test.go b/pkg/ingress/model_builder_test.go index d1766fec0..7fa2cd5c2 100644 --- a/pkg/ingress/model_builder_test.go +++ b/pkg/ingress/model_builder_test.go @@ -1896,7 +1896,7 @@ func Test_defaultModelBuilder_Build(t *testing.T) { IngClassConfig: ClassConfiguration{ IngClassParams: &v1beta1.IngressClassParams{ Spec: v1beta1.IngressClassParamsSpec{ - CertficateArn: []string{"arn:aws:acm:us-east-1:9999999:certificate/ingress-class-certificate-arn"}, + CertificateArn: []string{"arn:aws:acm:us-east-1:9999999:certificate/ingress-class-certificate-arn"}, }, }, },