Fix chain completion and default certificate flag issues (#1978)

2018-01-25 10:46:20 -03:00 · 2018-01-25 10:46:20 -03:00 · 21d68949ca
commit 21d68949ca
parent e30ed0cec0
3 changed files with 24 additions and 11 deletions
--- a/internal/ingress/controller/nginx.go
+++ b/internal/ingress/controller/nginx.go
@ -118,11 +118,13 @@ func NewNGINXController(config *Configuration, fs file.Filesystem) *NGINXControl
 		Proxy: &TCPProxy{},
 	}

-	n.store = store.New(true,
+	n.store = store.New(
+		config.EnableSSLChainCompletion,
 		config.Namespace,
 		config.ConfigMapName,
 		config.TCPConfigMapName,
 		config.UDPConfigMapName,
+		config.DefaultSSLCertificate,
 		config.ResyncPeriod,
 		config.Client,
 		fs,
--- a/internal/ingress/controller/store/store.go
+++ b/internal/ingress/controller/store/store.go
@ -198,26 +198,29 @@ type k8sStore struct {

 	// mu mutex used to avoid simultaneous incovations to syncSecret
 	mu *sync.Mutex
+
+	defaultSSLCertificate string
 }

 // New creates a new object store to be used in the ingress controller
 func New(checkOCSP bool,
-	namespace, configmap, tcp, udp string,
+	namespace, configmap, tcp, udp, defaultSSLCertificate string,
 	resyncPeriod time.Duration,
 	client clientset.Interface,
 	fs file.Filesystem,
 	updateCh chan Event) Storer {

 	store := &k8sStore{
-		isOCSPCheckEnabled: checkOCSP,
-		cache:              &Controller{},
-		listers:            &Lister{},
-		sslStore:           NewSSLCertTracker(),
-		filesystem:         fs,
-		updateCh:           updateCh,
-		backendConfig:      ngx_config.NewDefault(),
-		mu:                 &sync.Mutex{},
-		secretIngressMap:   make(map[string]sets.String),
+		isOCSPCheckEnabled:    checkOCSP,
+		cache:                 &Controller{},
+		listers:               &Lister{},
+		sslStore:              NewSSLCertTracker(),
+		filesystem:            fs,
+		updateCh:              updateCh,
+		backendConfig:         ngx_config.NewDefault(),
+		mu:                    &sync.Mutex{},
+		secretIngressMap:      make(map[string]sets.String),
+		defaultSSLCertificate: defaultSSLCertificate,
 	}

 	eventBroadcaster := record.NewBroadcaster()
@ -612,6 +615,10 @@ func (s k8sStore) Run(stopCh chan struct{}) {
 		s.ReadSecrets(ing)
 	}

+	if s.defaultSSLCertificate != "" {
+		s.syncSecret(s.defaultSSLCertificate)
+	}
+
 	// start goroutine to check for missing local secrets
 	go wait.Until(s.checkMissingSecrets, 10*time.Second, stopCh)

--- a/internal/ingress/controller/store/store_test.go
+++ b/internal/ingress/controller/store/store_test.go
@ -70,6 +70,7 @@ func TestStore(t *testing.T) {
 			fmt.Sprintf("%v/config", ns.Name),
 			fmt.Sprintf("%v/tcp", ns.Name),
 			fmt.Sprintf("%v/udp", ns.Name),
+			"",
 			10*time.Minute,
 			clientSet,
 			fs,
@ -155,6 +156,7 @@ func TestStore(t *testing.T) {
 			fmt.Sprintf("%v/config", ns.Name),
 			fmt.Sprintf("%v/tcp", ns.Name),
 			fmt.Sprintf("%v/udp", ns.Name),
+			"",
 			10*time.Minute,
 			clientSet,
 			fs,
@ -294,6 +296,7 @@ func TestStore(t *testing.T) {
 			fmt.Sprintf("%v/config", ns.Name),
 			fmt.Sprintf("%v/tcp", ns.Name),
 			fmt.Sprintf("%v/udp", ns.Name),
+			"",
 			10*time.Minute,
 			clientSet,
 			fs,
@ -378,6 +381,7 @@ func TestStore(t *testing.T) {
 			fmt.Sprintf("%v/config", ns.Name),
 			fmt.Sprintf("%v/tcp", ns.Name),
 			fmt.Sprintf("%v/udp", ns.Name),
+			"",
 			10*time.Minute,
 			clientSet,
 			fs,