DevFW-CICD/ingress-nginx-helm
12
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add information about SSL certificates in the default log level.

Browse source
This commit is contained in:
Manuel de Brito Fontes 2017-03-16 12:07:07 -03:00
parent a5f8fe240c
commit 18492c1384
3 changed files with 15 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
core/pkg/ingress/controller/backend_ssl.go
View file

@ -76,11 +76,11 @@ func (ic *GenericController) syncSecret(k interface{}) error {
// no need to update // no need to update
return nil return nil
} }
glog.V(3).Infof("updating secret %v/%v in the store", sec.Namespace, sec.Name) glog.Infof("updating secret %v/%v in the local store", sec.Namespace, sec.Name)
ic.sslCertTracker.Update(key, cert) ic.sslCertTracker.Update(key, cert)
return nil return nil
} }
glog.V(3).Infof("adding secret %v/%v to the store", sec.Namespace, sec.Name) glog.Infof("adding secret %v/%v to the local store", sec.Namespace, sec.Name)
ic.sslCertTracker.Add(key, cert) ic.sslCertTracker.Add(key, cert)
return nil return nil
} }
@ -106,10 +106,10 @@ func (ic *GenericController) getPemCertificate(secretName string) (*ingress.SSLC
var s *ingress.SSLCert var s *ingress.SSLCert
if okcert && okkey { if okcert && okkey {
glog.V(3).Infof("found certificate and private key, configuring %v as a TLS Secret", secretName) glog.Infof("found certificate and private key, configuring %v as a TLS Secret", secretName)
s, err = ssl.AddOrUpdateCertAndKey(nsSecName, cert, key, ca) s, err = ssl.AddOrUpdateCertAndKey(nsSecName, cert, key, ca)
} else if ca != nil { } else if ca != nil {
glog.V(3).Infof("found only ca.crt, configuring %v as an Certificate Authentication secret", secretName) glog.Infof("found only ca.crt, configuring %v as an Certificate Authentication secret", secretName)
s, err = ssl.AddCertAuth(nsSecName, ca) s, err = ssl.AddCertAuth(nsSecName, ca)
} else { } else {
return nil, fmt.Errorf("ko keypair or CA cert could be found in %v", secretName) return nil, fmt.Errorf("ko keypair or CA cert could be found in %v", secretName)

10
core/pkg/ingress/controller/controller.go
View file

@ -960,6 +960,12 @@ func (ic *GenericController) createServers(data []interface{},
} }
} }
if tlsSecretName == "" {
glog.Warningf("ingress rule %v/%v for host %v does not contains a matching tls host", ing.Namespace, ing.Name, host)
glog.V(2).Infof("%v", ing.Spec.TLS)
continue
}
key := fmt.Sprintf("%v/%v", ing.Namespace, tlsSecretName) key := fmt.Sprintf("%v/%v", ing.Namespace, tlsSecretName)
bc, exists := ic.sslCertTracker.Get(key) bc, exists := ic.sslCertTracker.Get(key)
if exists { if exists {
@ -967,7 +973,11 @@ func (ic *GenericController) createServers(data []interface{},
if isHostValid(host, cert) { if isHostValid(host, cert) {
servers[host].SSLCertificate = cert.PemFileName servers[host].SSLCertificate = cert.PemFileName
servers[host].SSLPemChecksum = cert.PemSHA servers[host].SSLPemChecksum = cert.PemSHA
} else {
glog.Warningf("ssl certificate %v does not contains a common name for host %v", key, host)
} }
} else {
glog.Warningf("ssl certificate \"%v\" does not exist in local store", key)
} }
} }
} }

2
core/pkg/ingress/controller/util.go
View file

@ -46,7 +46,7 @@ func isHostValid(host string, cert *ingress.SSLCert) bool {
return false return false
} }
for _, cn := range cert.CN { for _, cn := range cert.CN {
if matchHostnames(cn, host) { if matchHostnames(cn, strings.ToLower(host)) {
return true return true
} }
} }