DevFW-CICD/ingress-nginx-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Removes the need of configuring a default ssl certificate

Browse source
This commit is contained in:
Ricardo Pchevuzinske Katz 2017-01-24 23:37:39 -02:00
parent a173549090
commit 07ff57854b
2 changed files with 17 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
core/pkg/ingress/controller/controller.go
View file

@ -46,6 +46,7 @@ import (
"k8s.io/ingress/core/pkg/ingress/resolver" "k8s.io/ingress/core/pkg/ingress/resolver"
"k8s.io/ingress/core/pkg/ingress/status" "k8s.io/ingress/core/pkg/ingress/status"
"k8s.io/ingress/core/pkg/k8s" "k8s.io/ingress/core/pkg/k8s"
ssl "k8s.io/ingress/core/pkg/net/ssl"
local_strings "k8s.io/ingress/core/pkg/strings" local_strings "k8s.io/ingress/core/pkg/strings"
"k8s.io/ingress/core/pkg/task" "k8s.io/ingress/core/pkg/task"
) )
@ -810,8 +811,17 @@ func (ic *GenericController) createServers(data []interface{}, upstreams map[str
// This adds the Default Certificate to Default Backend and also for vhosts missing the secret // This adds the Default Certificate to Default Backend and also for vhosts missing the secret
var defaultPemFileName, defaultPemSHA string var defaultPemFileName, defaultPemSHA string
defaultCertificate, err := ic.getPemCertificate(ic.cfg.DefaultSSLCertificate) defaultCertificate, err := ic.getPemCertificate(ic.cfg.DefaultSSLCertificate)
// If no default Certificate was supplied, tries to generate a new dumb one
if err != nil { if err != nil {
glog.Fatalf("Unable to get default SSL Certificate %v", ic.cfg.DefaultSSLCertificate) var cert *ingress.SSLCert
defCert, defKey := ssl.GetFakeSSLCert()
cert, err = ssl.AddOrUpdateCertAndKey("system-snake-oil-certificate", defCert, defKey, []byte{})
if err != nil {
glog.Fatalf("Error generating self signed certificate: %v", err)
} else {
defaultPemFileName = cert.PemFileName
defaultPemSHA = cert.PemSHA
}
} else { } else {
defaultPemFileName = defaultCertificate.PemFileName defaultPemFileName = defaultCertificate.PemFileName
defaultPemSHA = defaultCertificate.PemSHA defaultPemSHA = defaultCertificate.PemSHA
@ -891,8 +901,7 @@ func (ic *GenericController) createServers(data []interface{}, upstreams map[str
servers[host].SSLPemChecksum = cert.PemSHA servers[host].SSLPemChecksum = cert.PemSHA
} }
} else { } else {
servers[host].SSLCertificate = defaultPemFileName glog.Warningf("secret %v does not exists", key)
servers[host].SSLPemChecksum = defaultPemSHA
} }
} }

4
core/pkg/ingress/controller/launch.go
View file

@ -99,10 +99,6 @@ func NewIngressController(backend ingress.Controller) *GenericController {
glog.Fatalf("Please specify --default-backend-service") glog.Fatalf("Please specify --default-backend-service")
} }
if *defSSLCertificate == "" {
glog.Fatalf("Please specify --default-ssl-certificate")
}
kubeClient, err := createApiserverClient(*apiserverHost, *kubeConfigFile) kubeClient, err := createApiserverClient(*apiserverHost, *kubeConfigFile)
if err != nil { if err != nil {
handleFatalInitError(err) handleFatalInitError(err)