search

ngrok / kubernetes-ingress-controller

The official ngrok Ingress Controller for Kubernetes
https://ngrok.com
MIT License
184 stars 20 forks source link

Handle IPPolicy CRD state transitions in a safer way #260

Closed jonstacks closed 1 year ago

jonstacks commented 1 year ago

Contributes to #221

What

Since CIDR has to be unique within an IPPolicy: HTTP 400: IP Policy Rule with CIDR '127.0.0.1/32' already exists [ERR_NGROK_1408], we need to calculate the diff and apply the changes in a safe way.

How

Use the following diffing logic to apply creates, deletes, and updates in the following order:

  1. Create all new deny rules that don't exist in the remote with a matching CIDR.
  2. Delete any allow rules with matching CIDRs that will be changing to deny rules. Then create the deny rules
  3. Delete any deny rules with matching CIDRs that will be changing to allow rules. Then create the allow rules.
  4. Create all new allow rules that don't exist in the remote with a matching CIDR.
  5. Delete any remaining rules that are not in the spec.
  6. Update any rules that exist in the spec and remote but have only different metadata/description.

Breaking Changes

No.