Add information about SSL certificates in the default log level.
This commit is contained in:
Manuel de Brito Fontes
parent
a5f8fe240c
commit
18492c1384
3 changed files with 15 additions and 5 deletions
|
|
@ -76,11 +76,11 @@ func (ic *GenericController) syncSecret(k interface{}) error {
|
|||
// no need to update
|
||||
return nil
|
||||
}
|
||||
glog.V(3).Infof("updating secret %v/%v in the store", sec.Namespace, sec.Name)
|
||||
glog.Infof("updating secret %v/%v in the local store", sec.Namespace, sec.Name)
|
||||
ic.sslCertTracker.Update(key, cert)
|
||||
return nil
|
||||
}
|
||||
glog.V(3).Infof("adding secret %v/%v to the store", sec.Namespace, sec.Name)
|
||||
glog.Infof("adding secret %v/%v to the local store", sec.Namespace, sec.Name)
|
||||
ic.sslCertTracker.Add(key, cert)
|
||||
return nil
|
||||
}
|
||||
|
|
@ -106,10 +106,10 @@ func (ic *GenericController) getPemCertificate(secretName string) (*ingress.SSLC
|
|||
|
||||
var s *ingress.SSLCert
|
||||
if okcert && okkey {
|
||||
glog.V(3).Infof("found certificate and private key, configuring %v as a TLS Secret", secretName)
|
||||
glog.Infof("found certificate and private key, configuring %v as a TLS Secret", secretName)
|
||||
s, err = ssl.AddOrUpdateCertAndKey(nsSecName, cert, key, ca)
|
||||
} else if ca != nil {
|
||||
glog.V(3).Infof("found only ca.crt, configuring %v as an Certificate Authentication secret", secretName)
|
||||
glog.Infof("found only ca.crt, configuring %v as an Certificate Authentication secret", secretName)
|
||||
s, err = ssl.AddCertAuth(nsSecName, ca)
|
||||
} else {
|
||||
return nil, fmt.Errorf("ko keypair or CA cert could be found in %v", secretName)
|
||||
|
|
|
|||
|
|
@ -960,6 +960,12 @@ func (ic *GenericController) createServers(data []interface{},
|
|||
}
|
||||
}
|
||||
|
||||
if tlsSecretName == "" {
|
||||
glog.Warningf("ingress rule %v/%v for host %v does not contains a matching tls host", ing.Namespace, ing.Name, host)
|
||||
glog.V(2).Infof("%v", ing.Spec.TLS)
|
||||
continue
|
||||
}
|
||||
|
||||
key := fmt.Sprintf("%v/%v", ing.Namespace, tlsSecretName)
|
||||
bc, exists := ic.sslCertTracker.Get(key)
|
||||
if exists {
|
||||
|
|
@ -967,7 +973,11 @@ func (ic *GenericController) createServers(data []interface{},
|
|||
if isHostValid(host, cert) {
|
||||
servers[host].SSLCertificate = cert.PemFileName
|
||||
servers[host].SSLPemChecksum = cert.PemSHA
|
||||
} else {
|
||||
glog.Warningf("ssl certificate %v does not contains a common name for host %v", key, host)
|
||||
}
|
||||
} else {
|
||||
glog.Warningf("ssl certificate \"%v\" does not exist in local store", key)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -46,7 +46,7 @@ func isHostValid(host string, cert *ingress.SSLCert) bool {
|
|||
return false
|
||||
}
|
||||
for _, cn := range cert.CN {
|
||||
if matchHostnames(cn, host) {
|
||||
if matchHostnames(cn, strings.ToLower(host)) {
|
||||
return true
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue