Removes the need of configuring a default ssl certificate
This commit is contained in:
Ricardo Pchevuzinske Katz
parent
a173549090
commit
07ff57854b
2 changed files with 17 additions and 12 deletions
|
|
@ -46,6 +46,7 @@ import (
|
|||
"k8s.io/ingress/core/pkg/ingress/resolver"
|
||||
"k8s.io/ingress/core/pkg/ingress/status"
|
||||
"k8s.io/ingress/core/pkg/k8s"
|
||||
ssl "k8s.io/ingress/core/pkg/net/ssl"
|
||||
local_strings "k8s.io/ingress/core/pkg/strings"
|
||||
"k8s.io/ingress/core/pkg/task"
|
||||
)
|
||||
|
|
@ -810,8 +811,17 @@ func (ic *GenericController) createServers(data []interface{}, upstreams map[str
|
|||
// This adds the Default Certificate to Default Backend and also for vhosts missing the secret
|
||||
var defaultPemFileName, defaultPemSHA string
|
||||
defaultCertificate, err := ic.getPemCertificate(ic.cfg.DefaultSSLCertificate)
|
||||
// If no default Certificate was supplied, tries to generate a new dumb one
|
||||
if err != nil {
|
||||
glog.Fatalf("Unable to get default SSL Certificate %v", ic.cfg.DefaultSSLCertificate)
|
||||
var cert *ingress.SSLCert
|
||||
defCert, defKey := ssl.GetFakeSSLCert()
|
||||
cert, err = ssl.AddOrUpdateCertAndKey("system-snake-oil-certificate", defCert, defKey, []byte{})
|
||||
if err != nil {
|
||||
glog.Fatalf("Error generating self signed certificate: %v", err)
|
||||
} else {
|
||||
defaultPemFileName = cert.PemFileName
|
||||
defaultPemSHA = cert.PemSHA
|
||||
}
|
||||
} else {
|
||||
defaultPemFileName = defaultCertificate.PemFileName
|
||||
defaultPemSHA = defaultCertificate.PemSHA
|
||||
|
|
@ -891,8 +901,7 @@ func (ic *GenericController) createServers(data []interface{}, upstreams map[str
|
|||
servers[host].SSLPemChecksum = cert.PemSHA
|
||||
}
|
||||
} else {
|
||||
servers[host].SSLCertificate = defaultPemFileName
|
||||
servers[host].SSLPemChecksum = defaultPemSHA
|
||||
glog.Warningf("secret %v does not exists", key)
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -54,14 +54,14 @@ func NewIngressController(backend ingress.Controller) *GenericController {
|
|||
tcpConfigMapName = flags.String("tcp-services-configmap", "",
|
||||
`Name of the ConfigMap that contains the definition of the TCP services to expose.
|
||||
The key in the map indicates the external port to be used. The value is the name of the
|
||||
service with the format namespace/serviceName and the port of the service could be a
|
||||
service with the format namespace/serviceName and the port of the service could be a
|
||||
number of the name of the port.
|
||||
The ports 80 and 443 are not allowed as external ports. This ports are reserved for the backend`)
|
||||
|
||||
udpConfigMapName = flags.String("udp-services-configmap", "",
|
||||
`Name of the ConfigMap that contains the definition of the UDP services to expose.
|
||||
The key in the map indicates the external port to be used. The value is the name of the
|
||||
service with the format namespace/serviceName and the port of the service could be a
|
||||
service with the format namespace/serviceName and the port of the service could be a
|
||||
number of the name of the port.`)
|
||||
|
||||
resyncPeriod = flags.Duration("sync-period", 60*time.Second,
|
||||
|
|
@ -74,13 +74,13 @@ func NewIngressController(backend ingress.Controller) *GenericController {
|
|||
|
||||
profiling = flags.Bool("profiling", true, `Enable profiling via web interface host:port/debug/pprof/`)
|
||||
|
||||
defSSLCertificate = flags.String("default-ssl-certificate", "", `Name of the secret
|
||||
defSSLCertificate = flags.String("default-ssl-certificate", "", `Name of the secret
|
||||
that contains a SSL certificate to be used as default for a HTTPS catch-all server`)
|
||||
|
||||
defHealthzURL = flags.String("health-check-path", "/healthz", `Defines
|
||||
defHealthzURL = flags.String("health-check-path", "/healthz", `Defines
|
||||
the URL to be used as health check inside in the default server in NGINX.`)
|
||||
|
||||
updateStatus = flags.Bool("update-status", true, `Indicates if the
|
||||
updateStatus = flags.Bool("update-status", true, `Indicates if the
|
||||
ingress controller should update the Ingress status IP/hostname. Default is true`)
|
||||
)
|
||||
|
||||
|
|
@ -99,10 +99,6 @@ func NewIngressController(backend ingress.Controller) *GenericController {
|
|||
glog.Fatalf("Please specify --default-backend-service")
|
||||
}
|
||||
|
||||
if *defSSLCertificate == "" {
|
||||
glog.Fatalf("Please specify --default-ssl-certificate")
|
||||
}
|
||||
|
||||
kubeClient, err := createApiserverClient(*apiserverHost, *kubeConfigFile)
|
||||
if err != nil {
|
||||
handleFatalInitError(err)
|
||||
|
|
|
|||
Loading…
Reference in a new issue