Add zone-sync with no TLS to ConfigMap

[AlexFenlon]

Proposed changes

Adds zone-sync without TLS to the ConfigMap. NGINX Plus is required to use this.

• add zone-sync ConfigMap values as llisted below:
  • zone-sync
  • zone-sync-port
  • zone-sync-resolver-addresses
  • zone-sync-resolver-valid
  • zone-sync-resolver-ipv6

Every value listed above requires both zone-sync and NGINX Plus to be enabled.

• update OIDC exmple using new zone-sync ConfigMap values instead of snippets.
• add simple zone-sync example
• auto creation of headless service on startup and runtime
• pytests

docs will be seperate pr soon

Minimum ConfigMap value to get the output below

kind: ConfigMap apiVersion: v1 metadata: name: nginx-config namespace: nginx-ingress data: zone-sync: "true"

nginx.conf snippet

 server { listen 12345; listen [::]:12345; resolver kube-dns.kube-system.svc.cluster.local valid=5s; zone_sync; zone_sync_server nginx-ingress-daemonset-headless.nginx-ingress-daemonset.svc.cluster.local:12345 resolve; } 

A headless service is autocreated under the name of the deployment, the type of deployment with -hl at the end eg.
here is my headless service when I deployed a deployment with the name of nginx-ingress and daemon-set for the type.

kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE nginx-ingress LoadBalancer 10.103.17.220 <pending> 80:32520/TCP,443:31921/TCP 158m nginx-ingress-daemonset-hl ClusterIP None <none> <none> 47m``` 

Checklist

Before creating a PR, run through this checklist and mark each as complete.

• I have read the CONTRIBUTING doc
• I have added tests that prove my fix is effective or that my feature works
• I have checked that all unit tests pass after adding my changes
• I have updated necessary documentation
• I have rebased my branch onto main
• I will ensure my PR is targeting the main branch and pulling from my branch from my own fork

[codecov]

Codecov Report

Attention: Patch coverage is 24.16667% with 182 lines in your changes missing coverage. Please review.

Project coverage is 52.76%. Comparing base (7e63a31) to head (0e1e4d3).
Report is 101 commits behind head on main.

Files with missing lines	Patch %	Lines
cmd/nginx-ingress/main.go	0.00%	65 Missing ⚠️
internal/k8s/service.go	0.00%	56 Missing ⚠️
internal/configs/configmaps.go	57.42%	37 Missing and 6 partials ⚠️
internal/k8s/controller.go	0.00%	16 Missing ⚠️
...l/configs/commonhelpers/common_template_helpers.go	0.00%	2 Missing ⚠️

Additional details and impacted files

@@ Coverage Diff @@ ## main #7347 +/- ## ========================================== - Coverage 53.10% 52.76% -0.35%  ========================================== Files 89 89 Lines 21074 21267 +193 ========================================== + Hits 11192 11221 +29  - Misses 9419 9582 +163  - Partials 463 464 +1 

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[jjngx]

🚀

[pdabelf5]

What happens to the headless service when NIC is removed?

[pdabelf5]

Can two NIC instances with zone-sync enabled co-exist in the same namespace?

[AlexFenlon]

@pdabelf5

What happens to the headless service when NIC is removed?

The headless service gets created again and then reapplied as it is required for zone_sync. if zone_sync is disabled, it will be removed.

Can two NIC instances with zone-sync enabled co-exist in the same namespace?

Yes. Two or more can be deployed with zone-sync enabled.

[pdabelf5]

@pdabelf5

What happens to the headless service when NIC is removed?

The headless service gets created again and then reapplied as it is required for zone_sync. if zone_sync is disabled, it will be removed.

If NIC is uninstalled, is the headless service left orphaned or removed. I see code to handle if zone-sync is disabled, but I didn't see any code to handle uninstalls.

Can two NIC instances with zone-sync enabled co-exist in the same namespace?

Yes. Two or more can be deployed with zone-sync enabled.

they all have my-release as the the helm release name, are they unique instances. With two NIC instances deployed in the same namespace, how many headless services are created?

[AlexFenlon]

@pdabelf5

If NIC is uninstalled, is the headless service left orphaned or removed. I see code to handle if zone-sync is disabled, but I didn't see any code to handle uninstalls.

Correct, it is left orphaned. It seems to be left over when uninstalling the deployment. I will look into fixing this as it was an oversight.

they all have my-release as the the helm release name, are they unique instances. With two NIC instances deployed in the same namespace, how many headless services are created?

tested two different Helm deployments and enabled zone sync through their ConfigMaps on each, and both are up and running, a single "default-headless" is created. Default being the namespace. This is not the desired outcome so I will change this so each ingress controller can control its headless service.