From 76624fcbb19c158a3c03d5a2b4f7d9a625346045 Mon Sep 17 00:00:00 2001 From: Julio Camarero Date: Fri, 6 Dec 2024 10:57:17 +0100 Subject: [PATCH] Deprecate existing annotation --- internal/ingress/annotations/proxyssl/main.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/internal/ingress/annotations/proxyssl/main.go b/internal/ingress/annotations/proxyssl/main.go index 4c5685fa2..14f3d5205 100644 --- a/internal/ingress/annotations/proxyssl/main.go +++ b/internal/ingress/annotations/proxyssl/main.go @@ -45,7 +45,7 @@ var ( ) const ( - proxySSLSecretAnnotation = "proxy-ssl-secret" + proxySSLSecretAnnotation = "proxy-ssl-secret" // DEPRECATED Use proxy-ssl-client-secret and proxy-ssl-ca-configmap instead proxySSLClientSecretAnnotation = "proxy-ssl-client-secret" // #nosec proxySSLCAConfigMapAnnotation = "proxy-ssl-ca-configmap" proxySSLCiphersAnnotation = "proxy-ssl-ciphers" @@ -63,7 +63,8 @@ var proxySSLAnnotation = parser.Annotation{ Validator: parser.ValidateRegex(parser.BasicCharsRegex, true), Scope: parser.AnnotationScopeIngress, Risk: parser.AnnotationRiskMedium, - Documentation: `This annotation specifies a Secret with the certificate tls.crt, key tls.key in PEM format used for authentication to a proxied HTTPS server. + Documentation: `(DEPRECATED: Use proxy-ssl-client-secret and proxy-ssl-ca-configmap instead) + This annotation specifies a Secret with the certificate tls.crt, key tls.key in PEM format used for authentication to a proxied HTTPS server. It should also contain trusted CA certificates ca.crt in PEM format used to verify the certificate of the proxied HTTPS server. This annotation expects the Secret name in the form "namespace/secretName" Just secrets on the same namespace of the ingress can be used.`,