From 12ec0475c0ff4cac5ec7a65dbafc878078953056 Mon Sep 17 00:00:00 2001
From: Manuel de Brito Fontes <aledbf@gmail.com>
Date: Tue, 23 Jan 2018 17:10:02 -0300
Subject: [PATCH] Fix SSL passthrough

---
 internal/ingress/controller/nginx.go | 60 +++++++++++++++-------------
 test/e2e/framework/exec.go           |  7 +---
 2 files changed, 34 insertions(+), 33 deletions(-)

diff --git a/internal/ingress/controller/nginx.go b/internal/ingress/controller/nginx.go
index 76519b492..4d4303530 100644
--- a/internal/ingress/controller/nginx.go
+++ b/internal/ingress/controller/nginx.go
@@ -114,6 +114,8 @@ func NewNGINXController(config *Configuration, fs file.Filesystem) *NGINXControl
 
 		// create an empty configuration.
 		runningConfig: &ingress.Configuration{},
+
+		Proxy: &TCPProxy{},
 	}
 
 	n.store = store.New(true,
@@ -410,37 +412,41 @@ func (n *NGINXController) OnUpdate(ingressCfg ingress.Configuration) error {
 	cfg := n.store.GetBackendConfiguration()
 	cfg.Resolver = n.resolver
 
-	servers := []*TCPServer{}
-	for _, pb := range ingressCfg.PassthroughBackends {
-		svc := pb.Service
-		if svc == nil {
-			glog.Warningf("missing service for PassthroughBackends %v", pb.Backend)
-			continue
-		}
-		port, err := strconv.Atoi(pb.Port.String())
-		if err != nil {
-			for _, sp := range svc.Spec.Ports {
-				if sp.Name == pb.Port.String() {
-					port = int(sp.Port)
-					break
-				}
-			}
-		} else {
-			for _, sp := range svc.Spec.Ports {
-				if sp.Port == int32(port) {
-					port = int(sp.Port)
-					break
+	if n.cfg.EnableSSLPassthrough {
+		servers := []*TCPServer{}
+		for _, pb := range ingressCfg.PassthroughBackends {
+			svc := pb.Service
+			if svc == nil {
+				glog.Warningf("missing service for PassthroughBackends %v", pb.Backend)
+				continue
+			}
+			port, err := strconv.Atoi(pb.Port.String())
+			if err != nil {
+				for _, sp := range svc.Spec.Ports {
+					if sp.Name == pb.Port.String() {
+						port = int(sp.Port)
+						break
+					}
+				}
+			} else {
+				for _, sp := range svc.Spec.Ports {
+					if sp.Port == int32(port) {
+						port = int(sp.Port)
+						break
+					}
 				}
 			}
+
+			//TODO: Allow PassthroughBackends to specify they support proxy-protocol
+			servers = append(servers, &TCPServer{
+				Hostname:      pb.Hostname,
+				IP:            svc.Spec.ClusterIP,
+				Port:          port,
+				ProxyProtocol: false,
+			})
 		}
 
-		//TODO: Allow PassthroughBackends to specify they support proxy-protocol
-		servers = append(servers, &TCPServer{
-			Hostname:      pb.Hostname,
-			IP:            svc.Spec.ClusterIP,
-			Port:          port,
-			ProxyProtocol: false,
-		})
+		n.Proxy.ServerList = servers
 	}
 
 	// we need to check if the status module configuration changed
diff --git a/test/e2e/framework/exec.go b/test/e2e/framework/exec.go
index a3411eb73..54a191ae4 100644
--- a/test/e2e/framework/exec.go
+++ b/test/e2e/framework/exec.go
@@ -31,12 +31,7 @@ func (f *Framework) ExecCommand(pod *v1.Pod, command string) (string, error) {
 		execErr bytes.Buffer
 	)
 
-	args := fmt.Sprintf("kubectl exec --namespace %v %v -- %v", pod.Namespace, pod.Name, command)
-	if len(pod.Spec.Containers) != 1 {
-		args = fmt.Sprintf("kubectl exec --namespace %v %v --container nginx-ingress-controller -- %v", pod.Namespace, pod.Name, command)
-	}
-
-	log("DEBUG", "Executing command \"%v\"", args)
+	args := fmt.Sprintf("kubectl exec --namespace %v %v --container nginx-ingress-controller -- %v", pod.Namespace, pod.Name, command)
 	cmd := exec.Command("/bin/bash", "-c", args)
 	cmd.Stdout = &execOut
 	cmd.Stderr = &execErr