create new maps to hold references to new secrets and configmaps
This commit is contained in:
Julio Camarero
parent
316494bd08
commit
bf220e66d1
1 changed files with 70 additions and 9 deletions
|
|
@ -236,6 +236,14 @@ type k8sStore struct {
|
||||||
// secret in the annotations.
|
// secret in the annotations.
|
||||||
secretIngressMap ObjectRefMap
|
secretIngressMap ObjectRefMap
|
||||||
|
|
||||||
|
// clientCertSecretIngressMap contains information about which ingress references a
|
||||||
|
// client cert secret in the annotations.
|
||||||
|
clientCertSecretIngressMap ObjectRefMap
|
||||||
|
|
||||||
|
// configmapIngressMap contains information about which ingress references a
|
||||||
|
// configMap in the annotations.
|
||||||
|
caConfigMapIngressMap ObjectRefMap
|
||||||
|
|
||||||
// updateCh
|
// updateCh
|
||||||
updateCh *channels.RingChannel
|
updateCh *channels.RingChannel
|
||||||
|
|
||||||
|
|
@ -266,15 +274,17 @@ func New(
|
||||||
disableSyncEvents bool,
|
disableSyncEvents bool,
|
||||||
) Storer {
|
) Storer {
|
||||||
store := &k8sStore{
|
store := &k8sStore{
|
||||||
informers: &Informer{},
|
informers: &Informer{},
|
||||||
listers: &Lister{},
|
listers: &Lister{},
|
||||||
sslStore: NewSSLCertTracker(),
|
sslStore: NewSSLCertTracker(),
|
||||||
updateCh: updateCh,
|
updateCh: updateCh,
|
||||||
backendConfig: ngx_config.NewDefault(),
|
backendConfig: ngx_config.NewDefault(),
|
||||||
syncSecretMu: &sync.Mutex{},
|
syncSecretMu: &sync.Mutex{},
|
||||||
backendConfigMu: &sync.RWMutex{},
|
backendConfigMu: &sync.RWMutex{},
|
||||||
secretIngressMap: NewObjectRefMap(),
|
secretIngressMap: NewObjectRefMap(),
|
||||||
defaultSSLCertificate: defaultSSLCertificate,
|
clientCertSecretIngressMap: NewObjectRefMap(),
|
||||||
|
caConfigMapIngressMap: NewObjectRefMap(),
|
||||||
|
defaultSSLCertificate: defaultSSLCertificate,
|
||||||
}
|
}
|
||||||
|
|
||||||
eventBroadcaster := record.NewBroadcaster()
|
eventBroadcaster := record.NewBroadcaster()
|
||||||
|
|
@ -464,6 +474,8 @@ func New(
|
||||||
store.syncIngress(ing)
|
store.syncIngress(ing)
|
||||||
store.updateSecretIngressMap(ing)
|
store.updateSecretIngressMap(ing)
|
||||||
store.syncSecrets(ing)
|
store.syncSecrets(ing)
|
||||||
|
store.updateClientCertSecretIngressMap(ing)
|
||||||
|
store.updateCAConfigMapIngressMap(ing)
|
||||||
|
|
||||||
updateCh.In() <- Event{
|
updateCh.In() <- Event{
|
||||||
Type: CreateEvent,
|
Type: CreateEvent,
|
||||||
|
|
@ -521,6 +533,8 @@ func New(
|
||||||
store.syncIngress(curIng)
|
store.syncIngress(curIng)
|
||||||
store.updateSecretIngressMap(curIng)
|
store.updateSecretIngressMap(curIng)
|
||||||
store.syncSecrets(curIng)
|
store.syncSecrets(curIng)
|
||||||
|
store.updateClientCertSecretIngressMap(curIng)
|
||||||
|
store.updateCAConfigMapIngressMap(curIng)
|
||||||
|
|
||||||
updateCh.In() <- Event{
|
updateCh.In() <- Event{
|
||||||
Type: UpdateEvent,
|
Type: UpdateEvent,
|
||||||
|
|
@ -1005,6 +1019,53 @@ func (s *k8sStore) updateSecretIngressMap(ing *networkingv1.Ingress) {
|
||||||
s.secretIngressMap.Insert(key, refSecrets...)
