List order is reversed in backend crd v3 #760
Description
Summary
Hello 👋
When using CRD v3 (ingress.v3.haproxy.org/v3/Backend), list order for http_request_rule_list, acl_list, etc is reversed. Maybe it’s expected but the documentation does not explicitly state it ?
I would have expected rules to be declared in the same order as defined in the custom resource.
Ingress Controller version: 3.2.1
Helm chart version: 1.72.0
Details
Here a simple set of resources to reproduce the behavior.
Note: the actual haproxy configuration makes no functional sense, it is simply here to demonstrate the issue.
apiVersion: v1 kind: Service metadata: name: foo namespace: default spec: ports: - name: http protocol: TCP port: 80 targetPort: 8080 --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: annotations: cr-backend: default/foo name: foo namespace: default spec: ingressClassName: haproxy rules: - host: foo.com http: paths: - backend: service: name: foo port: name: http path: / pathType: Prefix --- apiVersion: "ingress.v3.haproxy.org/v3" kind: Backend metadata: name: foo namespace: default spec: name: foo stick_table: type: ip size: 100000 expire: 300000 store: http_req_rate(1s) acl_list: - acl_name: acl_1 criterion: sc_http_req_rate(0) value: "gt 1" - acl_name: acl_2 criterion: sc_http_req_rate(0) value: "gt 2" - acl_name: acl_3 criterion: sc_http_req_rate(0) value: "gt 3" http_request_rule_list: - type: deny cond: unless cond_test: "{ req.hdr(HEADER-1) -m found }" - type: deny cond: unless cond_test: "{ req.hdr(HEADER-2) -m found }" - type: deny cond: unless cond_test: "{ req.hdr(HEADER-3) -m found }"This will produce the following haproxy configuration for the backend:
backend default_svc_foo_http mode http acl acl_3 sc_http_req_rate(0) gt 3 acl acl_2 sc_http_req_rate(0) gt 2 acl acl_1 sc_http_req_rate(0) gt 1 http-request deny unless { req.hdr(HEADER-3) -m found } http-request deny unless { req.hdr(HEADER-2) -m found } http-request deny unless { req.hdr(HEADER-1) -m found } stick-table type ip size 100000 expire 300000 store http_req_rate(1s) We can see that rules in acl and http request list are inserted on the reverse order of their definition. Is that expected ?
I think with CRD v1 we could handle that with index, but with crdv3 there is no index anymore.
Also, stick table is defined at the end, but it would probably be clearer to define it at the top ?