From 7000924dc5debb74e029db956127498a4710afa3 Mon Sep 17 00:00:00 2001 From: Tony Li Date: Tue, 7 Mar 2017 18:05:21 -0500 Subject: [PATCH] GCE pre-shared cert fixes (#395) * pick up changes to the external cert referenced by lb * less prone way to check if cert should be deleted --- controllers/gce/loadbalancers/loadbalancers.go | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/controllers/gce/loadbalancers/loadbalancers.go b/controllers/gce/loadbalancers/loadbalancers.go index 3d3b2d529..d867ae658 100644 --- a/controllers/gce/loadbalancers/loadbalancers.go +++ b/controllers/gce/loadbalancers/loadbalancers.go @@ -356,11 +356,6 @@ func (l *L7) checkSSLCert() (err error) { // Use the named GCE cert when it is specified by the annotation. if certName != "" { - // Use the targetHTTPSProxy's cert name if it already has one set. - if l.sslCert != nil { - certName = l.sslCert.Name - } - // Ask GCE for the cert, checking for problems and existence. cert, err := l.cloud.GetSslCertificate(certName) if err != nil { @@ -871,8 +866,8 @@ func (l *L7) Cleanup() error { } l.tps = nil } - // Delete the SSL cert if it is not a pre-created GCE cert. - if l.sslCert != nil && l.sslCert.Name != l.runtimeInfo.TLSName { + // Delete the SSL cert if it is from a secret, not referencing a pre-created GCE cert. + if l.sslCert != nil && l.runtimeInfo.TLSName == "" { glog.Infof("Deleting sslcert %v", l.sslCert.Name) if err := l.cloud.DeleteSslCertificate(l.sslCert.Name); err != nil { if !utils.IsHTTPErrorCode(err, http.StatusNotFound) {