|
s.secretIngressMap.Insert(key, refSecrets...)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// updateSecretIngressMap takes an Ingress and updates all Secret objects it
|
||||||
|
// references in secretIngressMap.
|
||||||
|
func (s *k8sStore) updateClientCertSecretIngressMap(ing *networkingv1.Ingress) {
|
||||||
|
key := k8s.MetaNamespaceKey(ing)
|
||||||
|
klog.V(3).Infof("updating references to client cert secrets for ingress %v", key)
|
||||||
|
|
||||||
|
// delete all existing references first
|
||||||
|
s.clientCertSecretIngressMap.Delete(key)
|
||||||
|
|
||||||
|
secConfig := s.GetSecurityConfiguration().AllowCrossNamespaceResources
|
||||||
|
var refClientCertSecrets []string
|
||||||
|
secrKey, err := objectRefAnnotationNsKey("proxy-ssl-client-secret", ing, secConfig)
|
||||||
|
if err != nil && !errors.IsMissingAnnotations(err) {
|
||||||
|
klog.Errorf("error reading client secret reference in annotation %q: %s", "proxy-ssl-client-secret", err)
|
||||||
|
}
|
||||||
|
if secrKey != "" {
|
||||||
|
refClientCertSecrets = append(refClientCertSecrets, secrKey)
|
||||||
|
}
|
||||||
|
|
||||||
|
// populate map with all secret references
|
||||||
|
s.clientCertSecretIngressMap.Insert(key, refClientCertSecrets...)
|
||||||
|
}
|
||||||
|
|
||||||
|
// updateConfigMapIngressMap takes an Ingress and updates all ConfigMap objects it
|
||||||
|
// references in configMapIngressMap.
|
||||||
|
func (s *k8sStore) updateCAConfigMapIngressMap(ing *networkingv1.Ingress) {
|
||||||
|
key := k8s.MetaNamespaceKey(ing)
|
||||||
|
klog.V(3).Infof("updating references to configmaps for ingress %v", key)
|
||||||
|
|
||||||
|
// delete all existing references first
|
||||||
|
s.caConfigMapIngressMap.Delete(key)
|
||||||
|
|
||||||
|
var refCACms []string
|
||||||
|
|
||||||
|
secConfig := s.GetSecurityConfiguration().AllowCrossNamespaceResources
|
||||||
|
cmKey, err := objectRefAnnotationNsKey("proxy-ssl-ca-configmap", ing, secConfig)
|
||||||
|
if err != nil && !errors.IsMissingAnnotations(err) {
|
||||||
|
klog.Errorf("error reading ca configmap reference in annotation %q: %s", "proxy-ssl-ca-configmap", err)
|
||||||
|
}
|
||||||
|
if cmKey != "" {
|
||||||
|
refCACms = append(refCACms, cmKey)
|
||||||
|
}
|
||||||
|
|
||||||
|
// populate map with all secret references
|
||||||
|
s.caConfigMapIngressMap.Insert(key, refCACms...)
|
||||||
|
}
|
||||||
|
|
||||||
// objectRefAnnotationNsKey returns an object reference formatted as a
|
// objectRefAnnotationNsKey returns an object reference formatted as a
|
||||||
// 'namespace/name' key from the given annotation name.
|
// 'namespace/name' key from the given annotation name.
|
||||||
func objectRefAnnotationNsKey(ann string, ing *networkingv1.Ingress, allowCrossNamespace bool) (string, error) {
|
func objectRefAnnotationNsKey(ann string, ing *networkingv1.Ingress, allowCrossNamespace bool) (string, error) {
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue