Refactor to add SSLCert as a field in server type
This commit is contained in:
Henry Tran
parent
3b0d225186
commit
2751cbf06d
5 changed files with 27 additions and 43 deletions
|
|
@ -868,9 +868,11 @@ func (n *NGINXController) createServers(data []*extensions.Ingress,
|
|||
|
||||
// initialize the default server
|
||||
servers[defServerName] = &ingress.Server{
|
||||
Hostname: defServerName,
|
||||
SSLCertificate: defaultPemFileName,
|
||||
SSLPemChecksum: defaultPemSHA,
|
||||
Hostname: defServerName,
|
||||
SSLCert: ingress.SSLCert{
|
||||
PemFileName: defaultPemFileName,
|
||||
PemSHA: defaultPemSHA,
|
||||
},
|
||||
Locations: []*ingress.Location{
|
||||
{
|
||||
Path: rootLocation,
|
||||
|
|
@ -1000,7 +1002,7 @@ func (n *NGINXController) createServers(data []*extensions.Ingress,
|
|||
}
|
||||
|
||||
// only add a certificate if the server does not have one previously configured
|
||||
if servers[host].SSLCertificate != "" {
|
||||
if servers[host].SSLCert.PemFileName != "" {
|
||||
continue
|
||||
}
|
||||
|
||||
|
|
@ -1013,8 +1015,8 @@ func (n *NGINXController) createServers(data []*extensions.Ingress,
|
|||
|
||||
if tlsSecretName == "" {
|
||||
glog.V(3).Infof("host %v is listed on tls section but secretName is empty. Using default cert", host)
|
||||
servers[host].SSLCertificate = defaultPemFileName
|
||||
servers[host].SSLPemChecksum = defaultPemSHA
|
||||
servers[host].SSLCert.PemFileName = defaultPemFileName
|
||||
servers[host].SSLCert.PemSHA = defaultPemSHA
|
||||
continue
|
||||
}
|
||||
|
||||
|
|
@ -1038,10 +1040,7 @@ func (n *NGINXController) createServers(data []*extensions.Ingress,
|
|||
}
|
||||
}
|
||||
|
||||
servers[host].SSLCertificate = cert.PemFileName
|
||||
servers[host].SSLFullChainCertificate = cert.FullChainPemFileName
|
||||
servers[host].SSLPemChecksum = cert.PemSHA
|
||||
servers[host].SSLExpireTime = cert.ExpireTime
|
||||
servers[host].SSLCert = *cert
|
||||
|
||||
if cert.ExpireTime.Before(time.Now().Add(240 * time.Hour)) {
|
||||
glog.Warningf("ssl certificate for host %v is about to expire in 10 days", host)
|
||||
|
|
|
|||
|
|
@ -114,7 +114,7 @@ func ConfigSuccessTime() {
|
|||
func setSSLExpireTime(servers []*ingress.Server) {
|
||||
for _, s := range servers {
|
||||
if s.Hostname != defServerName {
|
||||
sslExpireTime.WithLabelValues(s.Hostname).Set(float64(s.SSLExpireTime.Unix()))
|
||||
sslExpireTime.WithLabelValues(s.Hostname).Set(float64(s.SSLCert.ExpireTime.Unix()))
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -17,8 +17,6 @@ limitations under the License.
|
|||
package ingress
|
||||
|
||||
import (
|
||||
"time"
|
||||
|
||||
apiv1 "k8s.io/api/core/v1"
|
||||
extensions "k8s.io/api/extensions/v1beta1"
|
||||
"k8s.io/apimachinery/pkg/util/intstr"
|
||||
|
|
@ -140,18 +138,8 @@ type Server struct {
|
|||
// SSLPassthrough indicates if the TLS termination is realized in
|
||||
// the server or in the remote endpoint
|
||||
SSLPassthrough bool `json:"sslPassthrough"`
|
||||
// SSLCertificate path to the SSL certificate on disk
|
||||
SSLCertificate string `json:"sslCertificate"`
|
||||
// SSLFullChainCertificate path to the SSL certificate on disk
|
||||
// This certificate contains the full chain (ca + intermediates + cert)
|
||||
SSLFullChainCertificate string `json:"sslFullChainCertificate"`
|
||||
// SSLExpireTime has the expire date of this certificate
|
||||
SSLExpireTime time.Time `json:"sslExpireTime"`
|
||||
// SSLPemChecksum returns the checksum of the certificate file on disk.
|
||||
// There is no restriction in the hash generator. This checksum can be
|
||||
// used to determine if the secret changed without the use of file
|
||||
// system notifications
|
||||
SSLPemChecksum string `json:"sslPemChecksum"`
|
||||
// SSLCert describes the certificate that will be used on the server
|
||||
SSLCert SSLCert `json:"sslCert"`
|
||||
// Locations list of URIs configured in the server.
|
||||
Locations []*Location `json:"locations,omitempty"`
|
||||
// Alias return the alias of the server name
|
||||
|
|
|
|||
|
|
@ -262,18 +262,12 @@ func (s1 *Server) Equal(s2 *Server) bool {
|
|||
if s1.SSLPassthrough != s2.SSLPassthrough {
|
||||
return false
|
||||
}
|
||||
if s1.SSLCertificate != s2.SSLCertificate {
|
||||
return false
|
||||
}
|
||||
if s1.SSLPemChecksum != s2.SSLPemChecksum {
|
||||
if !(&s1.SSLCert).Equal(&s2.SSLCert) {
|
||||
return false
|
||||
}
|
||||
if !(&s1.CertificateAuth).Equal(&s2.CertificateAuth) {
|
||||
return false
|
||||
}
|
||||
if s1.SSLFullChainCertificate != s2.SSLFullChainCertificate {
|
||||
return false
|
||||
}
|
||||
if s1.RedirectFromToWWW != s2.RedirectFromToWWW {
|
||||
return false
|
||||
}
|
||||
|
|
@ -481,7 +475,7 @@ func (l4b1 *L4Backend) Equal(l4b2 *L4Backend) bool {
|
|||
return true
|
||||
}
|
||||
|
||||
// Equal tests for equality between two L4Backend types
|
||||
// Equal tests for equality between two SSLCert types
|
||||
func (s1 *SSLCert) Equal(s2 *SSLCert) bool {
|
||||
if s1 == s2 {
|
||||
return true
|
||||
|
|
@ -498,6 +492,9 @@ func (s1 *SSLCert) Equal(s2 *SSLCert) bool {
|
|||
if !s1.ExpireTime.Equal(s2.ExpireTime) {
|
||||
return false
|
||||
}
|
||||
if s1.FullChainPemFileName != s2.FullChainPemFileName {
|
||||
return false
|
||||
}
|
||||
|
||||
for _, cn1 := range s1.CN {
|
||||
found := false
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue