DevFW-CICD/ingress-nginx-helm
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

consistently fallback to default certificate when TLS is configured

Browse source
This commit is contained in:
Elvin Efendi 2018-08-22 20:25:21 -04:00
parent 7436b77968
commit dc952dc462
3 changed files with 24 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
internal/ingress/controller/controller.go
View file

@ -1055,7 +1055,9 @@ func (n *NGINXController) createServers(data []*extensions.Ingress,
secrKey := fmt.Sprintf("%v/%v", ing.Namespace, tlsSecretName) secrKey := fmt.Sprintf("%v/%v", ing.Namespace, tlsSecretName)
cert, err := n.store.GetLocalSSLCert(secrKey) cert, err := n.store.GetLocalSSLCert(secrKey)
if err != nil { if err != nil {
glog.Warningf("Error getting SSL certificate %q: %v", secrKey, err) glog.Warningf("Error getting SSL certificate %q: %v. Using default certificate", secrKey, err)
servers[host].SSLCert.PemFileName = defaultPemFileName
servers[host].SSLCert.PemSHA = defaultPemSHA
continue continue
} }
@ -1069,6 +1071,9 @@ func (n *NGINXController) createServers(data []*extensions.Ingress,
if err != nil { if err != nil {
glog.Warningf("SSL certificate %q does not contain a Common Name or Subject Alternative Name for server %q: %v", glog.Warningf("SSL certificate %q does not contain a Common Name or Subject Alternative Name for server %q: %v",
secrKey, host, err) secrKey, host, err)
glog.Warningf("Using default certificate")
servers[host].SSLCert.PemFileName = defaultPemFileName
servers[host].SSLCert.PemSHA = defaultPemSHA
continue continue
} }
} }

23
test/e2e/framework/framework.go
View file

@ -385,8 +385,17 @@ func UpdateDeployment(kubeClientSet kubernetes.Interface, namespace string, name
return nil return nil
} }
// NewSingleIngressWithTLS creates a simple ingress rule with TLS spec included
func NewSingleIngressWithTLS(name, path, host, ns, service string, port int, annotations *map[string]string) *extensions.Ingress {
return newSingleIngress(name, path, host, ns, service, port, annotations, true)
}
// NewSingleIngress creates a simple ingress rule // NewSingleIngress creates a simple ingress rule
func NewSingleIngress(name, path, host, ns, service string, port int, annotations *map[string]string) *extensions.Ingress { func NewSingleIngress(name, path, host, ns, service string, port int, annotations *map[string]string) *extensions.Ingress {
return newSingleIngress(name, path, host, ns, service, port, annotations, false)
}
func newSingleIngress(name, path, host, ns, service string, port int, annotations *map[string]string, withTLS bool) *extensions.Ingress {
if annotations == nil { if annotations == nil {
annotations = &map[string]string{} annotations = &map[string]string{}
} }
@ -398,12 +407,6 @@ func NewSingleIngress(name, path, host, ns, service string, port int, annotation
Annotations: *annotations, Annotations: *annotations,
}, },
Spec: extensions.IngressSpec{ Spec: extensions.IngressSpec{
TLS: []extensions.IngressTLS{
{
Hosts: []string{host},
SecretName: host,
},
},
Rules: []extensions.IngressRule{ Rules: []extensions.IngressRule{
{ {
Host: host, Host: host,
@ -424,6 +427,14 @@ func NewSingleIngress(name, path, host, ns, service string, port int, annotation
}, },
}, },
} }
if withTLS {
ing.Spec.TLS = []extensions.IngressTLS{
{
Hosts: []string{host},
SecretName: host,
},
}
}
return ing return ing
} }

2
test/e2e/ssl/secret_update.go
View file

@ -54,7 +54,7 @@ var _ = framework.IngressNginxDescribe("SSL", func() {
}) })
Expect(err).NotTo(HaveOccurred()) Expect(err).NotTo(HaveOccurred())
ing, err := f.EnsureIngress(framework.NewSingleIngress(host, "/", host, f.IngressController.Namespace, "http-svc", 80, nil)) ing, err := f.EnsureIngress(framework.NewSingleIngressWithTLS(host, "/", host, f.IngressController.Namespace, "http-svc", 80, nil))
Expect(err).ToNot(HaveOccurred()) Expect(err).ToNot(HaveOccurred())
Expect(ing).ToNot(BeNil()) Expect(ing).ToNot(BeNil())