From 07ff57854b8b742bc8c6c83e496263be804b5a0d Mon Sep 17 00:00:00 2001 From: Ricardo Pchevuzinske Katz Date: Tue, 24 Jan 2017 23:37:39 -0200 Subject: [PATCH] Removes the need of configuring a default ssl certificate --- core/pkg/ingress/controller/controller.go | 15 ++++++++++++--- core/pkg/ingress/controller/launch.go | 14 +++++--------- 2 files changed, 17 insertions(+), 12 deletions(-) diff --git a/core/pkg/ingress/controller/controller.go b/core/pkg/ingress/controller/controller.go index c937d3a09..97156c38b 100644 --- a/core/pkg/ingress/controller/controller.go +++ b/core/pkg/ingress/controller/controller.go @@ -46,6 +46,7 @@ import ( "k8s.io/ingress/core/pkg/ingress/resolver" "k8s.io/ingress/core/pkg/ingress/status" "k8s.io/ingress/core/pkg/k8s" + ssl "k8s.io/ingress/core/pkg/net/ssl" local_strings "k8s.io/ingress/core/pkg/strings" "k8s.io/ingress/core/pkg/task" ) @@ -810,8 +811,17 @@ func (ic *GenericController) createServers(data []interface{}, upstreams map[str // This adds the Default Certificate to Default Backend and also for vhosts missing the secret var defaultPemFileName, defaultPemSHA string defaultCertificate, err := ic.getPemCertificate(ic.cfg.DefaultSSLCertificate) + // If no default Certificate was supplied, tries to generate a new dumb one if err != nil { - glog.Fatalf("Unable to get default SSL Certificate %v", ic.cfg.DefaultSSLCertificate) + var cert *ingress.SSLCert + defCert, defKey := ssl.GetFakeSSLCert() + cert, err = ssl.AddOrUpdateCertAndKey("system-snake-oil-certificate", defCert, defKey, []byte{}) + if err != nil { + glog.Fatalf("Error generating self signed certificate: %v", err) + } else { + defaultPemFileName = cert.PemFileName + defaultPemSHA = cert.PemSHA + } } else { defaultPemFileName = defaultCertificate.PemFileName defaultPemSHA = defaultCertificate.PemSHA @@ -891,8 +901,7 @@ func (ic *GenericController) createServers(data []interface{}, upstreams map[str servers[host].SSLPemChecksum = cert.PemSHA } } else { - servers[host].SSLCertificate = defaultPemFileName - servers[host].SSLPemChecksum = defaultPemSHA + glog.Warningf("secret %v does not exists", key) } } diff --git a/core/pkg/ingress/controller/launch.go b/core/pkg/ingress/controller/launch.go index fd85fbc7f..a91eb8ced 100644 --- a/core/pkg/ingress/controller/launch.go +++ b/core/pkg/ingress/controller/launch.go @@ -54,14 +54,14 @@ func NewIngressController(backend ingress.Controller) *GenericController { tcpConfigMapName = flags.String("tcp-services-configmap", "", `Name of the ConfigMap that contains the definition of the TCP services to expose. The key in the map indicates the external port to be used. The value is the name of the - service with the format namespace/serviceName and the port of the service could be a + service with the format namespace/serviceName and the port of the service could be a number of the name of the port. The ports 80 and 443 are not allowed as external ports. This ports are reserved for the backend`) udpConfigMapName = flags.String("udp-services-configmap", "", `Name of the ConfigMap that contains the definition of the UDP services to expose. The key in the map indicates the external port to be used. The value is the name of the - service with the format namespace/serviceName and the port of the service could be a + service with the format namespace/serviceName and the port of the service could be a number of the name of the port.`) resyncPeriod = flags.Duration("sync-period", 60*time.Second, @@ -74,13 +74,13 @@ func NewIngressController(backend ingress.Controller) *GenericController { profiling = flags.Bool("profiling", true, `Enable profiling via web interface host:port/debug/pprof/`) - defSSLCertificate = flags.String("default-ssl-certificate", "", `Name of the secret + defSSLCertificate = flags.String("default-ssl-certificate", "", `Name of the secret that contains a SSL certificate to be used as default for a HTTPS catch-all server`) - defHealthzURL = flags.String("health-check-path", "/healthz", `Defines + defHealthzURL = flags.String("health-check-path", "/healthz", `Defines the URL to be used as health check inside in the default server in NGINX.`) - updateStatus = flags.Bool("update-status", true, `Indicates if the + updateStatus = flags.Bool("update-status", true, `Indicates if the ingress controller should update the Ingress status IP/hostname. Default is true`) ) @@ -99,10 +99,6 @@ func NewIngressController(backend ingress.Controller) *GenericController { glog.Fatalf("Please specify --default-backend-service") } - if *defSSLCertificate == "" { - glog.Fatalf("Please specify --default-ssl-certificate") - } - kubeClient, err := createApiserverClient(*apiserverHost, *kubeConfigFile) if err != nil { handleFatalInitError(err)